Retire inactive issues

author: Ben Hutchings <ben@decadent.org.uk> 2024-01-09 01:23:56 +0100
committer: Ben Hutchings <ben@decadent.org.uk> 2024-01-09 01:23:56 +0100
commit: 26d3effdb521546119e479bf43fb4630a3156675 (patch)
tree: 43d4bebfdaa0fff19349832f4c5083ecfc1b453d /retired
parent: 4c52cadb6f91fc32612f39a2181515f9abf50b98 (diff)
39 files changed, 587 insertions, 0 deletions
diff --git a/retired/CVE-2020-12362 b/retired/CVE-2020-12362
new file mode 100644
index 00000000..fdeda45f
--- /dev/null
+++ b/retired/CVE-2020-12362
@@ -0,0 +1,24 @@
+Description: i915: Integer overflow in GuC firmware leading to priv-esc
+References:
+ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html
+Notes:
+ carnil> Claimed to affect versions before Linux kernel version 5.5.
+ carnil> Not adding fixed versions as wanting to try to pinpoint the
+ carnil> respective needed commits for correct tracking.
+ carnil> Per Intel, this was fixed by a firmware update. v49.0.1 of the
+ carnil> firmware is required. The new firmware requires a kernel patch
+ carnil> https://git.kernel.org/linus/c784e5249e773689e38d2bc1749f08b986621a26
+ carnil> So might not be treaded as Linux issue itself.
+ bwh> Let's treat it as both firmware and kernel, similar to CPU issues
+ bwh> that need both microcode and kernel changes.
+Bugs:
+upstream: released (5.11-rc1) [c784e5249e773689e38d2bc1749f08b986621a26]
+6.1-upstream-stable: N/A "Fixed before branch point"
+5.10-upstream-stable: ignored "too intrusive to backport"
+4.19-upstream-stable: ignored "too intrusive to backport"
+4.9-upstream-stable: ignored "EOL"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: ignored "too intrusive to backport"
+4.19-buster-security: ignored "too intrusive to backport"
+4.9-stretch-security: ignored "EOL"
diff --git a/retired/CVE-2021-44879 b/retired/CVE-2021-44879
new file mode 100644
index 00000000..f1c3d956
--- /dev/null
+++ b/retired/CVE-2021-44879
@@ -0,0 +1,18 @@
+Description: f2fs: fix to do sanity check on inode type during garbage collection
+References:
+ https://www.openwall.com/lists/oss-security/2022/02/12/1
+ https://bugzilla.kernel.org/show_bug.cgi?id=215231
+ https://lore.kernel.org/linux-f2fs-devel/20211206144421.3735-3-chao@kernel.org/T/
+Notes:
+ bwh> The bug seems to exist in all our stable branches.
+Bugs:
+upstream: released (5.17-rc1) [9056d6489f5a41cfbb67f719d2c0ce61ead72d9f]
+6.1-upstream-stable: N/A "Fixed before branch point"
+5.10-upstream-stable: released (5.10.200) [571ce7d944cdd204da163cb5d5cc75bb38090246]
+4.19-upstream-stable: released (4.19.298) [45c9da086dded78a12bc580f5bb012545a910803]
+4.9-upstream-stable: ignored "EOL"
+sid: released (5.16.7-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
+4.9-stretch-security: ignored "f2fs is not supportable"
diff --git a/retired/CVE-2023-0590 b/retired/CVE-2023-0590
new file mode 100644
index 00000000..7aed61a1
--- /dev/null
+++ b/retired/CVE-2023-0590
@@ -0,0 +1,14 @@
+Description: net: sched: fix race condition in qdisc_graft()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2165741
+ https://lore.kernel.org/all/20221018203258.2793282-1-edumazet@google.com/
+Notes:
+Bugs:
+upstream: released (6.1-rc2) [ebda44da44f6f309d302522b049f43d6f829f7aa]
+6.1-upstream-stable: N/A "Fixed before branch point"
+5.10-upstream-stable: released (5.10.152) [7aa3d623c11b9ab60f86b7833666e5d55bac4be9]
+4.19-upstream-stable: released (4.19.300) [f782929b90b5ac88d4445c853949d9efa6db6bae]
+sid: released (6.0.6-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.158-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-1077 b/retired/CVE-2023-1077
new file mode 100644
index 00000000..f5f58621
--- /dev/null
+++ b/retired/CVE-2023-1077
@@ -0,0 +1,15 @@
+Description: sched/rt: pick_next_rt_entity(): check list_entry
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2173436
+ https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=7c4a5b89a0b5a57a64b601775b296abf77a9fe97
+Notes:
+ carnil> Commit fixes 326587b84078 ("sched: fix goto retry in pick_next_task_rt()")
+Bugs:
+upstream: released (6.3-rc1) [7c4a5b89a0b5a57a64b601775b296abf77a9fe97]
+6.1-upstream-stable: released (6.1.16) [6b4fcc4e8a3016e85766c161daf0732fca16c3a3]
+5.10-upstream-stable: released (5.10.173) [80a1751730b302d8ab63a084b2fa52c820ad0273]
+4.19-upstream-stable: released (4.19.293) [84d90fb72a053c034b018fcc3cfaa6f606faf1c6]
+sid: released (6.1.20-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-1206 b/retired/CVE-2023-1206
new file mode 100644
index 00000000..c5e076d9
--- /dev/null
+++ b/retired/CVE-2023-1206
@@ -0,0 +1,16 @@
+Description: hash collisions in the IPv6 connection lookup table
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2175903
+ https://bugzilla.suse.com/show_bug.cgi?id=1212703
+Notes:
+ carnil> No public reference found as per 2023-06-28.
+ carnil> Fixed in 6.4.8 for 6.4.y.
+Bugs:
+upstream: released (6.5-rc4) [d11b0df7ddf1831f3e170972f43186dad520bfcc]
+6.1-upstream-stable: released (6.1.43) [51aea7e9d5212adb8a3d198510cfcde4125988f9]
+5.10-upstream-stable: released (5.10.190) [0cd74fbd3b8327e60525e1ec4a6c28895693909f]
+4.19-upstream-stable: released (4.19.291) [8fa0dea2fc96f192d81a12434e48deda2e556320]
+sid: released (6.4.11-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-1989 b/retired/CVE-2023-1989
new file mode 100644
index 00000000..bf51cce7
--- /dev/null
+++ b/retired/CVE-2023-1989
@@ -0,0 +1,15 @@
+Description: Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work
+References:
+ https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=f132c2d13088
+Notes:
+ carnil> Original fix was later reverted in 6.4-rc1, and then the revert
+ carnil> backported to 6.3.2, 6.2.15, 6.1.28, 5.10.180 and 4.19.283.
+Bugs:
+upstream: released (6.3-rc4) [1e9ac114c4428fdb7ff4635b45d4f46017e8916f], released (6.3-rc7) [73f7b171b7c09139eb3c6a5677c200dc1be5f318]
+6.1-upstream-stable: released (6.1.22) [cbf8deacb7053ce3e3fed64b277c6c6989e65bba], released (6.1.52) [179c65828593aff1f444e15debd40a477cb23cf4]
+5.10-upstream-stable: released (5.10.177) [da3d3fdfb4d523c5da30e35a8dd90e04f0fd8962], released (5.10.195) [746b363bef41cc159c051c47f9e30800bc6b520d]
+4.19-upstream-stable: released (4.19.280) [af4d48754d5517d33bac5e504ff1f1de0808e29e], released (4.19.295) [3efcbf25e5ab4d4ad1b7e6ba0869ff85540e3f6e]
+sid: released (6.1.25-1), released (6.3.7-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.178-1), released (5.10.197-1)
+4.19-buster-security: released (4.19.282-1), released (4.19.304-1)
diff --git a/retired/CVE-2023-25775 b/retired/CVE-2023-25775
new file mode 100644
index 00000000..1aef9d84
--- /dev/null
+++ b/retired/CVE-2023-25775
@@ -0,0 +1,18 @@
+Description: RDMA/irdma: Prevent zero-length STAG registration
+References:
+ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00794.html
+Notes:
+ carnil> Commit fixes b48c24c2d710 ("RDMA/irdma: Implement device
+ carnil> supported verb APIs") in 5.14-rc1.
+ carnil> Fixed as well in 6.4.16 for 6.4.y and in 6.5.3 for 6.5.y.
+ carnil> Strangely the fix was as well backported to 5.10.203 and
+ carnil> 4.19.301 but it's not clear why.
+Bugs:
+upstream: released (6.6-rc1) [bb6d73d9add68ad270888db327514384dfa44958]
+6.1-upstream-stable: released (6.1.53) [f01cfec8d3456bf389918eb898eda11f46d8b1b7]
+5.10-upstream-stable: released (5.10.203) [ac65f8979b0eaac80c4710729c509d8837d8fdb7]
+4.19-upstream-stable: released (4.19.301) [f3c2760510c119c609e751c5a0b06cec6ae4bb4d]
+sid: released (6.5.3-1)
+6.1-bookworm-security: released (6.1.55-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-3212 b/retired/CVE-2023-3212
new file mode 100644
index 00000000..60381624
--- /dev/null
+++ b/retired/CVE-2023-3212
@@ -0,0 +1,16 @@
+Description: gfs2: Don't deref jdesc in evict
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2214348
+Notes:
+ bwh> This affects 4.19 and it's actually worse - a UAF rather than NPE.
+ bwh> It needs at least part of commit 601ef0d52e96 "gfs2: Force
+ bwh> withdraw to replay journals and wait for it to finish" as well.
+Bugs:
+upstream: released (6.4-rc2) [504a10d9e46bc37b23d0a1ae2f28973c8516e636]
+6.1-upstream-stable: released (6.1.33) [5ae4a618a1558d2b536fdd5d42e53d3e2d73870c]
+5.10-upstream-stable: released (5.10.183) [d03d31d3a206093b9b8759dddf0ba9bd843606ba]
+4.19-upstream-stable: released (4.19.291) [d3af9cea9a1ce56f427e41e5ffcdafe9280f099f]
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-3390 b/retired/CVE-2023-3390
new file mode 100644
index 00000000..3d7ebdb1
--- /dev/null
+++ b/retired/CVE-2023-3390
@@ -0,0 +1,15 @@
+Description: netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
+References:
+ https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97
+Notes:
+ carnil> Commit fixes 958bee14d071 ("netfilter: nf_tables: use new
+ carnil> transaction infrastructure to handle sets") 3.16-rc1.
+Bugs:
+upstream: released (6.4-rc7) [1240eb93f0616b21c675416516ff3d74798fdc97]
+6.1-upstream-stable: released (6.1.35) [ 4aaa3b730d16c13cc3feaa127bfca1af201d969d]
+5.10-upstream-stable: released (5.10.188) [8180fc2fadd48dde4966f2db2c716c2ce7510d0b]
+4.19-upstream-stable: released (4.19.291) [798aa8da13782fe472aa48841c5570d7439339b8]
+sid: released (6.3.11-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: released (5.10.179-3) [bugfix/all/netfilter-nf_tables-incorrect-error-path-handling-wi.patch]
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-34319 b/retired/CVE-2023-34319
new file mode 100644
index 00000000..7955e61b
--- /dev/null
+++ b/retired/CVE-2023-34319
@@ -0,0 +1,14 @@
+Description: xen/netback: Fix buffer overrun triggered by unusual packet
+References:
+ https://xenbits.xen.org/xsa/advisory-432.html
+Notes:
+ carnil> Fixed as well in 6.4.9 for 4.9.y.
+Bugs:
+upstream: released (6.5-rc6) [534fc31d09b706a16d83533e16b5dc855caf7576]
+6.1-upstream-stable: released (6.1.44) [fa5b932b77c815d0e416612859d5899424bb4212]
+5.10-upstream-stable: released (5.10.189) [f9167a2d6b943f30743de6ff8163d1981c34f9a9]
+4.19-upstream-stable: released (4.19.290) [11e6919ae028b5de1fc48007354ea07069561b31]
+sid: released (6.4.11-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-34324 b/retired/CVE-2023-34324
new file mode 100644
index 00000000..6a52cbe0
--- /dev/null
+++ b/retired/CVE-2023-34324
@@ -0,0 +1,14 @@
+Description: xen/events: replace evtchn_rwlock with RCU
+References:
+ https://xenbits.xen.org/xsa/advisory-441.html
+Notes:
+ carnil> For 6.5.y fixed as well in 6.5.7.
+Bugs:
+upstream: released (6.6-rc6) [87797fad6cce28ec9be3c13f031776ff4f104cfc]
+6.1-upstream-stable: released (6.1.57) [a4cc925e2e12c3bbffb0860acdb9f9c1abde47dd]
+5.10-upstream-stable: released (5.10.198) [660627c71bc1098aa94e5f208f14748b105b73bc]
+4.19-upstream-stable: released (4.19.296) [3fdf2be9089b5096a28e76376656c60ce410ac4a]
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-35001 b/retired/CVE-2023-35001
new file mode 100644
index 00000000..2e32a1e7
--- /dev/null
+++ b/retired/CVE-2023-35001
@@ -0,0 +1,19 @@
+Description: nf_tables nft_byteorder_eval OOB read/write
+References:
+ https://www.openwall.com/lists/oss-security/2023/07/05/3
+ https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/
+ https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git/commit/?id=caf3ef7468f7534771b5c44cd8dbd6f7f87c2cbd
+ https://www.zerodayinitiative.com/advisories/ZDI-23-900/
+Notes:
+ carnil> Introduced with 96518518cc41 ("netfilter: add nftables") in
+ carnil> 3.13-rc1.
+ carnil> For 6.4.y fixed as well in 6.4.4.
+Bugs:
+upstream: released (6.5-rc2) [caf3ef7468f7534771b5c44cd8dbd6f7f87c2cbd]
+6.1-upstream-stable: released (6.1.39) [40f83dd66a823400d8592e3b71e190e3ad978eb5]
+5.10-upstream-stable: released (5.10.188) [ea213922249c7e448d217a0a0441c6f86a8155fd]
+4.19-upstream-stable: released (4.19.291) [025fd7efe2639773540a5e425b7bc0dc10b6b023]
+sid: released (6.4.4-1)
+6.1-bookworm-security: released (6.1.38-1) [bugfix/all/netfilter-nf_tables-prevent-OOB-access-in-nft_byteor.patch]
+5.10-bullseye-security: released (5.10.179-2) [bugfix/all/netfilter-nf_tables-prevent-OOB-access-in-nft_byteor.patch]
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-3609 b/retired/CVE-2023-3609
new file mode 100644
index 00000000..81b66497
--- /dev/null
+++ b/retired/CVE-2023-3609
@@ -0,0 +1,13 @@
+Description: net/sched: cls_u32: Fix reference counter leak leading to overflow
+References:
+ https://github.com/google/security-research/pull/48
+Notes:
+Bugs:
+upstream: released (6.4-rc7) [04c55383fa5689357bcdd2c8036725a55ed632bc]
+6.1-upstream-stable: released (6.1.35) [07f9cc229b44cbcee6385802d390091d915f38c3]
+5.10-upstream-stable: released (5.10.185) [af6eaa57986e82d7efd81984ee607927c6de61e4]
+4.19-upstream-stable: released (4.19.291) [8ffaf24a377519e4396f03da5ccda082edae1ac9]
+sid: released (6.3.11-1)
+6.1-bookworm-security:  released (6.1.37-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-3611 b/retired/CVE-2023-3611
new file mode 100644
index 00000000..5523a710
--- /dev/null
+++ b/retired/CVE-2023-3611
@@ -0,0 +1,14 @@
+Description: net/sched: sch_qfq: account for stab overhead in qfq_enqueue
+References:
+ https://kernel.dance/3e337087c3b5805fe0b8a46ba622a962880b5d64
+Notes:
+ carnil> For 6.4.y fixed as well in 6.4.5.
+Bugs:
+upstream: released (6.5-rc2) [3e337087c3b5805fe0b8a46ba622a962880b5d64]
+6.1-upstream-stable: released (6.1.40) [70feebdbfad85772ab3ef152812729cab5c6c426]
+5.10-upstream-stable: released (5.10.188) [8359ee85fd6dabc5c134ed69fb22faadd8a44071]
+4.19-upstream-stable: released (4.19.291) [ee3bc829f9b4df96d208d58b654e400fa1f3b46c]
+sid: released (6.4.4-2) [bugfix/all/net-sched-sch_qfq-account-for-stab-overhead-in-qfq_e.patch]
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-3772 b/retired/CVE-2023-3772
new file mode 100644
index 00000000..6ff9446a
--- /dev/null
+++ b/retired/CVE-2023-3772
@@ -0,0 +1,19 @@
+Description: xfrm: add NULL check in xfrm_update_ae_params
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2218943
+ https://lore.kernel.org/netdev/20230721145103.2714073-1-linma@zju.edu.cn/
+ https://www.openwall.com/lists/oss-security/2023/08/10/1
+ https://kernel.googlesource.com/pub/scm/linux/kernel/git/klassert/ipsec/+/00374d9b6d9f932802b55181be9831aa948e5b7c%5E%21/#F0
+Notes:
+ carnil> Commit fixes d8647b79c3b7 ("xfrm: Add user interface for esn
+ carnil> and big anti-replay windows")
+ carnil> For 6.4.y fixed as well in 6.4.12.
+Bugs:
+upstream: released (6.5-rc7) [00374d9b6d9f932802b55181be9831aa948e5b7c]
+6.1-upstream-stable: released (6.1.47) [87b655f4936b6fc01f3658aa88a22c923b379ebd]
+5.10-upstream-stable: released (5.10.192) [614811692e21cef324d897202ad37c17d4390da3]
+4.19-upstream-stable: released (4.19.293) [44f69c96f8a147413c23c68cda4d6fb5e23137cd]
+sid: released (6.4.13-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.197-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-3776 b/retired/CVE-2023-3776
new file mode 100644
index 00000000..c82fab67
--- /dev/null
+++ b/retired/CVE-2023-3776
@@ -0,0 +1,15 @@
+Description: net/sched: cls_fw: Fix improper refcount update leads to use-after-free
+References:
+ https://github.com/google/security-research/pull/49
+ https://github.com/google/security-research/pull/50
+Notes:
+ carnil> For 6.4.y fixed in 6.4.5.
+Bugs:
+upstream: released (6.5-rc2) [0323bce598eea038714f941ce2b22541c46d488f]
+6.1-upstream-stable: released (6.1.40) [c91fb29bb07ee4dd40aabd1e41f19c0f92ac3199]
+5.10-upstream-stable: released (5.10.188) [80e0e8d5f54397c5048fa2274144134dd9dc91b5]
+4.19-upstream-stable: released (4.19.291) [612f468cfc3df83777ae21058419b1fc8e9037eb]
+sid: released (6.4.4-2) [bugfix/all/net-sched-cls_fw-Fix-improper-refcount-update-leads-.patch]
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-39189 b/retired/CVE-2023-39189
new file mode 100644
index 00000000..3689d4de
--- /dev/null
+++ b/retired/CVE-2023-39189
@@ -0,0 +1,14 @@
+Description: netfilter: nfnetlink_osf: avoid OOB read 
+References: 
+ https://bugzilla.redhat.com/show_bug.cgi?id=2226777
+Notes:
+ carnil> For 6.5.y fixed as well in 6.5.4.
+Bugs:
+upstream: released (6.6-rc1) [f4f8a7803119005e87b716874bec07c751efafec]
+6.1-upstream-stable: released (6.1.54) [7bb8d52b4271be7527b6e3120ae6ce4c6cdf6e34]
+5.10-upstream-stable: released (5.10.195) [780f60dde29692c42091602fee9c25e9e391f3dc]
+4.19-upstream-stable: released (4.19.295) [40d427ffccf9e60bd7288ea3748c066404a35622]
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.55-1)
+5.10-bullseye-security: released (5.10.197-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-39192 b/retired/CVE-2023-39192
new file mode 100644
index 00000000..71da193b
--- /dev/null
+++ b/retired/CVE-2023-39192
@@ -0,0 +1,16 @@
+Description: netfilter: xt_u32: validate user space input
+References:
+ https://www.zerodayinitiative.com/advisories/ZDI-23-1490/
+ https://lore.kernel.org/all/20230828132107.18376-1-wander@redhat.com/
+Notes:
+ carnil> Commit fixes 1b50b8a371e9 ("[NETFILTER]: Add u32 match").
+ carnil> Fixed as well in 6.5.3 fir 6.5.y.
+Bugs:
+upstream: released (6.6-rc1) [69c5d284f67089b4750d28ff6ac6f52ec224b330]
+6.1-upstream-stable: released (6.1.53) [1c164c1e9e93b0a72a03a7edb754e3857d4e4302]
+5.10-upstream-stable: released (5.10.195) [a1b711c370f5269f4e81a07e7542e351c0c4682e]
+4.19-upstream-stable: released (4.19.295) [ddf190be80ef0677629416a128f9da91e5800d21]
+sid: released (6.5.3-1)
+6.1-bookworm-security: released (6.1.55-1)
+5.10-bullseye-security: released (5.10.197-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-39193 b/retired/CVE-2023-39193
new file mode 100644
index 00000000..b84a7f0d
--- /dev/null
+++ b/retired/CVE-2023-39193
@@ -0,0 +1,14 @@
+Description: netfilter: xt_sctp: validate the flag_info count
+References:
+ https://www.zerodayinitiative.com/advisories/ZDI-23-1491/
+ https://lore.kernel.org/all/20230828221255.124812-1-wander@redhat.com/
+Notes:
+Bugs:
+upstream: released (6.6-rc1) [e99476497687ef9e850748fe6d232264f30bc8f9]
+6.1-upstream-stable: released (6.1.53) [4921f9349b66da7c5a2b6418fe45e9ae0ae72924]
+5.10-upstream-stable: released (5.10.195) [5541827d13cf19b905594eaee586527476efaa61]
+4.19-upstream-stable: released (4.19.295) [f25dbfadaf525d854597c16420dd753ca47b9396]
+sid: released (6.5.3-1)
+6.1-bookworm-security: released (6.1.55-1)
+5.10-bullseye-security: released (5.10.197-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-39194 b/retired/CVE-2023-39194
new file mode 100644
index 00000000..d280004f
--- /dev/null
+++ b/retired/CVE-2023-39194
@@ -0,0 +1,13 @@
+Description: net: xfrm: Fix xfrm_address_filter OOB read
+References:
+ https://www.zerodayinitiative.com/advisories/ZDI-23-1492/
+Notes:
+Bugs:
+upstream: released (6.5-rc7) [dfa73c17d55b921e1d4e154976de35317e43a93a]
+6.1-upstream-stable: released (6.1.47) [9a0056276f5f38e188732bd7b6949edca6a80ea1]
+5.10-upstream-stable: released (5.10.192) [7e50815d29037e08d3d26f3ebc41bcec729847b7]
+4.19-upstream-stable: released (4.19.293) [a695f0e724330773283a6d67e149363b89087f76]
+sid: released (6.4.13-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.197-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-40283 b/retired/CVE-2023-40283
new file mode 100644
index 00000000..1c00e7eb
--- /dev/null
+++ b/retired/CVE-2023-40283
@@ -0,0 +1,13 @@
+Description: Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
+References:
+Notes:
+ carnil> For 6.4.y fixed as well in 6.4.10.
+Bugs:
+upstream: released (6.5-rc1) [1728137b33c00d5a2b5110ed7aafb42e7c32e4a1]
+6.1-upstream-stable: released (6.1.45) [29fac18499332211b2615ade356e2bd8b3269f98]
+5.10-upstream-stable: released (5.10.190) [06f87c96216bc5cd1094c23492274f77f1d5dd3b]
+4.19-upstream-stable: released (4.19.291) [82cdb2ccbe43337798393369f0ceb98699fe6037]
+sid: released (6.4.11-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-4132 b/retired/CVE-2023-4132
new file mode 100644
index 00000000..5d10d96d
--- /dev/null
+++ b/retired/CVE-2023-4132
@@ -0,0 +1,13 @@
+Description: smsusb: use-after-free caused by do_submit_urb()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2221707
+Notes:
+Bugs:
+upstream: released (6.3-rc1) [ebad8e731c1c06adf04621d6fd327b860c0861b5], released (6.5-rc1) [6f489a966fbeb0da63d45c2c66a8957eab604bf6]
+6.1-upstream-stable: released (6.1.16) [479796534a450fd44189080d51bebefa3b42c6fc], released (6.1.39) [8abb53c5167cfb5bb275512a3da4ec2468478626]
+5.10-upstream-stable: released (5.10.173) [42f8ba8355682f6c4125b75503cac0cef4ac91d3], released (5.10.188) [d87ef4e857b790f1616809eccda6b4d0c9c3da11]
+4.19-upstream-stable: released (4.19.276) [1477b00ff582970df110fc9e15a5e2021acb9222], released (4.19.291) [54073c46cbbd2c0c03d6f7d481540cb95cf181a1]
+sid: released (6.4.4-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.178-1), released (5.10.191-1)
+4.19-buster-security: released (4.19.282-1), released (4.19.304-1)
diff --git a/retired/CVE-2023-4206 b/retired/CVE-2023-4206
new file mode 100644
index 00000000..89fb0b4d
--- /dev/null
+++ b/retired/CVE-2023-4206
@@ -0,0 +1,16 @@
+Description: net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free
+References:
+ https://kernel.dance/b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8
+Notes:
+ carnil> CVE-2023-4206 is from Google CNA a subset of CVE-2023-4128
+ carnil> assigned by RedHat CNA.
+ carnil> For 6.4.y fixed in 6.4.10.
+Bugs:
+upstream: released (6.5-rc5) [b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8]
+6.1-upstream-stable: released (6.1.45) [d4d3b53a4c66004e8e864fea744b3a2b86a73b62]
+5.10-upstream-stable: released (5.10.190) [aaa71c4e8ad98828ed50dde3eec8e0d545a117f7]
+4.19-upstream-stable: released (4.19.291) [ad8f36f96696a7f1d191da66637c415959bab6d8]
+sid: released (6.4.11-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-4207 b/retired/CVE-2023-4207
new file mode 100644
index 00000000..8ad74e3e
--- /dev/null
+++ b/retired/CVE-2023-4207
@@ -0,0 +1,16 @@
+Description: net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free
+References:
+ https://kernel.dance/76e42ae831991c828cffa8c37736ebfb831ad5ec
+Notes:
+ carnil> CVE-2023-4207 is from Google CNA a subset of CVE-2023-4128
+ carnil> assigned by RedHat CNA.
+ carnil> For 6.4.y fixed in 6.4.10.
+Bugs:
+upstream: released (6.5-rc5) [76e42ae831991c828cffa8c37736ebfb831ad5ec]
+6.1-upstream-stable: released (6.1.45) [7f691439b29be0aae68f83ad5eecfddc11007724]
+5.10-upstream-stable: released (5.10.190) [a8d478200b104ff356f51e1f63499fe46ba8c9b8]
+4.19-upstream-stable: released (4.19.295) [4f38dc8496d1991e2c055a0068dd98fb48affcc6]
+sid: released (6.4.11-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-4208 b/retired/CVE-2023-4208
new file mode 100644
index 00000000..a49073df
--- /dev/null
+++ b/retired/CVE-2023-4208
@@ -0,0 +1,16 @@
+Description: net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free
+References:
+ https://kernel.dance/3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81
+Notes:
+ carnil> CVE-2023-4208 is from Google CNA a subset of CVE-2023-4128
+ carnil> assigned by RedHat CNA.
+ carnil> For 6.4.y fixed in 6.4.10.
+Bugs:
+upstream: released (6.5-rc5) [3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81]
+6.1-upstream-stable: released (6.1.45) [aab2d095ce4dd8d01ca484c0cc641fb497bf74db]
+5.10-upstream-stable: released (5.10.190) [b4256c99a7116c9514224847e8aaee2ecf110a0a]
+4.19-upstream-stable: released (4.19.291) [4aae24015ecd70d824a953e2dc5b0ca2c4769243]
+sid: released (6.4.11-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-42753 b/retired/CVE-2023-42753
new file mode 100644
index 00000000..4ff833d0
--- /dev/null
+++ b/retired/CVE-2023-42753
@@ -0,0 +1,17 @@
+Description: netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c
+References:
+ https://www.openwall.com/lists/oss-security/2023/09/22/10
+Notes:
+ carnil> For 6.5.y fixed as well in 6.5.3.
+ carnil> Commit fixes 886503f34d63 ("netfilter: ipset: actually allow
+ carnil> allowable CIDR 0 in hash:net,port,net") 4.20-rc2 (but got
+ carnil> backported to 4.19.5 as well).
+Bugs:
+upstream: released (6.6-rc1) [050d91c03b28ca479df13dfb02bcd2c60dd6a878]
+6.1-upstream-stable: released (6.1.53) [7ca0706c68adadf86a36b60dca090f5e9481e808]
+5.10-upstream-stable: released (5.10.195) [83091f8ac03f118086596f17c9a52d31d6ca94b3]
+4.19-upstream-stable: released (4.19.295) [e632d09dffc68b9602d6893a99bfe3001d36cefc]
+sid: released (6.5.3-1)
+6.1-bookworm-security: released (6.1.55-1)
+5.10-bullseye-security: released (5.10.197-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-42754 b/retired/CVE-2023-42754
new file mode 100644
index 00000000..7dafa9d7
--- /dev/null
+++ b/retired/CVE-2023-42754
@@ -0,0 +1,17 @@
+Description: ipv4: fix null-deref in ipv4_link_failure
+References:
+ https://www.openwall.com/lists/oss-security/2023/10/02/8
+Notes:
+ carnil> Commit fixes ed0de45a1008 ("ipv4: recompile ip options in
+ carnil> ipv4_link_failure") in 5.1-rc6, but which got backported so
+ carnil> several stable series.
+ carnil> For 6.5.y fixed as well in 6.5.6.
+Bugs:
+upstream: released (6.6-rc3) [0113d9c9d1ccc07f5a3710dac4aa24b6d711278c]
+6.1-upstream-stable: released (6.1.56) [2712545e535d7a2e4c53b9c9658a9c88c6055862]
+5.10-upstream-stable: released (5.10.198) [8689c9ace976d6c078e6dc844b09598796e84099]
+4.19-upstream-stable: released (4.19.296) [a2cf7bd75b3992e8df68dd5fdc6499b67d45f6e0]
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.55-1) [bugfix/all/ipv4-fix-null-deref-in-ipv4_link_failure.patch]
+5.10-bullseye-security: released (5.10.197-1) [bugfix/all/ipv4-fix-null-deref-in-ipv4_link_failure.patch]
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-42755 b/retired/CVE-2023-42755
new file mode 100644
index 00000000..8480703d
--- /dev/null
+++ b/retired/CVE-2023-42755
@@ -0,0 +1,14 @@
+Description: wild pointer access in rsvp classifer in the Linux kernel
+References:
+ https://lore.kernel.org/all/CADW8OBtkAf+nGokhD9zCFcmiebL1SM8bJp_oo=pE02BknG9qnQ@mail.gmail.com/
+Notes:
+ carnil> Fixed by retiring the RSVP classifier.
+Bugs:
+upstream: released (6.3-rc1) [265b4da82dbf5df04bee5a5d46b7474b1aaf326a]
+6.1-upstream-stable: released (6.1.55) [b93aeb6352b0229e3c5ca5ca4ff015b015aff33c]
+5.10-upstream-stable: released (5.10.197) [8db844077ec9912d75952c80d76da71fc2412852]
+4.19-upstream-stable: released (4.19.295) [6ca0ea6a46e7a2d70fb1b1f6a886efe2b2365e16]
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.55-1)
+5.10-bullseye-security: released (5.10.197-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-45863 b/retired/CVE-2023-45863
new file mode 100644
index 00000000..73f754d6
--- /dev/null
+++ b/retired/CVE-2023-45863
@@ -0,0 +1,12 @@
+Description: kobject: Fix slab-out-of-bounds in fill_kobj_path()
+References:
+Notes:
+Bugs:
+upstream: released (6.3-rc1) [3bb2a01caa813d3a1845d378bbe4169ef280d394]
+6.1-upstream-stable: released (6.1.16) [fe4dd80d58ec5633daf5d50671d1341f738508bf]
+5.10-upstream-stable: released (5.10.200) [b2e62728b106fe54f8618c21a252df7d4a4cc775]
+4.19-upstream-stable: released (4.19.298) [0af6c6c15681cf80aeb85fcb3a1928c63aa89deb]
+sid: released (6.1.20-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-45871 b/retired/CVE-2023-45871
new file mode 100644
index 00000000..024addee
--- /dev/null
+++ b/retired/CVE-2023-45871
@@ -0,0 +1,12 @@
+Description: igb: set max size RX buffer when store bad packet is enabled
+References:
+Notes:
+Bugs:
+upstream: released (6.6-rc1) [bb5ed01cd2428cd25b1c88a3a9cba87055eb289f]
+6.1-upstream-stable: released (6.1.53) [d2e906c725979c39ebf120a189e521ceae787d26]
+5.10-upstream-stable: released (5.10.195) [3e39008e9e3043663324f0920a5d6ebfa68cc92a]
+4.19-upstream-stable: released (4.19.295) [981d0bc43e8d5482294432677e80a1d15f4b790d]
+sid: released (6.5.3-1)
+6.1-bookworm-security: released (6.1.55-1)
+5.10-bullseye-security: released (5.10.197-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-4622 b/retired/CVE-2023-4622
new file mode 100644
index 00000000..14025afc
--- /dev/null
+++ b/retired/CVE-2023-4622
@@ -0,0 +1,17 @@
+Description: af_unix: Fix null-ptr-deref in unix_stream_sendpage().
+References:
+ https://kernel.dance/790c2f9d15b594350ae9bca7b236f2b1859de02c
+Notes:
+ carnil> Consider the 57d44a354a43 ("unix: Convert
+ carnil> unix_stream_sendpage() to use MSG_SPLICE_PAGES") commit, part
+ carnil> of the sendpage refactoring the fixing commit.
+ carnil> For 6.4.y fixed in 6.4.12.
+Bugs:
+upstream: released (6.5-rc1) [57d44a354a43edba4ef9963327d4657d12edbfbc]
+6.1-upstream-stable: released (6.1.47) [790c2f9d15b594350ae9bca7b236f2b1859de02c]
+5.10-upstream-stable: released (5.10.192) [c080cee930303124624fe64fc504f66c815ee6b9]
+4.19-upstream-stable: released (4.19.293) [bd6303bef49970ac7f9278a94473b587e19d1ee2]
+sid: released (6.4.13-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.197-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-4623 b/retired/CVE-2023-4623
new file mode 100644
index 00000000..fc2e0fff
--- /dev/null
+++ b/retired/CVE-2023-4623
@@ -0,0 +1,14 @@
+Description: net/sched: sch_hfsc: Ensure inner classes have fsc curve
+References:
+ https://kernel.dance/b3d26c5702c7d6c45456326e56d2ccf3f103e60f
+Notes:
+ carnil> Fixed as well in 6.4.16 for 6.4.y and in 6.5.3 for 6.5.y.
+Bugs:
+upstream: released (6.6-rc1) [b3d26c5702c7d6c45456326e56d2ccf3f103e60f]
+6.1-upstream-stable: released (6.1.53) [a1e820fc7808e42b990d224f40e9b4895503ac40]
+5.10-upstream-stable: released (5.10.195) [b08cc6c0396fd5cfaac4ca044f2282367347c062]
+4.19-upstream-stable: released (4.19.295) [7c62e0c3c6e9c9c15ead63339db6a0e158d22a66]
+sid: released (6.5.3-1)
+6.1-bookworm-security: released (6.1.55-1)
+5.10-bullseye-security: released (5.10.197-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-4921 b/retired/CVE-2023-4921
new file mode 100644
index 00000000..de88de7d
--- /dev/null
+++ b/retired/CVE-2023-4921
@@ -0,0 +1,16 @@
+Description: net: sched: sch_qfq: Fix UAF in qfq_dequeue()
+References:
+ https://kernel.dance/#8fc134fee27f2263988ae38920bc03da416b03d8
+Notes:
+ carnil> Commit fixes 462dbc9101ac ("pkt_sched: QFQ Plus: fair-queueing
+ carnil> service at DRR cost") in 3.8-rc1.
+ carnil> For 6.5.y fixed as well in 6.5.4.
+Bugs:
+upstream: released (6.6-rc1) [8fc134fee27f2263988ae38920bc03da416b03d8]
+6.1-upstream-stable: released (6.1.54) [a18349dc8d916a64d7c93f05da98953e3386d8e9]
+5.10-upstream-stable: released (5.10.195) [746a8df5e4d235059b1adf02e8456e7ec132d2d8]
+4.19-upstream-stable: released (4.19.295) [7ea1faa59c75336d86893378838ed1e6f20c0520]
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.55-1)
+5.10-bullseye-security: released (5.10.197-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-51780 b/retired/CVE-2023-51780
new file mode 100644
index 00000000..99ecb64a
--- /dev/null
+++ b/retired/CVE-2023-51780
@@ -0,0 +1,12 @@
+Description: atm: Fix Use-After-Free in do_vcc_ioctl
+References:
+Notes:
+Bugs:
+upstream: released (6.7-rc6) [24e90b9e34f9e039f56b5f25f6e6eb92cdd8f4b3]
+6.1-upstream-stable: released (6.1.69) [2de2a6cbe14f7e949da59bddd5d69baf5dd893c0]
+5.10-upstream-stable: released (5.10.205) [64a032015c336ca1795b3e1b1d1f94085ada3553]
+4.19-upstream-stable: released (4.19.303) [bff7ddb0d9d515170dcf133d239dba87c47c8cdb]
+sid: released (6.6.8-1)
+6.1-bookworm-security: released (6.1.69-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-51781 b/retired/CVE-2023-51781
new file mode 100644
index 00000000..88e57e39
--- /dev/null
+++ b/retired/CVE-2023-51781
@@ -0,0 +1,12 @@
+Description: appletalk: Fix Use-After-Free in atalk_ioctl
+References:
+Notes:
+Bugs:
+upstream: released (6.7-rc6) [189ff16722ee36ced4d2a2469d4ab65a8fee4198]
+6.1-upstream-stable: released (6.1.69) [1646b2929d5efc3861139ba58556b0f149c848f6]
+5.10-upstream-stable: released (5.10.205) [a232eb81c7cb5d4dbd325d4611ed029b7fa07596]
+4.19-upstream-stable: released (4.19.303) [580ff9f59ab6537d8ce1d0d9f012cf970553ef3d]
+sid: released (6.6.8-1)
+6.1-bookworm-security: released (6.1.69-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-51782 b/retired/CVE-2023-51782
new file mode 100644
index 00000000..e44ddaab
--- /dev/null
+++ b/retired/CVE-2023-51782
@@ -0,0 +1,12 @@
+Description: net/rose: Fix Use-After-Free in rose_ioctl
+References:
+Notes:
+Bugs:
+upstream: released (6.7-rc6) [810c38a369a0a0ce625b5c12169abce1dd9ccd53]
+6.1-upstream-stable: released (6.1.69) [01540ee2366a0a8671c35cd57a66bf0817106ffa]
+5.10-upstream-stable: released (5.10.205) [7eda5960a5332654b10d951e735750ed60d7f0a9]
+4.19-upstream-stable: released (4.19.303) [6c9afea8827dde62c4062185d22ac035090ba39b]
+sid: released (6.6.8-1)
+6.1-bookworm-security: released (6.1.69-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-5717 b/retired/CVE-2023-5717
new file mode 100644
index 00000000..8d2ea398
--- /dev/null
+++ b/retired/CVE-2023-5717
@@ -0,0 +1,14 @@
+Description: perf: Disallow mis-matched inherited group reads
+References:
+ https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06
+Notes:
+ carnil> For 6.5.y fixed as well in 6.5.9.
+Bugs:
+upstream: released (6.6-rc7) [32671e3799ca2e4590773fd0e63aaa4229e50c06]
+6.1-upstream-stable: released (6.1.60) [f6952655a61264900ed08e9d642adad8222f8e29]
+5.10-upstream-stable: released (5.10.199) [487a8e24643a0effb2ba19cad3227fc75dc3c4b7]
+4.19-upstream-stable: released (4.19.297) [a714491fa92d2068358dd603cc50bf2062517bd8]
+sid: released (6.5.10-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-6931 b/retired/CVE-2023-6931
new file mode 100644
index 00000000..8a3348e9
--- /dev/null
+++ b/retired/CVE-2023-6931
@@ -0,0 +1,14 @@
+Description: perf: Fix perf_event_validate_size()
+References:
+ https://kernel.dance/382c27f4ed28f803b1f1473ac2d8db0afc795a1b
+Notes:
+ carnil> Fixed as well in 6.6.7 for 6.6.y.
+Bugs:
+upstream: released (6.7-rc5) [382c27f4ed28f803b1f1473ac2d8db0afc795a1b]
+6.1-upstream-stable: released (6.1.68) [06dec254c59afd01b7a44838cf8bfc382bef019b]
+5.10-upstream-stable: released (5.10.204) [208dd116f96ea19e5d38d7b80fce49bc5ce1bbe8]
+4.19-upstream-stable: released (4.19.302) [f5d6ab016792c9d6d5280fdb7f8962eb3b8c620e]
+sid: released (6.6.8-1)
+6.1-bookworm-security: released (6.1.69-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-6932 b/retired/CVE-2023-6932
new file mode 100644
index 00000000..e8a55938
--- /dev/null
+++ b/retired/CVE-2023-6932
@@ -0,0 +1,14 @@
+Description: ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet
+References:
+ https://kernel.dance/e2b706c691905fe78468c361aaabc719d0a496f1
+Notes:
+ carnil> For 6.6.y fixed as well in 6.6.5.
+Bugs:
+upstream: released (6.7-rc4) [e2b706c691905fe78468c361aaabc719d0a496f1]
+6.1-upstream-stable: released (6.1.66) [94445d9583079e0ccc5dde1370076ff24800d86e]
+5.10-upstream-stable: released (5.10.203) [772fe1da9a8d4dcd8993abaecbde04789c52a4c2]
+4.19-upstream-stable: released (4.19.301) [6b6f5c6671fdfde9c94efe6409fa9f39436017e7]
+sid: released (6.6.8-1)
+6.1-bookworm-security: released (6.1.66-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
author	Ben Hutchings <ben@decadent.org.uk>	2024-01-09 01:23:56 +0100
committer	Ben Hutchings <ben@decadent.org.uk>	2024-01-09 01:23:56 +0100
commit	26d3effdb521546119e479bf43fb4630a3156675 (patch)
tree	43d4bebfdaa0fff19349832f4c5083ecfc1b453d /retired
parent	4c52cadb6f91fc32612f39a2181515f9abf50b98 (diff)