Retire several CVEs

author: Salvatore Bonaccorso <carnil@debian.org> 2024-04-10 22:00:29 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2024-04-10 22:00:29 +0200
commit: 36b6da22cc336b7572fb13260eb9c77e5155f1bd (patch)
tree: 34c71238a933f8c06e45d786d0fc96f2f782ea8a /retired
parent: 688f5248fc745b1897b7d556a57760a334f7ad42 (diff)
55 files changed, 897 insertions, 0 deletions
diff --git a/retired/CVE-2021-47181 b/retired/CVE-2021-47181
new file mode 100644
index 00000000..2df2af3c
--- /dev/null
+++ b/retired/CVE-2021-47181
@@ -0,0 +1,16 @@
+Description: usb: musb: tusb6010: check return value after calling platform_get_resource()
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.16-rc1) [14651496a3de6807a17c310f63c894ea0c5d858e]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.82) [679eee466d0f9ffa60a2b0c6ec19be5128927f04]
+4.19-upstream-stable: released (4.19.218) [f87a79c04a33ab4e5be598c7b0867e6ef193d702]
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/retired/CVE-2021-47184 b/retired/CVE-2021-47184
new file mode 100644
index 00000000..20645aad
--- /dev/null
+++ b/retired/CVE-2021-47184
@@ -0,0 +1,17 @@
+Description: i40e: Fix NULL ptr dereference on VSI filter sync
+References:
+Notes:
+ carnil> Introduced in 41c445ff0f48 ("i40e: main driver core"). Vulnerable versions:
+ carnil> 3.12-rc1.
+Bugs:
+upstream: released (5.16-rc2) [37d9e304acd903a445df8208b8a13d707902dea6]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.82) [f866513ead4370402428ef724b03c3312295c178]
+4.19-upstream-stable: released (4.19.218) [87c421ab4a43433cb009fea44bbbc77f46913e1d]
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/retired/CVE-2021-47185 b/retired/CVE-2021-47185
new file mode 100644
index 00000000..4fc16d9f
--- /dev/null
+++ b/retired/CVE-2021-47185
@@ -0,0 +1,16 @@
+Description: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.16-rc1) [3968ddcf05fb4b9409cd1859feb06a5b0550a1c1]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.82) [77e9fed33056f2a88eba9dd4d2d5412f0c7d1f41]
+4.19-upstream-stable: released (4.19.218) [4f300f47dbcf9c3d4b2ea76c8554c8f360400725]
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/retired/CVE-2021-47189 b/retired/CVE-2021-47189
new file mode 100644
index 00000000..3318156e
--- /dev/null
+++ b/retired/CVE-2021-47189
@@ -0,0 +1,17 @@
+Description: btrfs: fix memory ordering between normal and ordered work functions
+References:
+Notes:
+ carnil> Introduced in 08a9ff326418 ("btrfs: Added btrfs_workqueue_struct implemented
+ carnil> ordered execution based on kernel workqueue"). Vulnerable versions: 3.15-rc1.
+Bugs:
+upstream: released (5.16-rc2) [45da9c1767ac31857df572f0a909fbe88fd5a7e9]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.82) [6adbc07ebcaf8bead08b21687d49e0fc94400987]
+4.19-upstream-stable: released (4.19.218) [ed058d735a70f4b063323f1a7bb33cda0f987513]
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/retired/CVE-2021-47190 b/retired/CVE-2021-47190
new file mode 100644
index 00000000..94d0f85e
--- /dev/null
+++ b/retired/CVE-2021-47190
@@ -0,0 +1,17 @@
+Description: perf bpf: Avoid memory leak from perf_env__insert_btf()
+References:
+Notes:
+ carnil> Introduced in 3792cb2ff43b1b19 ("perf bpf: Save BTF in a rbtree in perf_env").
+ carnil> Vulnerable versions: 5.1-rc2.
+Bugs:
+upstream: released (5.16-rc1) [4924b1f7c46711762fd0e65c135ccfbcfd6ded1f]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.82) [11589d3144bc4e272e0aae46ce8156162e99babc]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47192 b/retired/CVE-2021-47192
new file mode 100644
index 00000000..2687b952
--- /dev/null
+++ b/retired/CVE-2021-47192
@@ -0,0 +1,17 @@
+Description: scsi: core: sysfs: Fix hang when device state is set via sysfs
+References:
+Notes:
+ carnil> Introduced in f0f82e2476f6 ("scsi: core: Fix capacity set to zero after
+ carnil> offlinining device"). Vulnerable versions: 5.4.143 5.10.61 5.13.13 5.14-rc5.
+Bugs:
+upstream: released (5.16-rc2) [4edd8cd4e86dd3047e5294bbefcc0a08f66a430f]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.82) [a792e0128d232251edb5fdf42fb0f9fbb0b44a73]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47194 b/retired/CVE-2021-47194
new file mode 100644
index 00000000..671ea959
--- /dev/null
+++ b/retired/CVE-2021-47194
@@ -0,0 +1,17 @@
+Description: cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
+References:
+Notes:
+ carnil> Introduced in ac800140c20e ("cfg80211: .stop_ap when interface is going down").
+ carnil> Vulnerable versions: 3.6-rc1.
+Bugs:
+upstream: released (5.16-rc2) [563fbefed46ae4c1f70cffb8eb54c02df480b2c2]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.82) [7b97b5776daa0b39dbdadfea176f9cc0646d4a66]
+4.19-upstream-stable: released (4.19.218) [b8a045e2a9b234cfbc06cf36923886164358ddec]
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/retired/CVE-2021-47195 b/retired/CVE-2021-47195
new file mode 100644
index 00000000..7c14bc83
--- /dev/null
+++ b/retired/CVE-2021-47195
@@ -0,0 +1,17 @@
+Description: spi: fix use-after-free of the add_lock mutex
+References:
+Notes:
+ carnil> Introduced in 6098475d4cb4 ("spi: Fix deadlock when adding SPI controllers on
+ carnil> SPI buses"). Vulnerable versions: 5.14.15 5.15-rc6.
+Bugs:
+upstream: released (5.16-rc2) [6c53b45c71b4920b5e62f0ea8079a1da382b9434]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47196 b/retired/CVE-2021-47196
new file mode 100644
index 00000000..a99a1a99
--- /dev/null
+++ b/retired/CVE-2021-47196
@@ -0,0 +1,17 @@
+Description: RDMA/core: Set send and receive CQ before forwarding to the driver
+References:
+Notes:
+ carnil> Introduced in 514aee660df4 ("RDMA: Globally allocate and release QP memory").
+ carnil> Vulnerable versions: 5.15-rc1.
+Bugs:
+upstream: released (5.16-rc2) [6cd7397d01c4a3e09757840299e4f114f0aa5fa0]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47197 b/retired/CVE-2021-47197
new file mode 100644
index 00000000..08d5f4aa
--- /dev/null
+++ b/retired/CVE-2021-47197
@@ -0,0 +1,18 @@
+Description: net/mlx5e: nullify cq->dbg pointer in mlx5_debug_cq_remove()
+References:
+Notes:
+ carnil> Introduced in 94b960b9deff ("net/mlx5e: Fix memory leak in
+ carnil> mlx5_core_destroy_cq() error path"). Vulnerable versions: 5.10.75 5.14.14
+ carnil> 5.15-rc6.
+Bugs:
+upstream: released (5.16-rc2) [76ded29d3fcda4928da8849ffc446ea46871c1c2]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.82) [471c492890557bd58f73314bb4ad85d5a8fd5026]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47203 b/retired/CVE-2021-47203
new file mode 100644
index 00000000..6c4e03d6
--- /dev/null
+++ b/retired/CVE-2021-47203
@@ -0,0 +1,16 @@
+Description: scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.16-rc1) [99154581b05c8fb22607afb7c3d66c1bace6aa5d]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.82) [c097bd5a59162156d9c2077a2f58732ffbaa9fca]
+4.19-upstream-stable: released (4.19.218) [b291d147d0268e93ad866f8bc820ea14497abc9b]
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/retired/CVE-2021-47206 b/retired/CVE-2021-47206
new file mode 100644
index 00000000..4e6412c2
--- /dev/null
+++ b/retired/CVE-2021-47206
@@ -0,0 +1,16 @@
+Description: usb: host: ohci-tmio: check return value after calling platform_get_resource()
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.16-rc1) [9eff2b2e59fda25051ab36cd1cb5014661df657b]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.82) [2474eb7fc3bfbce10f7b8ea431fcffe5dd5f5100]
+4.19-upstream-stable: released (4.19.218) [951b8239fd24678b56c995c5c0456ab12e059d19]
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/retired/CVE-2021-47207 b/retired/CVE-2021-47207
new file mode 100644
index 00000000..d14bf7fc
--- /dev/null
+++ b/retired/CVE-2021-47207
@@ -0,0 +1,16 @@
+Description: ALSA: gus: fix null pointer dereference on pointer block
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.16-rc1) [a0d21bb3279476c777434c40d969ea88ca64f9aa]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.82) [1ac6cd87d8ddd36c43620f82c4d65b058f725f0f]
+4.19-upstream-stable: released (4.19.218) [ab4c1ebc40f699f48346f634d7b72b9c5193f315]
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/retired/CVE-2021-47209 b/retired/CVE-2021-47209
new file mode 100644
index 00000000..c78e1f34
--- /dev/null
+++ b/retired/CVE-2021-47209
@@ -0,0 +1,17 @@
+Description: sched/fair: Prevent dead task groups from regaining cfs_rq's
+References:
+Notes:
+ carnil> Introduced in a7b359fc6a37 ("sched/fair: Correctly insert cfs_rq's to list on
+ carnil> unthrottle"). Vulnerable versions: 5.13-rc7.
+Bugs:
+upstream: released (5.16-rc1) [b027789e5e50494c2325cc70c8642e7fd6059479]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47210 b/retired/CVE-2021-47210
new file mode 100644
index 00000000..0ec158c1
--- /dev/null
+++ b/retired/CVE-2021-47210
@@ -0,0 +1,16 @@
+Description: usb: typec: tipd: Remove WARN_ON in tps6598x_block_read
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.16-rc1) [b7a0a63f3fed57d413bb857de164ea9c3984bc4e]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.82) [eff8b7628410cb2eb562ca0d5d1f12e27063733e]
+4.19-upstream-stable: released (4.19.218) [2a897d384513ba7f7ef05611338b9a6ec6aeac00]
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/retired/CVE-2021-47213 b/retired/CVE-2021-47213
new file mode 100644
index 00000000..5a8a8ff9
--- /dev/null
+++ b/retired/CVE-2021-47213
@@ -0,0 +1,17 @@
+Description: NFSD: Fix exposure in nfsd4_decode_bitmap()
+References:
+Notes:
+ carnil> Introduced in d1c263a031e8 ("NFSD: Replace READ* macros in
+ carnil> nfsd4_decode_fattr()"). Vulnerable versions: 5.11-rc1.
+Bugs:
+upstream: released (5.16-rc2) [c0019b7db1d7ac62c711cda6b357a659d46428fe]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47214 b/retired/CVE-2021-47214
new file mode 100644
index 00000000..9ab08fd4
--- /dev/null
+++ b/retired/CVE-2021-47214
@@ -0,0 +1,17 @@
+Description: hugetlb, userfaultfd: fix reservation restore on userfaultfd error
+References:
+Notes:
+ carnil> Introduced in c7b1850dfb41 ("hugetlb: don't pass page cache pages to
+ carnil> restore_reserve_on_error"). Vulnerable versions: 5.13.13 5.14-rc7.
+Bugs:
+upstream: released (5.16-rc2) [cc30042df6fcc82ea18acf0dace831503e60a0b7]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47215 b/retired/CVE-2021-47215
new file mode 100644
index 00000000..41588e26
--- /dev/null
+++ b/retired/CVE-2021-47215
@@ -0,0 +1,17 @@
+Description: net/mlx5e: kTLS, Fix crash in RX resync flow
+References:
+Notes:
+ carnil> Introduced in e9ce991bce5b ("net/mlx5e: kTLS, Add resiliency to RX resync
+ carnil> failures"). Vulnerable versions: 5.13-rc1.
+Bugs:
+upstream: released (5.16-rc2) [cc4a9cc03faa6d8db1a6954bb536f2c1e63bdff6]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47216 b/retired/CVE-2021-47216
new file mode 100644
index 00000000..28b20595
--- /dev/null
+++ b/retired/CVE-2021-47216
@@ -0,0 +1,16 @@
+Description: scsi: advansys: Fix kernel pointer leak
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.16-rc1) [d4996c6eac4c81b8872043e9391563f67f13e406]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.82) [055eced3edf5b675d12189081303f6285ef26511]
+4.19-upstream-stable: released (4.19.218) [f5a0ba4a9b5e70e7b2f767636d26523f9d1ac59d]
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/retired/CVE-2021-47217 b/retired/CVE-2021-47217
new file mode 100644
index 00000000..c6daf117
--- /dev/null
+++ b/retired/CVE-2021-47217
@@ -0,0 +1,17 @@
+Description: x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails
+References:
+Notes:
+ carnil> Introduced in 93286261de1b ("x86/hyperv: Reenlightenment notifications
+ carnil> support"). Vulnerable versions: 4.16-rc1.
+Bugs:
+upstream: released (5.16-rc2) [daf972118c517b91f74ff1731417feb4270625a4]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.82) [9c177eee116cf888276d3748cb176e72562cfd5c]
+4.19-upstream-stable: released (4.19.218) [b20ec58f8a6f4fef32cc71480ddf824584e24743]
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/retired/CVE-2021-47218 b/retired/CVE-2021-47218
new file mode 100644
index 00000000..985bb306
--- /dev/null
+++ b/retired/CVE-2021-47218
@@ -0,0 +1,17 @@
+Description: selinux: fix NULL-pointer dereference when hashtab allocation fails
+References:
+Notes:
+ carnil> Introduced in 03414a49ad5f ("selinux: do not allocate hashtabs dynamically").
+ carnil> Vulnerable versions: 5.8-rc1.
+Bugs:
+upstream: released (5.16-rc3) [dc27f3c5d10c58069672215787a96b4fae01818b]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.82) [b17dd53cac769dd13031b0ca34f90cc65e523fab]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52636 b/retired/CVE-2023-52636
new file mode 100644
index 00000000..d957fbf4
--- /dev/null
+++ b/retired/CVE-2023-52636
@@ -0,0 +1,16 @@
+Description: libceph: just wait for more data to be available on the socket
+References:
+Notes:
+ carnil> Introduced in d396f89db39a ("libceph: add sparse read support to msgr1").
+ carnil> Vulnerable versions: 6.6-rc1.
+Bugs:
+upstream: released (6.8-rc4) [8e46a2d068c92a905d01cbb018b00d66991585ab]
+6.7-upstream-stable: released (6.7.5) [bd9442e553ab8bf74b8be3b3c0a43bf4af4dc9b8]
+6.6-upstream-stable: released (6.6.17) [da9c33a70f095d5d55c36d0bfeba969e31de08ae]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26666 b/retired/CVE-2024-26666
new file mode 100644
index 00000000..ccaf7809
--- /dev/null
+++ b/retired/CVE-2024-26666
@@ -0,0 +1,16 @@
+Description: wifi: mac80211: fix RCU use in TDLS fast-xmit
+References:
+Notes:
+ carnil> Introduced in 8cc07265b691 ("wifi: mac80211: handle TDLS data frames with
+ carnil> MLO"). Vulnerable versions: 6.5-rc1.
+Bugs:
+upstream: released (6.8-rc4) [9480adfe4e0f0319b9da04b44e4eebd5ad07e0cd]
+6.7-upstream-stable: released (6.7.5) [c255c3b653c6e8b52ac658c305e2fece2825f7ad]
+6.6-upstream-stable: released (6.6.17) [fc3432ae8232ff4025e7c55012dd88db0e3d18eb]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26674 b/retired/CVE-2024-26674
new file mode 100644
index 00000000..0d0f2b3d
--- /dev/null
+++ b/retired/CVE-2024-26674
@@ -0,0 +1,16 @@
+Description: x86/lib: Revert to _ASM_EXTABLE_UA() for {get,put}_user() fixups
+References:
+Notes:
+ carnil> Introduced in b19b74bc99b1 ("x86/mm: Rework address range check in get_user()
+ carnil> and put_user()"). Vulnerable versions: 6.4-rc1.
+Bugs:
+upstream: released (6.8-rc4) [8eed4e00a370b37b4e5985ed983dccedd555ea9d]
+6.7-upstream-stable: released (6.7.5) [2da241c5ed78d0978228a1150735539fe1a60eca]
+6.6-upstream-stable: released (6.6.17) [2aed1b6c33afd8599d01c6532bbecb829480a674]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26682 b/retired/CVE-2024-26682
new file mode 100644
index 00000000..cab217df
--- /dev/null
+++ b/retired/CVE-2024-26682
@@ -0,0 +1,16 @@
+Description: wifi: mac80211: improve CSA/ECSA connection refusal
+References:
+Notes:
+ carnil> Introduced in c09c4f31998b ("wifi: mac80211: don't connect to an AP while it's
+ carnil> in a CSA process"). Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.8-rc4) [35e2385dbe787936c793d70755a5177d267a40aa]
+6.7-upstream-stable: released (6.7.5) [ea88bde8e3fefbe4268f6991375dd629895a090a]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26683 b/retired/CVE-2024-26683
new file mode 100644
index 00000000..7d9a4977
--- /dev/null
+++ b/retired/CVE-2024-26683
@@ -0,0 +1,16 @@
+Description: wifi: cfg80211: detect stuck ECSA element in probe resp
+References:
+Notes:
+ carnil> Introduced in c09c4f31998b ("wifi: mac80211: don't connect to an AP while it's
+ carnil> in a CSA process"). Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.8-rc4) [177fbbcb4ed6b306c1626a277fac3fb1c495a4c7]
+6.7-upstream-stable: released (6.7.5) [ce112c941c2b172afba3e913a90c380647d53975]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26690 b/retired/CVE-2024-26690
new file mode 100644
index 00000000..cc209b98
--- /dev/null
+++ b/retired/CVE-2024-26690
@@ -0,0 +1,16 @@
+Description: net: stmmac: protect updates of 64-bit statistics counters
+References:
+Notes:
+ carnil> Introduced in 133466c3bbe1 ("net: stmmac: use per-queue 64 bit statistics where
+ carnil> necessary"). Vulnerable versions: 6.6-rc1.
+Bugs:
+upstream: released (6.8-rc4) [38cc3c6dcc09dc3a1800b5ec22aef643ca11eab8]
+6.7-upstream-stable: released (6.7.6) [e6af0f082a4b87b99ad033003be2a904a1791b3f]
+6.6-upstream-stable: released (6.6.18) [9680b2ab54ba8d72581100e8c45471306101836e]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26692 b/retired/CVE-2024-26692
new file mode 100644
index 00000000..62deb7d5
--- /dev/null
+++ b/retired/CVE-2024-26692
@@ -0,0 +1,16 @@
+Description: smb: Fix regression in writes when non-standard maximum write size negotiated
+References:
+Notes:
+ carnil> Introduced in d08089f649a0 ("cifs: Change the I/O paths to use an iterator
+ carnil> rather than a page list"). Vulnerable versions: 6.3-rc1.
+Bugs:
+upstream: released (6.8-rc5) [4860abb91f3d7fbaf8147d54782149bb1fc45892]
+6.7-upstream-stable: released (6.7.6) [63c35afd50e28b49c5b75542045a8c42b696dab9]
+6.6-upstream-stable: released (6.6.18) [4145ccff546ea868428b3e0fe6818c6261b574a9]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26693 b/retired/CVE-2024-26693
new file mode 100644
index 00000000..f696d570
--- /dev/null
+++ b/retired/CVE-2024-26693
@@ -0,0 +1,16 @@
+Description: wifi: iwlwifi: mvm: fix a crash when we run out of stations
+References:
+Notes:
+ carnil> Introduced in 57974a55d995 ("wifi: iwlwifi: mvm: refactor
+ carnil> iwl_mvm_mac_sta_state_common()"). Vulnerable versions: 6.4-rc1.
+Bugs:
+upstream: released (6.8-rc5) [b7198383ef2debe748118996f627452281cf27d7]
+6.7-upstream-stable: released (6.7.6) [c12f0f4d4caf23b1bfdc2602b6b70d56bdcd6aa7]
+6.6-upstream-stable: released (6.6.18) [00f4eb31b8193f6070ce24df636883f9c104ca95]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26694 b/retired/CVE-2024-26694
new file mode 100644
index 00000000..d5926976
--- /dev/null
+++ b/retired/CVE-2024-26694
@@ -0,0 +1,16 @@
+Description: wifi: iwlwifi: fix double-free bug
+References:
+Notes:
+ carnil> Introduced in 5e31b3df86ec ("wifi: iwlwifi: dbg: print pc register data once fw
+ carnil> dump occurred"). Vulnerable versions: 6.4-rc1.
+Bugs:
+upstream: released (6.8-rc4) [353d321f63f7dbfc9ef58498cc732c9fe886a596]
+6.7-upstream-stable: released (6.7.6) [d24eb9a27bea8fe5237fa71be274391d9d51eff2]
+6.6-upstream-stable: released (6.6.18) [ab9d4bb9a1892439b3123fc52b19e32b9cdf80ad]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26703 b/retired/CVE-2024-26703
new file mode 100644
index 00000000..6e1bbae5
--- /dev/null
+++ b/retired/CVE-2024-26703
@@ -0,0 +1,16 @@
+Description: tracing/timerlat: Move hrtimer_init to timerlat_fd open()
+References:
+Notes:
+ carnil> Introduced in e88ed227f639 ("tracing/timerlat: Add user-space interface").
+ carnil> Vulnerable versions: 6.5-rc1.
+Bugs:
+upstream: released (6.8-rc3) [1389358bb008e7625942846e9f03554319b7fecc]
+6.7-upstream-stable: released (6.7.6) [2354d29986ebd138f89c2b73fecf8237e0a4ad6b]
+6.6-upstream-stable: released (6.6.18) [5f703935fdb559642d85b2088442ee55a557ae6d]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26705 b/retired/CVE-2024-26705
new file mode 100644
index 00000000..8818f6bf
--- /dev/null
+++ b/retired/CVE-2024-26705
@@ -0,0 +1,16 @@
+Description: parisc: BTLB: Fix crash when setting up BTLB at CPU bringup
+References:
+Notes:
+ carnil> Introduced in e5ef93d02d6c ("parisc: BTLB: Initialize BTLB tables at CPU
+ carnil> startup"). Vulnerable versions: 6.6-rc2.
+Bugs:
+upstream: released (6.8-rc3) [913b9d443a0180cf0de3548f1ab3149378998486]
+6.7-upstream-stable: released (6.7.6) [aa52be55276614d33f22fbe7da36c40d6432d10b]
+6.6-upstream-stable: released (6.6.18) [54944f45470af5965fb9c28cf962ec30f38a8f5b]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26708 b/retired/CVE-2024-26708
new file mode 100644
index 00000000..bd6e39ea
--- /dev/null
+++ b/retired/CVE-2024-26708
@@ -0,0 +1,17 @@
+Description: mptcp: really cope with fastopen race
+References:
+Notes:
+ carnil> Introduced in 1e777f39b4d7 ("mptcp: add MSG_FASTOPEN sendmsg flag support")
+ carnil> 4fd19a307016 ("mptcp: fix inconsistent state on fastopen race"). Vulnerable
+ carnil> versions: 6.2-rc1 6.6.10 6.7-rc7.
+Bugs:
+upstream: released (6.8-rc5) [337cebbd850f94147cee05252778f8f78b8c337f]
+6.7-upstream-stable: released (6.7.6) [e158fb9679d15a2317ec13b4f6301bd26265df2f]
+6.6-upstream-stable: released (6.6.18) [4bfe217e075d04e63c092df9d40c608e598c2ef2]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26709 b/retired/CVE-2024-26709
new file mode 100644
index 00000000..4bd0840a
--- /dev/null
+++ b/retired/CVE-2024-26709
@@ -0,0 +1,16 @@
+Description: powerpc/iommu: Fix the missing iommu_group_put() during platform domain attach
+References:
+Notes:
+ carnil> Introduced in a8ca9fc9134c ("powerpc/iommu: Do not do platform domain attach
+ carnil> atctions after probe"). Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.8-rc5) [0846dd77c8349ec92ca0079c9c71d130f34cb192]
+6.7-upstream-stable: released (6.7.6) [c90fdea9cac9eb419fc266e75d625cb60c8f7f6c]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26711 b/retired/CVE-2024-26711
new file mode 100644
index 00000000..f4dd309a
--- /dev/null
+++ b/retired/CVE-2024-26711
@@ -0,0 +1,16 @@
+Description: iio: adc: ad4130: zero-initialize clock init data
+References:
+Notes:
+ carnil> Introduced in 62094060cf3a ("iio: adc: ad4130: add AD4130 driver"). Vulnerable
+ carnil> versions: 6.2-rc1.
+Bugs:
+upstream: released (6.8-rc5) [a22b0a2be69a36511cb5b37d948b651ddf7debf3]
+6.7-upstream-stable: released (6.7.6) [02876e2df02f8b17a593d77a0a7879a8109b27e1]
+6.6-upstream-stable: released (6.6.18) [0e0dab37750926d4fb0144edb1c1ea0612fea273]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26713 b/retired/CVE-2024-26713
new file mode 100644
index 00000000..f8fea6f1
--- /dev/null
+++ b/retired/CVE-2024-26713
@@ -0,0 +1,16 @@
+Description: powerpc/pseries/iommu: Fix iommu initialisation during DLPAR add
+References:
+Notes:
+ carnil> Introduced in a940904443e4 ("powerpc/iommu: Add iommu_ops to report
+ carnil> capabilities and allow blocking domains"). Vulnerable versions: 6.4-rc1.
+Bugs:
+upstream: released (6.8-rc5) [ed8b94f6e0acd652ce69bd69d678a0c769172df8]
+6.7-upstream-stable: released (6.7.6) [d4f762d6403f7419de90d7749fa83dd92ffb0e1d]
+6.6-upstream-stable: released (6.6.18) [9978d5b744e0227afe19e3bcb4c5f75442dde753]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26716 b/retired/CVE-2024-26716
new file mode 100644
index 00000000..f5338e59
--- /dev/null
+++ b/retired/CVE-2024-26716
@@ -0,0 +1,16 @@
+Description: usb: core: Prevent null pointer dereference in update_port_device_state
+References:
+Notes:
+ carnil> Introduced in 83cb2604f641 ("usb: core: add sysfs entry for usb device state").
+ carnil> Vulnerable versions: 6.5-rc1.
+Bugs:
+upstream: released (6.8-rc3) [12783c0b9e2c7915a50d5ec829630ff2da50472c]
+6.7-upstream-stable: released (6.7.6) [465b545d1d7ef282192ddd4439b08279bdb13f6f]
+6.6-upstream-stable: released (6.6.18) [ed85777c640cf9e6920bb1b60ed8cd48e1f4d873]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26721 b/retired/CVE-2024-26721
new file mode 100644
index 00000000..f5b5d06d
--- /dev/null
+++ b/retired/CVE-2024-26721
@@ -0,0 +1,16 @@
+Description: drm/i915/dsc: Fix the macro that calculates DSCC_/DSCA_ PPS reg address
+References:
+Notes:
+ carnil> Introduced in bd077259d0a9 ("drm/i915/vdsc: Add function to read any PPS
+ carnil> register"). Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.8-rc5) [962ac2dce56bb3aad1f82a4bbe3ada57a020287c]
+6.7-upstream-stable: released (6.7.6) [ff5999fb03f467e1e7159f0ddb199c787f7512b9]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26724 b/retired/CVE-2024-26724
new file mode 100644
index 00000000..5fab05ee
--- /dev/null
+++ b/retired/CVE-2024-26724
@@ -0,0 +1,16 @@
+Description: net/mlx5: DPLL, Fix possible use after free after delayed work timer triggers
+References:
+Notes:
+ carnil> Introduced in 496fd0a26bbf ("mlx5: Implement SyncE support using DPLL
+ carnil> infrastructure"). Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.8-rc5) [aa1eec2f546f2afa8c98ec41e5d8ee488165d685]
+6.7-upstream-stable: released (6.7.6) [1596126ea50228f0ed96697bae4e9368fda02c56]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26725 b/retired/CVE-2024-26725
new file mode 100644
index 00000000..5697928c
--- /dev/null
+++ b/retired/CVE-2024-26725
@@ -0,0 +1,16 @@
+Description: dpll: fix possible deadlock during netlink dump operation
+References:
+Notes:
+ carnil> Introduced in 9d71b54b65b1 ("dpll: netlink: Add DPLL framework base
+ carnil> functions"). Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.8-rc5) [53c0441dd2c44ee93fddb5473885fd41e4bc2361]
+6.7-upstream-stable: released (6.7.6) [087739cbd0d0b87b6cec2c0799436ac66e24acc8]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26728 b/retired/CVE-2024-26728
new file mode 100644
index 00000000..a26b153a
--- /dev/null
+++ b/retired/CVE-2024-26728
@@ -0,0 +1,16 @@
+Description: drm/amd/display: fix null-pointer dereference on edid reading
+References:
+Notes:
+ carnil> Introduced in 0e859faf8670 ("drm/amd/display: Remove unwanted drm edid
+ carnil> references"). Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.8-rc6) [9671761792156f2339627918bafcd713a8a6f777]
+6.7-upstream-stable: released (6.7.7) [2d392f7268a1a9bfbd98c831f0f4c964e59aa145]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26729 b/retired/CVE-2024-26729
new file mode 100644
index 00000000..10445ddb
--- /dev/null
+++ b/retired/CVE-2024-26729
@@ -0,0 +1,17 @@
+Description: drm/amd/display: Fix potential null pointer dereference in dc_dmub_srv
+References:
+Notes:
+ carnil> Introduced in 028bac583449 ("drm/amd/display: decouple dmcub execution to
+ carnil> reduce lock granularity")
+ carnil> 65138eb72e1f ("drm/amd/display: Add DCN35 DMUB"). Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.8-rc6) [d2b48f340d9e4a8fbeb1cdc84cd8da6ad143a907]
+6.7-upstream-stable: released (6.7.7) [351080ba3414c96afff0f1338b4aeb2983195b80]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26730 b/retired/CVE-2024-26730
new file mode 100644
index 00000000..b4da1117
--- /dev/null
+++ b/retired/CVE-2024-26730
@@ -0,0 +1,16 @@
+Description: hwmon: (nct6775) Fix access to temperature configuration registers
+References:
+Notes:
+ carnil> Introduced in b7f1f7b2523a ("hwmon: (nct6775) Additional TEMP registers for
+ carnil> nct6799"). Vulnerable versions: 6.6-rc1.
+Bugs:
+upstream: released (6.8-rc6) [d56e460e19ea8382f813eb489730248ec8d7eb73]
+6.7-upstream-stable: released (6.7.7) [c196387820c9214c5ceaff56d77303c82514b8b1]
+6.6-upstream-stable: released (6.6.19) [f006c45a3ea424f8f6c8e4b9283bc245ce2a4d0f]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26732 b/retired/CVE-2024-26732
new file mode 100644
index 00000000..e022b501
--- /dev/null
+++ b/retired/CVE-2024-26732
@@ -0,0 +1,16 @@
+Description: net: implement lockless setsockopt(SO_PEEK_OFF)
+References:
+Notes:
+ carnil> Introduced in 859051dd165e ("bpf: Implement cgroup sockaddr hooks for unix
+ carnil> sockets"). Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.8-rc6) [56667da7399eb19af857e30f41bea89aa6fa812c]
+6.7-upstream-stable: released (6.7.7) [897f75e2cde8a5f9f7529b55249af1fa4248c83b]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26734 b/retired/CVE-2024-26734
new file mode 100644
index 00000000..05dcf1e4
--- /dev/null
+++ b/retired/CVE-2024-26734
@@ -0,0 +1,16 @@
+Description: devlink: fix possible use-after-free and memory leaks in devlink_init()
+References:
+Notes:
+ carnil> Introduced in 687125b5799c ("devlink: split out core code"). Vulnerable
+ carnil> versions: 6.3-rc1.
+Bugs:
+upstream: released (6.8-rc6) [def689fc26b9a9622d2e2cb0c4933dd3b1c8071c]
+6.7-upstream-stable: released (6.7.7) [e91d3561e28d7665f4f837880501dc8755f635a9]
+6.6-upstream-stable: released (6.6.19) [919092bd5482b7070ae66d1daef73b600738f3a2]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26738 b/retired/CVE-2024-26738
new file mode 100644
index 00000000..4c8b8f93
--- /dev/null
+++ b/retired/CVE-2024-26738
@@ -0,0 +1,16 @@
+Description: powerpc/pseries/iommu: DLPAR add doesn't completely initialize pci_controller
+References:
+Notes:
+ carnil> Introduced in a940904443e4 ("powerpc/iommu: Add iommu_ops to report
+ carnil> capabilities and allow blocking domains"). Vulnerable versions: 6.4-rc1.
+Bugs:
+upstream: released (6.8-rc6) [a5c57fd2e9bd1c8ea8613a8f94fd0be5eccbf321]
+6.7-upstream-stable: released (6.7.7) [46e36ebd5e00a148b67ed77c1d31675996f77c25]
+6.6-upstream-stable: released (6.6.19) [b8315b2e25b4e68e42fcb74630f824b9a5067765]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26746 b/retired/CVE-2024-26746
new file mode 100644
index 00000000..4c264661
--- /dev/null
+++ b/retired/CVE-2024-26746
@@ -0,0 +1,16 @@
+Description: dmaengine: idxd: Ensure safe user copy of completion record
+References:
+Notes:
+ carnil> Introduced in c2f156bf168f ("dmaengine: idxd: create kmem cache for event log
+ carnil> fault items"). Vulnerable versions: 6.4-rc1.
+Bugs:
+upstream: released (6.8-rc7) [d3ea125df37dc37972d581b74a5d3785c3f283ab]
+6.7-upstream-stable: released (6.7.9) [bb71e040323175e18c233a9afef32ba14fa64eb7]
+6.6-upstream-stable: released (6.6.21) [5e3022ea42e490a36ec6f2cfa6fc603deb0bace4]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.9-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26755 b/retired/CVE-2024-26755
new file mode 100644
index 00000000..16908f87
--- /dev/null
+++ b/retired/CVE-2024-26755
@@ -0,0 +1,16 @@
+Description: md: Don't suspend the array for interrupted reshape
+References:
+Notes:
+ carnil> Introduced in bc08041b32ab ("md: suspend array in md_start_sync() if array need
+ carnil> reconfiguration"). Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.8-rc6) [9e46c70e829bddc24e04f963471e9983a11598b7]
+6.7-upstream-stable: released (6.7.7) [60d6130d0ac1d883ed93c2a1e10aadb60967fd48]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26762 b/retired/CVE-2024-26762
new file mode 100644
index 00000000..0ffef89e
--- /dev/null
+++ b/retired/CVE-2024-26762
@@ -0,0 +1,16 @@
+Description: cxl/pci: Skip to handle RAS errors if CXL.mem device is detached
+References:
+Notes:
+ carnil> Introduced in 6ac07883dbb5 ("cxl/pci: Add RCH downstream port error logging").
+ carnil> Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.8-rc6) [eef5c7b28dbecd6b141987a96db6c54e49828102]
+6.7-upstream-stable: released (6.7.7) [21e5e84f3f63fdf44e49642a6e45cd895e921a84]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26784 b/retired/CVE-2024-26784
new file mode 100644
index 00000000..c7d9909c
--- /dev/null
+++ b/retired/CVE-2024-26784
@@ -0,0 +1,16 @@
+Description: pmdomain: arm: Fix NULL dereference on scmi_perf_domain removal
+References:
+Notes:
+ carnil> Introduced in 2af23ceb8624 ("pmdomain: arm: Add the SCMI performance domain").
+ carnil> Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.8-rc7) [eb5555d422d0fc325e1574a7353d3c616f82d8b5]
+6.7-upstream-stable: released (6.7.9) [f6aaf131e4d4a9a26040ecc018eb70ab8b3d355d]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.9-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26786 b/retired/CVE-2024-26786
new file mode 100644
index 00000000..150270ce
--- /dev/null
+++ b/retired/CVE-2024-26786
@@ -0,0 +1,16 @@
+Description: iommufd: Fix iopt_access_list_id overwrite bug
+References:
+Notes:
+ carnil> Introduced in 9227da7816dd ("iommufd: Add iommufd_access_change_ioas(_id)
+ carnil> helpers"). Vulnerable versions: 6.6-rc1.
+Bugs:
+upstream: released (6.8-rc7) [aeb004c0cd6958e910123a1607634401009c9539]
+6.7-upstream-stable: released (6.7.9) [9526a46cc0c378d381560279bea9aa34c84298a0]
+6.6-upstream-stable: released (6.6.21) [f1fb745ee0a6fe43f1d84ec369c7e6af2310fda9]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.9-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26794 b/retired/CVE-2024-26794
new file mode 100644
index 00000000..102aa26f
--- /dev/null
+++ b/retired/CVE-2024-26794
@@ -0,0 +1,16 @@
+Description: btrfs: fix race between ordered extent completion and fiemap
+References:
+Notes:
+ carnil> Introduced in b0ad381fa769 ("btrfs: fix deadlock with fiemap and extent
+ carnil> locking"). Vulnerable versions: 6.6.24 6.7.12 6.8-rc6.
+Bugs:
+upstream: released (6.8-rc7) [a1a4a9ca77f143c00fce69c1239887ff8b813bec]
+6.7-upstream-stable: released (6.7.9) [31d07a757c6d3430e03cc22799921569999b9a12]
+6.6-upstream-stable: released (6.6.21) [d43f8e58f10a44df8c08e7f7076f3288352cd168]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.9-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26796 b/retired/CVE-2024-26796
new file mode 100644
index 00000000..ed7b29aa
--- /dev/null
+++ b/retired/CVE-2024-26796
@@ -0,0 +1,16 @@
+Description: drivers: perf: ctr_get_width function for legacy is not defined
+References:
+Notes:
+ carnil> Introduced in cc4c07c89aad ("drivers: perf: Implement perf event mmap support
+ carnil> in the SBI backend"). Vulnerable versions: 6.6-rc1.
+Bugs:
+upstream: released (6.8-rc7) [682dc133f83e0194796e6ea72eb642df1c03dfbe]
+6.7-upstream-stable: released (6.7.9) [e4f50e85de5a6b21dfdc0d7ca435eba4f62935c3]
+6.6-upstream-stable: released (6.6.21) [e0d17ee872cf8d0f51cc561329b8e1a0aa792bbb]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.9-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26797 b/retired/CVE-2024-26797
new file mode 100644
index 00000000..fedc128c
--- /dev/null
+++ b/retired/CVE-2024-26797
@@ -0,0 +1,16 @@
+Description: drm/amd/display: Prevent potential buffer overflow in map_hw_resources
+References:
+Notes:
+ carnil> Introduced in 7966f319c66d ("drm/amd/display: Introduce DML2"). Vulnerable
+ carnil> versions: 6.7-rc1.
+Bugs:
+upstream: released (6.8-rc7) [0f8ca019544a252d1afb468ce840c6dcbac73af4]
+6.7-upstream-stable: released (6.7.9) [50a6302cf881f67f1410461a68fe9eabd00ff31d]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.9-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26806 b/retired/CVE-2024-26806
new file mode 100644
index 00000000..dcc826f3
--- /dev/null
+++ b/retired/CVE-2024-26806
@@ -0,0 +1,16 @@
+Description: spi: cadence-qspi: remove system-wide suspend helper calls from runtime PM hooks
+References:
+Notes:
+ carnil> Introduced in 0578a6dbfe75 ("spi: spi-cadence-quadspi: add runtime pm
+ carnil> support"). Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.8-rc7) [959043afe53ae80633e810416cee6076da6e91c6]
+6.7-upstream-stable: released (6.7.9) [041562ebc4759c9932b59a06527f8753b86da365]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.9-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
author	Salvatore Bonaccorso <carnil@debian.org>	2024-04-10 22:00:29 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2024-04-10 22:00:29 +0200
commit	36b6da22cc336b7572fb13260eb9c77e5155f1bd (patch)
tree	34c71238a933f8c06e45d786d0fc96f2f782ea8a /retired
parent	688f5248fc745b1897b7d556a57760a334f7ad42 (diff)