Retire several CVEs

author: Salvatore Bonaccorso <carnil@debian.org> 2019-04-27 10:35:38 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2019-04-27 10:35:38 +0200
commit: 50515be306d26f92c0642de9596d03122cc4f998 (patch)
tree: 0e5d9176291ecfd7635d2c9f1bd87ae57ebe02d4 /retired
parent: 6b4c46d0edfd7627200d062f594db50583bffd44 (diff)
11 files changed, 155 insertions, 0 deletions
diff --git a/retired/CVE-2018-14625 b/retired/CVE-2018-14625
new file mode 100644
index 00000000..8342e806
--- /dev/null
+++ b/retired/CVE-2018-14625
@@ -0,0 +1,12 @@
+Description: use-after-free Read in vhost_transport_send_pkt
+References:
+ https://syzkaller.appspot.com/bug?extid=bd391451452fb0b93039
+Notes:
+Bugs:
+upstream: released (4.20-rc6) [834e772c8db0c6a275d75315d90aba4ebbb1e249]
+4.19-upstream-stable: released (4.19.9) [f9cd25b1e5e575a5f18547bdc04ea40a23ad511a]
+4.9-upstream-stable: released (4.9.145) [569fc4ffb5de8f12fe01759f0b85098b7b9bba8e]
+3.16-upstream-stable: N/A "Vulnerable code not present"
+sid: released (4.19.9-1)
+4.9-stretch-security: released (4.9.161-1)
+3.16-jessie-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2018-16884 b/retired/CVE-2018-16884
new file mode 100644
index 00000000..41d7140e
--- /dev/null
+++ b/retired/CVE-2018-16884
@@ -0,0 +1,16 @@
+Description: nfs: use-after-free in svc_process_common()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1660375
+ https://patchwork.kernel.org/cover/10733767/
+ https://patchwork.kernel.org/patch/10733769/
+Notes:
+ carnil> Commit fixes 23c20ecd4475 (3.7-rc1), check if this
+ carnil> is commit introducing the issue itself.
+Bugs:
+upstream: released (5.0-rc1) [d4b09acf924b84bae77cad090a9d108e70b43643]
+4.19-upstream-stable: released (4.19.16) [44e7bab39f877c9c095bfaaee943b0807574a7f7]
+4.9-upstream-stable: released (4.9.151) [37c791a031ece3afeb9c8b023397473a5349f171]
+3.16-upstream-stable: released (3.16.64) [801f9d2fb42e450a67f83c18fd5d8450ad29224f]
+sid: released (4.19.16-1)
+4.9-stretch-security: released (4.9.161-1)
+3.16-jessie-security: released (3.16.64-1)
diff --git a/retired/CVE-2018-19824 b/retired/CVE-2018-19824
new file mode 100644
index 00000000..a47f185a
--- /dev/null
+++ b/retired/CVE-2018-19824
@@ -0,0 +1,14 @@
+Description: ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c
+References:
+ https://bugzilla.suse.com/show_bug.cgi?id=1118152
+ https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=5f8cf712582617d523120df67d392059eaf2fc4b
+Notes:
+ carnil> Commit fixes 362e4e49abe53e89d87455dfcd7c1bbaf08a839d (3.1-rc8)
+Bugs:
+upstream: released (4.20-rc6) [5f8cf712582617d523120df67d392059eaf2fc4b]
+4.19-upstream-stable: released (4.19.9) [a7e719ace75e4451b7958cb73cbc12c627760007]
+4.9-upstream-stable: released (4.9.145) [73000a4cec933fd331224df79df731ea929bb85c]
+3.16-upstream-stable: released (3.16.63) [1c38b9d9e74a24a8ed9089429031f6d7721b6df0]
+sid: released (4.19.9-1)
+4.9-stretch-security: released (4.9.161-1)
+3.16-jessie-security: released (3.16.64-1)
diff --git a/retired/CVE-2018-19985 b/retired/CVE-2018-19985
new file mode 100644
index 00000000..7ef41597
--- /dev/null
+++ b/retired/CVE-2018-19985
@@ -0,0 +1,11 @@
+Description: USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data
+References:
+Notes:
+Bugs:
+upstream: released (4.20) [5146f95df782b0ac61abde36567e718692725c89]
+4.19-upstream-stable: released (4.19.13) [8f980122236c1fc8e11ffb57ec73315d01dc88e0]
+4.9-upstream-stable: released (4.9.148) [5501175cb1975239add62a521cfbedcf76b93d8d]
+3.16-upstream-stable: released (3.16.64) [2d955f32f4ab31294447a01cf401cec2cef9013e]
+sid: released (4.19.13-1)
+4.9-stretch-security: released (4.9.161-1)
+3.16-jessie-security: released (3.16.64-1)
diff --git a/retired/CVE-2018-20169 b/retired/CVE-2018-20169
new file mode 100644
index 00000000..5619236e
--- /dev/null
+++ b/retired/CVE-2018-20169
@@ -0,0 +1,11 @@
+Description: USB: check usb_get_extra_descriptor for proper size
+References:
+Notes:
+Bugs:
+upstream: released (4.20-rc6) [704620afc70cf47abb9d6a1a57f3825d2bca49cf]
+4.19-upstream-stable: released (4.19.9) [1b2e742bf7230ce04cda5b7348f922174bef2d7a]
+4.9-upstream-stable: released (4.9.145) [fe26b8d06e965239795bee0a71c9073bed931716]
+3.16-upstream-stable: released (3.16.63) [f8860a91d7538022c1c3f0bdddeec9a9d83e0c09]
+sid: released (4.19.9-1)
+4.9-stretch-security: released (4.9.161-1)
+3.16-jessie-security: released (3.16.64-1)
diff --git a/retired/CVE-2019-3701 b/retired/CVE-2019-3701
new file mode 100644
index 00000000..e49522aa
--- /dev/null
+++ b/retired/CVE-2019-3701
@@ -0,0 +1,15 @@
+Description: crash in CAN driver 
+References:
+ https://bugzilla.suse.com/show_bug.cgi?id=1120386
+ https://marc.info/?l=linux-netdev&m=154651842302479&w=2
+Notes:
+ carnil> unprivileged user namespaces might be needed to exploit the bug,
+ carnil> but needs to be checked.
+Bugs:
+upstream: released (5.0-rc3) [0aaa81377c5a01f686bcdb8c7a6929a7bf330c68]
+4.19-upstream-stable: released (4.19.17) [8db82a6f2b76d42ec2615f8def6e797e064e7822]
+4.9-upstream-stable: released (4.9.152) [d379b338387e3d5a9b5ebe5ab16656a9c65c988d]
+3.16-upstream-stable: released (3.16.64) [1c7dcfd106f42f09e3b7520c26e6eee70a939928]
+sid: released (4.19.20-1)
+4.9-stretch-security: released (4.9.161-1)
+3.16-jessie-security: released (3.16.64-1)
diff --git a/retired/CVE-2019-3819 b/retired/CVE-2019-3819
new file mode 100644
index 00000000..51079197
--- /dev/null
+++ b/retired/CVE-2019-3819
@@ -0,0 +1,19 @@
+Description: infinite loop in drivers/hid/hid-debug.c:hid_debug_events_read()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1669187
+ https://lore.kernel.org/lkml/20190125095744.3813-1-vdronov@redhat.com/T/#u
+ https://marc.info/?l=linux-input&m=154841031101012&w=2
+ https://git.kernel.org/pub/scm/linux/kernel/git/hid/hid.git/commit/?h=for-5.0/upstream-fixes&id=13054abbaa4f1fd4e6f3b4b63439ec033b4c8035
+Notes:
+ carnil> Introduced by: 717adfdaf14704fd3ec7fa2c04520c0723247eac (4.18-rc5)
+ carnil> was backported as 4a30c12542290f1def08b9ef0d677c024c500589 to
+ carnil> 4.9.112, e44ab03f41ba55e181f4ed64e546feac8f8e69dc to 3.16.59
+ carnil> But need further check if issues only introduced by this commit.
+Bugs:
+upstream: released (5.0-rc6) [13054abbaa4f1fd4e6f3b4b63439ec033b4c8035]
+4.19-upstream-stable: released (4.19.21) [c70374ce418e7ae9276d3dc26aed0301e4da5e35]
+4.9-upstream-stable: released (4.9.157) [64a9f5f2e45b7241bd753b6cd57a8249a7e52639]
+3.16-upstream-stable: released (3.16.64) [7c7839e0f66ae0119b2e4d3d9465adbaba1df4b4]
+sid: released (4.19.20-1) [bugfix/all/HID-debug-fix-the-ring-buffer-implementation.patch]
+4.9-stretch-security: released (4.9.161-1)
+3.16-jessie-security: released (3.16.64-1)
diff --git a/retired/CVE-2019-6974 b/retired/CVE-2019-6974
new file mode 100644
index 00000000..f383356b
--- /dev/null
+++ b/retired/CVE-2019-6974
@@ -0,0 +1,14 @@
+Description: kvm: fix kvm_ioctl_create_device() reference counting
+ https://bugzilla.redhat.com/show_bug.cgi?id=1671913
+ https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=cfa39381173d5f969daf43582c95ad679189cbc9
+References:
+Notes:
+ carnil> Commit fixes 852b6d57dc7f ("kvm: add device control API") (3.10-rc1)
+Bugs:
+upstream: released (5.0-rc6) [cfa39381173d5f969daf43582c95ad679189cbc9]
+4.19-upstream-stable: released (4.19.21) [24b027d2b1386da03aafb2aaac69d4fa67ee7d9c]
+4.9-upstream-stable: released (4.9.156) [0c42df1f9f82f73ebc6c0f54b1df295ffc5a7b4b]
+3.16-upstream-stable: released (3.16.64) [2aa9f75791601aab7bd02b8783aa9a8f5105f68f]
+sid: released (4.19.20-1) [bugfix/all/kvm-fix-kvm_ioctl_create_device-reference-counting-C.patch]
+4.9-stretch-security: released (4.9.161-1)
+3.16-jessie-security: released (3.16.64-1)
diff --git a/retired/CVE-2019-7221 b/retired/CVE-2019-7221
new file mode 100644
index 00000000..d0c34281
--- /dev/null
+++ b/retired/CVE-2019-7221
@@ -0,0 +1,14 @@
+Description: KVM: nVMX: unconditionally cancel preemption timer in free_nested 
+References:
+ https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f
+ https://bugzilla.redhat.com/show_bug.cgi?id=1671904
+ https://bugs.chromium.org/p/project-zero/issues/detail?id=1760
+Notes:
+Bugs:
+upstream: released (5.0-rc6) [ecec76885bcfe3294685dc363fd1273df0d5d65f]
+4.19-upstream-stable: released (4.19.21) [236fd677125f974aaf39f09074d226a884b4fe0e]
+4.9-upstream-stable: released (4.9.156) [a2c34d20660f24a40b46d0d341547b84f3fff3b0]
+3.16-upstream-stable: released (3.16.64) [69c7b3bb99c621f44fb46c20ccef737e86e1c5c8]
+sid: released (4.19.20-1) [bugfix/x86/KVM-nVMX-unconditionally-cancel-preemption-timer-in-.patch]
+4.9-stretch-security: released (4.9.161-1)
+3.16-jessie-security: released (3.16.64-1)
diff --git a/retired/CVE-2019-7222 b/retired/CVE-2019-7222
new file mode 100644
index 00000000..60d0de13
--- /dev/null
+++ b/retired/CVE-2019-7222
@@ -0,0 +1,14 @@
+Description: KVM: x86: work around leak of uninitialized stack contents
+References:
+ https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=353c0956a618a07ba4bbe7ad00ff29fe70e8412a
+ https://bugzilla.redhat.com/show_bug.cgi?id=1671930
+ https://bugs.chromium.org/p/project-zero/issues/detail?id=1759
+Notes:
+Bugs:
+upstream: released (5.0-rc6) [353c0956a618a07ba4bbe7ad00ff29fe70e8412a]
+4.19-upstream-stable: released (4.19.21) [5a45d3720b5437515f8c094f1c3d61f6afe211c1]
+4.9-upstream-stable: released (4.9.156) [f5c61e4f6b5a1cc66c61eb68334f725031948a7e]
+3.16-upstream-stable: released (3.16.64) [234a2dee1b06502face184e241e03582d7946f80]
+sid: released (4.19.20-1) [bugfix/x86/KVM-x86-work-around-leak-of-uninitialized-stack-cont.patch]
+4.9-stretch-security: released (4.9.161-1)
+3.16-jessie-security: released (3.16.64-1)
diff --git a/retired/CVE-2019-8980 b/retired/CVE-2019-8980
new file mode 100644
index 00000000..dcd832d5
--- /dev/null
+++ b/retired/CVE-2019-8980
@@ -0,0 +1,15 @@
+Description: memory leak in the kernel_read_file function in fs/exec.c
+References:
+ https://lore.kernel.org/lkml/20190219021038.11340-1-yuehaibing@huawei.com/
+ https://lore.kernel.org/lkml/20190219022512.GW2217@ZenIV.linux.org.uk/
+Notes:
+ carnil> Commit Fixes: 39d637af5aa7 ("vfs: forbid write access when
+ carnil> reading a file into memory") which is in 4.7-rc1
+Bugs:
+upstream: released (5.1-rc1) [f612acfae86af7ecad754ae6a46019be9da05b8e]
+4.19-upstream-stable: released (4.19.28) [b60d90b2d3d14c426693a0a34041db11be66d29e]
+4.9-upstream-stable: released (4.9.163) [dd6734e17903f16a47c78d0418f02e06df080c54]
+3.16-upstream-stable: N/A "Vulnerable code not present"
+sid: released (4.19.28-1)
+4.9-stretch-security: released (4.9.168-1)
+3.16-jessie-security: N/A "Vulnerable code not present"
author	Salvatore Bonaccorso <carnil@debian.org>	2019-04-27 10:35:38 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2019-04-27 10:35:38 +0200
commit	50515be306d26f92c0642de9596d03122cc4f998 (patch)
tree	0e5d9176291ecfd7635d2c9f1bd87ae57ebe02d4 /retired
parent	6b4c46d0edfd7627200d062f594db50583bffd44 (diff)