diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2019-04-27 10:35:38 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2019-04-27 10:35:38 +0200 |
commit | 50515be306d26f92c0642de9596d03122cc4f998 (patch) | |
tree | 0e5d9176291ecfd7635d2c9f1bd87ae57ebe02d4 /retired | |
parent | 6b4c46d0edfd7627200d062f594db50583bffd44 (diff) |
Retire several CVEs
Diffstat (limited to 'retired')
-rw-r--r-- | retired/CVE-2018-14625 | 12 | ||||
-rw-r--r-- | retired/CVE-2018-16884 | 16 | ||||
-rw-r--r-- | retired/CVE-2018-19824 | 14 | ||||
-rw-r--r-- | retired/CVE-2018-19985 | 11 | ||||
-rw-r--r-- | retired/CVE-2018-20169 | 11 | ||||
-rw-r--r-- | retired/CVE-2019-3701 | 15 | ||||
-rw-r--r-- | retired/CVE-2019-3819 | 19 | ||||
-rw-r--r-- | retired/CVE-2019-6974 | 14 | ||||
-rw-r--r-- | retired/CVE-2019-7221 | 14 | ||||
-rw-r--r-- | retired/CVE-2019-7222 | 14 | ||||
-rw-r--r-- | retired/CVE-2019-8980 | 15 |
11 files changed, 155 insertions, 0 deletions
diff --git a/retired/CVE-2018-14625 b/retired/CVE-2018-14625 new file mode 100644 index 00000000..8342e806 --- /dev/null +++ b/retired/CVE-2018-14625 @@ -0,0 +1,12 @@ +Description: use-after-free Read in vhost_transport_send_pkt +References: + https://syzkaller.appspot.com/bug?extid=bd391451452fb0b93039 +Notes: +Bugs: +upstream: released (4.20-rc6) [834e772c8db0c6a275d75315d90aba4ebbb1e249] +4.19-upstream-stable: released (4.19.9) [f9cd25b1e5e575a5f18547bdc04ea40a23ad511a] +4.9-upstream-stable: released (4.9.145) [569fc4ffb5de8f12fe01759f0b85098b7b9bba8e] +3.16-upstream-stable: N/A "Vulnerable code not present" +sid: released (4.19.9-1) +4.9-stretch-security: released (4.9.161-1) +3.16-jessie-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2018-16884 b/retired/CVE-2018-16884 new file mode 100644 index 00000000..41d7140e --- /dev/null +++ b/retired/CVE-2018-16884 @@ -0,0 +1,16 @@ +Description: nfs: use-after-free in svc_process_common() +References: + https://bugzilla.redhat.com/show_bug.cgi?id=1660375 + https://patchwork.kernel.org/cover/10733767/ + https://patchwork.kernel.org/patch/10733769/ +Notes: + carnil> Commit fixes 23c20ecd4475 (3.7-rc1), check if this + carnil> is commit introducing the issue itself. +Bugs: +upstream: released (5.0-rc1) [d4b09acf924b84bae77cad090a9d108e70b43643] +4.19-upstream-stable: released (4.19.16) [44e7bab39f877c9c095bfaaee943b0807574a7f7] +4.9-upstream-stable: released (4.9.151) [37c791a031ece3afeb9c8b023397473a5349f171] +3.16-upstream-stable: released (3.16.64) [801f9d2fb42e450a67f83c18fd5d8450ad29224f] +sid: released (4.19.16-1) +4.9-stretch-security: released (4.9.161-1) +3.16-jessie-security: released (3.16.64-1) diff --git a/retired/CVE-2018-19824 b/retired/CVE-2018-19824 new file mode 100644 index 00000000..a47f185a --- /dev/null +++ b/retired/CVE-2018-19824 @@ -0,0 +1,14 @@ +Description: ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c +References: + https://bugzilla.suse.com/show_bug.cgi?id=1118152 + https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=5f8cf712582617d523120df67d392059eaf2fc4b +Notes: + carnil> Commit fixes 362e4e49abe53e89d87455dfcd7c1bbaf08a839d (3.1-rc8) +Bugs: +upstream: released (4.20-rc6) [5f8cf712582617d523120df67d392059eaf2fc4b] +4.19-upstream-stable: released (4.19.9) [a7e719ace75e4451b7958cb73cbc12c627760007] +4.9-upstream-stable: released (4.9.145) [73000a4cec933fd331224df79df731ea929bb85c] +3.16-upstream-stable: released (3.16.63) [1c38b9d9e74a24a8ed9089429031f6d7721b6df0] +sid: released (4.19.9-1) +4.9-stretch-security: released (4.9.161-1) +3.16-jessie-security: released (3.16.64-1) diff --git a/retired/CVE-2018-19985 b/retired/CVE-2018-19985 new file mode 100644 index 00000000..7ef41597 --- /dev/null +++ b/retired/CVE-2018-19985 @@ -0,0 +1,11 @@ +Description: USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data +References: +Notes: +Bugs: +upstream: released (4.20) [5146f95df782b0ac61abde36567e718692725c89] +4.19-upstream-stable: released (4.19.13) [8f980122236c1fc8e11ffb57ec73315d01dc88e0] +4.9-upstream-stable: released (4.9.148) [5501175cb1975239add62a521cfbedcf76b93d8d] +3.16-upstream-stable: released (3.16.64) [2d955f32f4ab31294447a01cf401cec2cef9013e] +sid: released (4.19.13-1) +4.9-stretch-security: released (4.9.161-1) +3.16-jessie-security: released (3.16.64-1) diff --git a/retired/CVE-2018-20169 b/retired/CVE-2018-20169 new file mode 100644 index 00000000..5619236e --- /dev/null +++ b/retired/CVE-2018-20169 @@ -0,0 +1,11 @@ +Description: USB: check usb_get_extra_descriptor for proper size +References: +Notes: +Bugs: +upstream: released (4.20-rc6) [704620afc70cf47abb9d6a1a57f3825d2bca49cf] +4.19-upstream-stable: released (4.19.9) [1b2e742bf7230ce04cda5b7348f922174bef2d7a] +4.9-upstream-stable: released (4.9.145) [fe26b8d06e965239795bee0a71c9073bed931716] +3.16-upstream-stable: released (3.16.63) [f8860a91d7538022c1c3f0bdddeec9a9d83e0c09] +sid: released (4.19.9-1) +4.9-stretch-security: released (4.9.161-1) +3.16-jessie-security: released (3.16.64-1) diff --git a/retired/CVE-2019-3701 b/retired/CVE-2019-3701 new file mode 100644 index 00000000..e49522aa --- /dev/null +++ b/retired/CVE-2019-3701 @@ -0,0 +1,15 @@ +Description: crash in CAN driver +References: + https://bugzilla.suse.com/show_bug.cgi?id=1120386 + https://marc.info/?l=linux-netdev&m=154651842302479&w=2 +Notes: + carnil> unprivileged user namespaces might be needed to exploit the bug, + carnil> but needs to be checked. +Bugs: +upstream: released (5.0-rc3) [0aaa81377c5a01f686bcdb8c7a6929a7bf330c68] +4.19-upstream-stable: released (4.19.17) [8db82a6f2b76d42ec2615f8def6e797e064e7822] +4.9-upstream-stable: released (4.9.152) [d379b338387e3d5a9b5ebe5ab16656a9c65c988d] +3.16-upstream-stable: released (3.16.64) [1c7dcfd106f42f09e3b7520c26e6eee70a939928] +sid: released (4.19.20-1) +4.9-stretch-security: released (4.9.161-1) +3.16-jessie-security: released (3.16.64-1) diff --git a/retired/CVE-2019-3819 b/retired/CVE-2019-3819 new file mode 100644 index 00000000..51079197 --- /dev/null +++ b/retired/CVE-2019-3819 @@ -0,0 +1,19 @@ +Description: infinite loop in drivers/hid/hid-debug.c:hid_debug_events_read() +References: + https://bugzilla.redhat.com/show_bug.cgi?id=1669187 + https://lore.kernel.org/lkml/20190125095744.3813-1-vdronov@redhat.com/T/#u + https://marc.info/?l=linux-input&m=154841031101012&w=2 + https://git.kernel.org/pub/scm/linux/kernel/git/hid/hid.git/commit/?h=for-5.0/upstream-fixes&id=13054abbaa4f1fd4e6f3b4b63439ec033b4c8035 +Notes: + carnil> Introduced by: 717adfdaf14704fd3ec7fa2c04520c0723247eac (4.18-rc5) + carnil> was backported as 4a30c12542290f1def08b9ef0d677c024c500589 to + carnil> 4.9.112, e44ab03f41ba55e181f4ed64e546feac8f8e69dc to 3.16.59 + carnil> But need further check if issues only introduced by this commit. +Bugs: +upstream: released (5.0-rc6) [13054abbaa4f1fd4e6f3b4b63439ec033b4c8035] +4.19-upstream-stable: released (4.19.21) [c70374ce418e7ae9276d3dc26aed0301e4da5e35] +4.9-upstream-stable: released (4.9.157) [64a9f5f2e45b7241bd753b6cd57a8249a7e52639] +3.16-upstream-stable: released (3.16.64) [7c7839e0f66ae0119b2e4d3d9465adbaba1df4b4] +sid: released (4.19.20-1) [bugfix/all/HID-debug-fix-the-ring-buffer-implementation.patch] +4.9-stretch-security: released (4.9.161-1) +3.16-jessie-security: released (3.16.64-1) diff --git a/retired/CVE-2019-6974 b/retired/CVE-2019-6974 new file mode 100644 index 00000000..f383356b --- /dev/null +++ b/retired/CVE-2019-6974 @@ -0,0 +1,14 @@ +Description: kvm: fix kvm_ioctl_create_device() reference counting + https://bugzilla.redhat.com/show_bug.cgi?id=1671913 + https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=cfa39381173d5f969daf43582c95ad679189cbc9 +References: +Notes: + carnil> Commit fixes 852b6d57dc7f ("kvm: add device control API") (3.10-rc1) +Bugs: +upstream: released (5.0-rc6) [cfa39381173d5f969daf43582c95ad679189cbc9] +4.19-upstream-stable: released (4.19.21) [24b027d2b1386da03aafb2aaac69d4fa67ee7d9c] +4.9-upstream-stable: released (4.9.156) [0c42df1f9f82f73ebc6c0f54b1df295ffc5a7b4b] +3.16-upstream-stable: released (3.16.64) [2aa9f75791601aab7bd02b8783aa9a8f5105f68f] +sid: released (4.19.20-1) [bugfix/all/kvm-fix-kvm_ioctl_create_device-reference-counting-C.patch] +4.9-stretch-security: released (4.9.161-1) +3.16-jessie-security: released (3.16.64-1) diff --git a/retired/CVE-2019-7221 b/retired/CVE-2019-7221 new file mode 100644 index 00000000..d0c34281 --- /dev/null +++ b/retired/CVE-2019-7221 @@ -0,0 +1,14 @@ +Description: KVM: nVMX: unconditionally cancel preemption timer in free_nested +References: + https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f + https://bugzilla.redhat.com/show_bug.cgi?id=1671904 + https://bugs.chromium.org/p/project-zero/issues/detail?id=1760 +Notes: +Bugs: +upstream: released (5.0-rc6) [ecec76885bcfe3294685dc363fd1273df0d5d65f] +4.19-upstream-stable: released (4.19.21) [236fd677125f974aaf39f09074d226a884b4fe0e] +4.9-upstream-stable: released (4.9.156) [a2c34d20660f24a40b46d0d341547b84f3fff3b0] +3.16-upstream-stable: released (3.16.64) [69c7b3bb99c621f44fb46c20ccef737e86e1c5c8] +sid: released (4.19.20-1) [bugfix/x86/KVM-nVMX-unconditionally-cancel-preemption-timer-in-.patch] +4.9-stretch-security: released (4.9.161-1) +3.16-jessie-security: released (3.16.64-1) diff --git a/retired/CVE-2019-7222 b/retired/CVE-2019-7222 new file mode 100644 index 00000000..60d0de13 --- /dev/null +++ b/retired/CVE-2019-7222 @@ -0,0 +1,14 @@ +Description: KVM: x86: work around leak of uninitialized stack contents +References: + https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=353c0956a618a07ba4bbe7ad00ff29fe70e8412a + https://bugzilla.redhat.com/show_bug.cgi?id=1671930 + https://bugs.chromium.org/p/project-zero/issues/detail?id=1759 +Notes: +Bugs: +upstream: released (5.0-rc6) [353c0956a618a07ba4bbe7ad00ff29fe70e8412a] +4.19-upstream-stable: released (4.19.21) [5a45d3720b5437515f8c094f1c3d61f6afe211c1] +4.9-upstream-stable: released (4.9.156) [f5c61e4f6b5a1cc66c61eb68334f725031948a7e] +3.16-upstream-stable: released (3.16.64) [234a2dee1b06502face184e241e03582d7946f80] +sid: released (4.19.20-1) [bugfix/x86/KVM-x86-work-around-leak-of-uninitialized-stack-cont.patch] +4.9-stretch-security: released (4.9.161-1) +3.16-jessie-security: released (3.16.64-1) diff --git a/retired/CVE-2019-8980 b/retired/CVE-2019-8980 new file mode 100644 index 00000000..dcd832d5 --- /dev/null +++ b/retired/CVE-2019-8980 @@ -0,0 +1,15 @@ +Description: memory leak in the kernel_read_file function in fs/exec.c +References: + https://lore.kernel.org/lkml/20190219021038.11340-1-yuehaibing@huawei.com/ + https://lore.kernel.org/lkml/20190219022512.GW2217@ZenIV.linux.org.uk/ +Notes: + carnil> Commit Fixes: 39d637af5aa7 ("vfs: forbid write access when + carnil> reading a file into memory") which is in 4.7-rc1 +Bugs: +upstream: released (5.1-rc1) [f612acfae86af7ecad754ae6a46019be9da05b8e] +4.19-upstream-stable: released (4.19.28) [b60d90b2d3d14c426693a0a34041db11be66d29e] +4.9-upstream-stable: released (4.9.163) [dd6734e17903f16a47c78d0418f02e06df080c54] +3.16-upstream-stable: N/A "Vulnerable code not present" +sid: released (4.19.28-1) +4.9-stretch-security: released (4.9.168-1) +3.16-jessie-security: N/A "Vulnerable code not present" |