Retire many CVEs

author: Salvatore Bonaccorso <carnil@debian.org> 2024-04-29 20:53:28 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2024-04-29 20:53:28 +0200
commit: 58cfe4366ec42ead0e7051af35c4d339f0adaf62 (patch)
tree: 82c0b1a808430feb2752d4143106f8db9bcbb6e2 /retired
parent: 4ec58ba3413a354da4f0d015a6b51e187abd98a7 (diff)
33 files changed, 530 insertions, 0 deletions
diff --git a/retired/CVE-2022-48632 b/retired/CVE-2022-48632
new file mode 100644
index 00000000..cd0938e4
--- /dev/null
+++ b/retired/CVE-2022-48632
@@ -0,0 +1,16 @@
+Description: i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction()
+References:
+Notes:
+ carnil> Introduced in b5b5b32081cd206b ("i2c: mlxbf: I2C SMBus driver for Mellanox
+ carnil> BlueField SoC"). Vulnerable versions: 5.10-rc1.
+Bugs:
+upstream: released (6.0-rc7) [de24aceb07d426b6f1c59f33889d6a964770547b]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.146) [48ee0a864d1af02eea98fc825cc230d61517a71e]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.2-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-48635 b/retired/CVE-2022-48635
new file mode 100644
index 00000000..ec8882e9
--- /dev/null
+++ b/retired/CVE-2022-48635
@@ -0,0 +1,16 @@
+Description: fsdax: Fix infinite loop in dax_iomap_rw()
+References:
+Notes:
+ carnil> Introduced in ca289e0b95af ("fsdax: switch dax_iomap_rw to use iomap_iter").
+ carnil> Vulnerable versions: 5.15-rc1.
+Bugs:
+upstream: released (6.0-rc7) [17d9c15c9b9e7fb285f7ac5367dfb5f00ff575e3]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.2-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-48636 b/retired/CVE-2022-48636
new file mode 100644
index 00000000..67a567a1
--- /dev/null
+++ b/retired/CVE-2022-48636
@@ -0,0 +1,16 @@
+Description: s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup
+References:
+Notes:
+ carnil> Introduced in 8e09f21574ea ("[S390] dasd: add hyper PAV support to DASD device
+ carnil> driver, part 1"). Vulnerable versions: 2.6.25-rc1.
+Bugs:
+upstream: released (6.0-rc7) [db7ba07108a48c0f95b74fabbfd5d63e924f992d]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.146) [f5fcc9d6d71d9ff7fdbdd4b89074e6e24fffc20b]
+4.19-upstream-stable: released (4.19.260) [aaba5ff2742043705bc4c02fd0b2b246e2e16da1]
+sid: released (6.0.2-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: released (4.19.260-1)
diff --git a/retired/CVE-2022-48637 b/retired/CVE-2022-48637
new file mode 100644
index 00000000..848d05fb
--- /dev/null
+++ b/retired/CVE-2022-48637
@@ -0,0 +1,16 @@
+Description: bnxt: prevent skb UAF after handing over to PTP worker
+References:
+Notes:
+ carnil> Introduced in 83bb623c968e ("bnxt_en: Transmit and retrieve packet
+ carnil> timestamps"). Vulnerable versions: 5.14-rc1.
+Bugs:
+upstream: released (6.0-rc7) [c31f26c8f69f776759cbbdfb38e40ea91aa0dd65]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.2-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-48638 b/retired/CVE-2022-48638
new file mode 100644
index 00000000..5e946ca2
--- /dev/null
+++ b/retired/CVE-2022-48638
@@ -0,0 +1,16 @@
+Description: cgroup: cgroup_get_from_id() must check the looked-up kn is a directory
+References:
+Notes:
+ carnil> Introduced in 6b658c4863c1 ("scsi: cgroup: Add cgroup_get_from_id()").
+ carnil> Vulnerable versions: 5.14-rc1.
+Bugs:
+upstream: released (6.0-rc7) [df02452f3df069a59bc9e69c84435bf115cb6e37]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.2-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-48639 b/retired/CVE-2022-48639
new file mode 100644
index 00000000..6990910d
--- /dev/null
+++ b/retired/CVE-2022-48639
@@ -0,0 +1,16 @@
+Description: net: sched: fix possible refcount leak in tc_new_tfilter()
+References:
+Notes:
+ carnil> Introduced in 7d5509fa0d3d ("net: sched: extend proto ops with 'put'
+ carnil> callback"). Vulnerable versions: 5.1-rc1.
+Bugs:
+upstream: released (6.0-rc7) [c2e1cfefcac35e0eea229e148c8284088ce437b5]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.146) [8844c750eeb03452e2b3319c27a526f447b82596]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.2-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-48640 b/retired/CVE-2022-48640
new file mode 100644
index 00000000..5432ecd8
--- /dev/null
+++ b/retired/CVE-2022-48640
@@ -0,0 +1,16 @@
+Description: bonding: fix NULL deref in bond_rr_gen_slave_id
+References:
+Notes:
+ carnil> Introduced in 848ca9182a7d ("net: bonding: Use per-cpu rr_tx_counter").
+ carnil> Vulnerable versions: 5.14-rc1.
+Bugs:
+upstream: released (6.0-rc7) [0e400d602f46360752e4b32ce842dba3808e15e6]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.2-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-48641 b/retired/CVE-2022-48641
new file mode 100644
index 00000000..00876859
--- /dev/null
+++ b/retired/CVE-2022-48641
@@ -0,0 +1,17 @@
+Description: netfilter: ebtables: fix memory leak when blob is malformed
+References:
+Notes:
+ carnil> Introduced in 7997eff82828 ("netfilter: ebtables: reject blobs that don't
+ carnil> provide all entry points"). Vulnerable versions: 4.14.292 4.19.257 5.4.212
+ carnil> 5.10.140 5.15.64 5.19.6 6.0-rc3.
+Bugs:
+upstream: released (6.0-rc7) [62ce44c4fff947eebdf10bb582267e686e6835c9]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.146) [ebd97dbe3c55d68346b9c5fb00634a7f5b10bbee]
+4.19-upstream-stable: released (4.19.260) [1e98318af2f163eadaff815abcef38d27ca92c1e]
+sid: released (6.0.2-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: released (4.19.260-1)
diff --git a/retired/CVE-2022-48642 b/retired/CVE-2022-48642
new file mode 100644
index 00000000..6a1e6ea4
--- /dev/null
+++ b/retired/CVE-2022-48642
@@ -0,0 +1,16 @@
+Description: netfilter: nf_tables: fix percpu memory leak at nf_tables_addchain()
+References:
+Notes:
+ carnil> Introduced in 3bc158f8d0330f0a ("netfilter: nf_tables: map basechain priority
+ carnil> to hardware priority"). Vulnerable versions: 5.3-rc6.
+Bugs:
+upstream: released (6.0-rc7) [9a4d6dd554b86e65581ef6b6638a39ae079b17ac]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.146) [b043a525a3f5520abb676a7cd8f6328fdf959e88]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.2-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-48643 b/retired/CVE-2022-48643
new file mode 100644
index 00000000..8a6f65c3
--- /dev/null
+++ b/retired/CVE-2022-48643
@@ -0,0 +1,16 @@
+Description: netfilter: nf_tables: fix nft_counters_enabled underflow at nf_tables_addchain()
+References:
+Notes:
+ carnil> Introduced in 43eb8949cfdffa76 ("netfilter: nf_tables: do not leave chain stats
+ carnil> enabled on error"). Vulnerable versions: 5.10.140 5.15.64 5.19.6 6.0-rc3.
+Bugs:
+upstream: released (6.0-rc7) [921ebde3c0d22c8cba74ce8eb3cc4626abff1ccd]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.146) [710e3f526bd23a0d33435dedc52c3144de284378]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.2-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-48644 b/retired/CVE-2022-48644
new file mode 100644
index 00000000..baf1c5cc
--- /dev/null
+++ b/retired/CVE-2022-48644
@@ -0,0 +1,16 @@
+Description: net/sched: taprio: avoid disabling offload when it was never enabled
+References:
+Notes:
+ carnil> Introduced in 9c66d1564676 ("taprio: Add support for hardware offloading").
+ carnil> Vulnerable versions: 5.4-rc1.
+Bugs:
+upstream: released (6.0-rc7) [db46e3a88a09c5cf7e505664d01da7238cd56c92]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.146) [586def6ebed195f3594a4884f7c5334d0e1ad1bb]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.2-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-48647 b/retired/CVE-2022-48647
new file mode 100644
index 00000000..b0d02ef8
--- /dev/null
+++ b/retired/CVE-2022-48647
@@ -0,0 +1,17 @@
+Description: sfc: fix TX channel offset when using legacy interrupts
+References:
+Notes:
+ carnil> Introduced in c308dfd1b43e ("sfc: fix wrong tx channel offset with
+ carnil> efx_separate_tx_channels"). Vulnerable versions: 5.10.122 5.15.47 5.17.15
+ carnil> 5.18.4 5.19-rc1.
+Bugs:
+upstream: released (6.0-rc7) [f232af4295653afa4ade3230462b3be15ad16419]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.146) [b4afd3878f961d3517f27b3213730fceef77945c]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.2-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-48648 b/retired/CVE-2022-48648
new file mode 100644
index 00000000..9fd27857
--- /dev/null
+++ b/retired/CVE-2022-48648
@@ -0,0 +1,16 @@
+Description: sfc: fix null pointer dereference in efx_hard_start_xmit
+References:
+Notes:
+ carnil> Introduced in 12804793b17c ("sfc: decouple TXQ type from label"). Vulnerable
+ carnil> versions: 5.10-rc1.
+Bugs:
+upstream: released (6.0-rc7) [0a242eb2913a4aa3d6fbdb86559f27628e9466f3]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.146) [b3b41d4d95d3822b2e459ecbc80d030ea6aec5e7]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.2-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-48649 b/retired/CVE-2022-48649
new file mode 100644
index 00000000..f041dd69
--- /dev/null
+++ b/retired/CVE-2022-48649
@@ -0,0 +1,17 @@
+Description: mm/slab_common: fix possible double free of kmem_cache
+References:
+Notes:
+ carnil> Introduced in 0495e337b703 ("mm/slab_common: Deleting kobject in
+ carnil> kmem_cache_destroy() without holding slab_mutex/cpu_hotplug_lock"). Vulnerable
+ carnil> versions: 5.19.8 6.0-rc4.
+Bugs:
+upstream: released (6.0-rc7) [d71608a877362becdc94191f190902fac1e64d35]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.2-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-48650 b/retired/CVE-2022-48650
new file mode 100644
index 00000000..c86054d6
--- /dev/null
+++ b/retired/CVE-2022-48650
@@ -0,0 +1,16 @@
+Description: scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts()
+References:
+Notes:
+ carnil> Introduced in 8f394da36a36 ("scsi: qla2xxx: Drop
+ carnil> TARGET_SCF_LOOKUP_LUN_FROM_TAG"). Vulnerable versions: 5.11-rc1.
+Bugs:
+upstream: released (6.0-rc7) [601be20fc6a1b762044d2398befffd6bf236cebf]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.2-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-48651 b/retired/CVE-2022-48651
new file mode 100644
index 00000000..4e2090c9
--- /dev/null
+++ b/retired/CVE-2022-48651
@@ -0,0 +1,16 @@
+Description: ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header
+References:
+Notes:
+ carnil> Introduced in 2ad7bf363841 ("ipvlan: Initial check-in of the IPVLAN driver.").
+ carnil> Vulnerable versions: 3.19-rc1.
+Bugs:
+upstream: released (6.0-rc7) [81225b2ea161af48e093f58e8dfee6d705b16af4]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.146) [ab4a733874ead120691e8038272d22f8444d3638]
+4.19-upstream-stable: released (4.19.260) [bffcdade259c05ab3436b5fab711612093c275ef]
+sid: released (6.0.2-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: released (4.19.260-1)
diff --git a/retired/CVE-2022-48652 b/retired/CVE-2022-48652
new file mode 100644
index 00000000..ac8a790b
--- /dev/null
+++ b/retired/CVE-2022-48652
@@ -0,0 +1,16 @@
+Description: ice: Fix crash by keep old cfg when update TCs more than queues
+References:
+Notes:
+ carnil> Introduced in a632b2a4c920 ("ice: ethtool: Prohibit improper channel config for
+ carnil> DCB"). Vulnerable versions: 5.18.8 5.19-rc4.
+Bugs:
+upstream: released (6.0-rc7) [a509702cac95a8b450228a037c8542f57e538e5b]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.2-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-48653 b/retired/CVE-2022-48653
new file mode 100644
index 00000000..e7cbe9d5
--- /dev/null
+++ b/retired/CVE-2022-48653
@@ -0,0 +1,16 @@
+Description: ice: Don't double unplug aux on peer initiated reset
+References:
+Notes:
+ carnil> Introduced in f9f5301e7e2d4 ("ice: Register auxiliary device to provide RDMA").
+ carnil> Vulnerable versions: 5.14-rc1.
+Bugs:
+upstream: released (6.0-rc7) [23c619190318376769ad7b61504c2ea0703fb783]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.2-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-48654 b/retired/CVE-2022-48654
new file mode 100644
index 00000000..b2c07c44
--- /dev/null
+++ b/retired/CVE-2022-48654
@@ -0,0 +1,16 @@
+Description: netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find()
+References:
+Notes:
+ carnil> Introduced in 22c7652cdaa8 ("netfilter: nft_osf: Add version option support").
+ carnil> Vulnerable versions: 5.2-rc1.
+Bugs:
+upstream: released (6.0-rc7) [559c36c5a8d730c49ef805a72b213d3bba155cc8]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.146) [5d75fef3e61e797fab5c3fbba88caa74ab92ad47]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.2-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-48656 b/retired/CVE-2022-48656
new file mode 100644
index 00000000..08f24036
--- /dev/null
+++ b/retired/CVE-2022-48656
@@ -0,0 +1,16 @@
+Description: dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get()
+References:
+Notes:
+ carnil> Introduced in d70241913413 ("dmaengine: ti: k3-udma: Add glue layer for non
+ carnil> DMAengine users"). Vulnerable versions: 5.6-rc1.
+Bugs:
+upstream: released (6.0-rc7) [f9fdb0b86f087c2b7f6c6168dd0985a3c1eda87e]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.146) [aa11dae059a439af82bae541b134f8f53ac177b5]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.2-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-48657 b/retired/CVE-2022-48657
new file mode 100644
index 00000000..2855b89b
--- /dev/null
+++ b/retired/CVE-2022-48657
@@ -0,0 +1,16 @@
+Description: arm64: topology: fix possible overflow in amu_fie_setup()
+References:
+Notes:
+ carnil> Introduced in cd0ed03a8903 ("arm64: use activity monitors for frequency
+ carnil> invariance"). Vulnerable versions: 5.7-rc1.
+Bugs:
+upstream: released (6.0-rc7) [d4955c0ad77dbc684fc716387070ac24801b8bca]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.150) [904f881b57360cf85de962d84d8614d94431f60e]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.2-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.158-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-48658 b/retired/CVE-2022-48658
new file mode 100644
index 00000000..c03da401
--- /dev/null
+++ b/retired/CVE-2022-48658
@@ -0,0 +1,16 @@
+Description: mm: slub: fix flush_cpu_slab()/__free_slab() invocations in task context.
+References:
+Notes:
+ carnil> Introduced in 5a836bf6b09f ("mm: slub: move flush_cpu_slab() invocations
+ carnil> __free_slab() invocations out of IRQ context"). Vulnerable versions: 5.15-rc1.
+Bugs:
+upstream: released (6.0-rc7) [e45cc288724f0cfd497bb5920bcfa60caa335729]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.2-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-48659 b/retired/CVE-2022-48659
new file mode 100644
index 00000000..a66e2df7
--- /dev/null
+++ b/retired/CVE-2022-48659
@@ -0,0 +1,15 @@
+Description: mm/slub: fix to return errno if kmalloc() fails
+References:
+Notes:
+ carnil> Introduced in 81819f0fc8285 ("SLUB core"). Vulnerable versions: 2.6.22-rc1.
+Bugs:
+upstream: released (6.0-rc7) [7e9c323c52b379d261a72dc7bd38120a761a93cd]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.146) [379ac7905ff3f0a6a4e507d3e9f710ec4fab9124]
+4.19-upstream-stable: released (4.19.260) [e996821717c5cf8aa1e1abdb6b3d900a231e3755]
+sid: released (6.0.2-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: released (4.19.260-1)
diff --git a/retired/CVE-2022-48660 b/retired/CVE-2022-48660
new file mode 100644
index 00000000..67024b9c
--- /dev/null
+++ b/retired/CVE-2022-48660
@@ -0,0 +1,16 @@
+Description: gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully
+References:
+Notes:
+ carnil> Introduced in 468242724143 ("gpiolib: cdev: refactor lineevent cleanup into
+ carnil> lineevent_free"). Vulnerable versions: 5.9-rc1.
+Bugs:
+upstream: released (6.0-rc7) [69bef19d6b9700e96285f4b4e28691cda3dcd0d1]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.146) [657803b918e097e47d99d1489da83a603c36bcdd]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.2-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-48661 b/retired/CVE-2022-48661
new file mode 100644
index 00000000..8efbff38
--- /dev/null
+++ b/retired/CVE-2022-48661
@@ -0,0 +1,16 @@
+Description: gpio: mockup: Fix potential resource leakage when register a chip
+References:
+Notes:
+ carnil> Introduced in 6fda593f3082 ("gpio: mockup: Convert to use software nodes").
+ carnil> Vulnerable versions: 5.15-rc6.
+Bugs:
+upstream: released (6.0-rc7) [02743c4091ccfb246f5cdbbe3f44b152d5d12933]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.2-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-48662 b/retired/CVE-2022-48662
new file mode 100644
index 00000000..343594ec
--- /dev/null
+++ b/retired/CVE-2022-48662
@@ -0,0 +1,16 @@
+Description: drm/i915/gem: Really move i915_gem_context.link under ref protection
+References:
+Notes:
+ carnil> Introduced in f8246cf4d9a9 ("drm/i915/gem: Drop free_work for GEM contexts").
+ carnil> Vulnerable versions: 5.12-rc1.
+Bugs:
+upstream: released (6.0-rc7) [d119888b09bd567e07c6b93a07f175df88857e02]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.2-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-48663 b/retired/CVE-2022-48663
new file mode 100644
index 00000000..9a679f89
--- /dev/null
+++ b/retired/CVE-2022-48663
@@ -0,0 +1,16 @@
+Description: gpio: mockup: fix NULL pointer dereference when removing debugfs
+References:
+Notes:
+ carnil> Introduced in 303e6da99429 ("gpio: mockup: remove gpio debugfs when remove
+ carnil> device"). Vulnerable versions: 5.10.144 5.15.69 5.19.10 6.0-rc4.
+Bugs:
+upstream: released (6.0-rc7) [b7df41a6f79dfb18ba2203f8c5f0e9c0b9b57f68]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.146) [bdea98b98f844bd8a983ca880893e509a8b4162f]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.2-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-48665 b/retired/CVE-2022-48665
new file mode 100644
index 00000000..12ebb813
--- /dev/null
+++ b/retired/CVE-2022-48665
@@ -0,0 +1,16 @@
+Description: exfat: fix overflow for large capacity partition
+References:
+Notes:
+ carnil> Introduced in 1b6138385499 ("exfat: reduce block requests when zeroing a
+ carnil> cluster"). Vulnerable versions: 5.19-rc1.
+Bugs:
+upstream: released (6.0-rc7) [2e9ceb6728f1dc2fa4b5d08f37d88cbc49a20a62]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.2-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-48667 b/retired/CVE-2022-48667
new file mode 100644
index 00000000..97a604bd
--- /dev/null
+++ b/retired/CVE-2022-48667
@@ -0,0 +1,16 @@
+Description: smb3: fix temporary data corruption in insert range
+References:
+Notes:
+ carnil> Introduced in 7fe6fe95b936 ("cifs: add FALLOC_FL_INSERT_RANGE support").
+ carnil> Vulnerable versions: 5.13-rc1.
+Bugs:
+upstream: released (6.0-rc4) [9c8b7a293f50253e694f19161c045817a938e551]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.2-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-48668 b/retired/CVE-2022-48668
new file mode 100644
index 00000000..9c11cb23
--- /dev/null
+++ b/retired/CVE-2022-48668
@@ -0,0 +1,16 @@
+Description: smb3: fix temporary data corruption in collapse range
+References:
+Notes:
+ carnil> Introduced in 5476b5dd82c8b ("cifs: add support for FALLOC_FL_COLLAPSE_RANGE").
+ carnil> Vulnerable versions: 5.13-rc1.
+Bugs:
+upstream: released (6.0-rc4) [fa30a81f255a56cccd89552cd6ce7ea6e8d8acc4]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.2-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52646 b/retired/CVE-2023-52646
new file mode 100644
index 00000000..646710f9
--- /dev/null
+++ b/retired/CVE-2023-52646
@@ -0,0 +1,16 @@
+Description: aio: fix mremap after fork null-deref
+References:
+Notes:
+ carnil> Introduced in e4a0d3e720e7 ("aio: Make it possible to remap aio ring").
+ carnil> Vulnerable versions: 3.19-rc1.
+Bugs:
+upstream: released (6.2) [81e9d6f8647650a7bead74c5f926e29970e834d1]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.13) [af126acf01a12bdb04986fd26fc2eb3b40249e0d]
+5.10-upstream-stable: released (5.10.169) [c261f798f7baa8080cf0214081d43d5f86bb073f]
+4.19-upstream-stable: released (4.19.273) [d8dca1bfe9adcae38b35add64977818c0c13dd22]
+sid: released (6.1.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2024-26678 b/retired/CVE-2024-26678
new file mode 100644
index 00000000..c01adbee
--- /dev/null
+++ b/retired/CVE-2024-26678
@@ -0,0 +1,16 @@
+Description: x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat section
+References:
+Notes:
+ carnil> Introduced in 3e3eabe26dc8 ("x86/boot: Increase section and file alignment to
+ carnil> 4k/512"). Vulnerable versions: 6.6.18 6.7-rc1.
+Bugs:
+upstream: released (6.8-rc4) [1ad55cecf22f05f1c884adf63cc09d3c3e609ebf]
+6.7-upstream-stable: released (6.7.5) [4adeeff8c12321cd453412a659c3c0eeb9bb2397]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26927 b/retired/CVE-2024-26927
new file mode 100644
index 00000000..47cd8c18
--- /dev/null
+++ b/retired/CVE-2024-26927
@@ -0,0 +1,16 @@
+Description: ASoC: SOF: Add some bounds checking to firmware data
+References:
+Notes:
+ carnil> Introduced in d2458baa799f ("ASoC: SOF: ipc3-loader: Implement firmware parsing
+ carnil> and loading"). Vulnerable versions: 5.19-rc1.
+Bugs:
+upstream: released (6.9-rc1) [98f681b0f84cfc3a1d83287b77697679e0398306]
+6.8-upstream-stable: released (6.8.2) [9eeb8e1231f6450c574c1db979122e171a1813ab]
+6.6-upstream-stable: released (6.6.23) [ced7df8b3c5c4751244cad79011e86cf1f809153]
+6.1-upstream-stable: released (6.1.83) [d133d67e7e724102d1e53009c4f88afaaf3e167c]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
author	Salvatore Bonaccorso <carnil@debian.org>	2024-04-29 20:53:28 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2024-04-29 20:53:28 +0200
commit	58cfe4366ec42ead0e7051af35c4d339f0adaf62 (patch)
tree	82c0b1a808430feb2752d4143106f8db9bcbb6e2 /retired
parent	4ec58ba3413a354da4f0d015a6b51e187abd98a7 (diff)