diff options
author | Ben Hutchings <ben@decadent.org.uk> | 2019-06-06 20:59:52 +0100 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2019-06-06 20:59:52 +0100 |
commit | 5b85b5a3a2d5706d314825bca1d2ca012dac9ff2 (patch) | |
tree | fb715e49e072571480e3bbf5df3bc581ad1182bd /retired | |
parent | 3bbb37ff9af0a202846a3284b8a42239d68eab29 (diff) |
Retire inactive issues
Diffstat (limited to 'retired')
-rw-r--r-- | retired/CVE-2017-10662 | 16 | ||||
-rw-r--r-- | retired/CVE-2017-10663 | 17 | ||||
-rw-r--r-- | retired/CVE-2017-18232 | 15 | ||||
-rw-r--r-- | retired/CVE-2017-18249 | 13 | ||||
-rw-r--r-- | retired/CVE-2018-13096 | 13 | ||||
-rw-r--r-- | retired/CVE-2018-13097 | 13 | ||||
-rw-r--r-- | retired/CVE-2018-13099 | 14 | ||||
-rw-r--r-- | retired/CVE-2018-13100 | 13 | ||||
-rw-r--r-- | retired/CVE-2018-14614 | 13 | ||||
-rw-r--r-- | retired/CVE-2018-7273 | 16 | ||||
-rw-r--r-- | retired/CVE-2019-7308 | 19 |
11 files changed, 162 insertions, 0 deletions
diff --git a/retired/CVE-2017-10662 b/retired/CVE-2017-10662 new file mode 100644 index 00000000..b7bef7f0 --- /dev/null +++ b/retired/CVE-2017-10662 @@ -0,0 +1,16 @@ +Description: f2fs: sanity check segment count +References: + https://source.android.com/security/bulletin/2017-08-01 +Notes: + bwh> Vulnerable code added in 3.8 by commit 39a53e0ce0df "f2fs: add superblock + bwh> and major in-memory structure". +Bugs: +upstream: released (4.12-rc1) [b9dd46188edc2f0d1f37328637860bb65a771124] +4.19-upstream-stable: N/A "Fixed before branch point" +4.9-upstream-stable: released (4.9.28) [93862955cbf485215f0677229292d0f358af55fc] +3.16-upstream-stable: ignored "Hard to backport and low priority outside of Android" +3.2-upstream-stable: N/A "Vulnerable code not present" +sid: released (4.9.30-1) +4.9-stretch-security: N/A "Fixed before the initial release of Stretch" +3.16-jessie-security: ignored "Hard to backport and low priority outside of Android" +3.2-wheezy-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2017-10663 b/retired/CVE-2017-10663 new file mode 100644 index 00000000..1f493245 --- /dev/null +++ b/retired/CVE-2017-10663 @@ -0,0 +1,17 @@ +Description: f2fs: sanity check checkpoint segno and blkoff +References: + https://source.android.com/security/bulletin/2017-08-01 + https://sourceforge.net/p/linux-f2fs/mailman/message/35835945/ +Notes: + bwh> Vulnerable code added in 3.8 by commit 127e670abfa7 "f2fs: add checkpoint + bwh> operations". +Bugs: +upstream: released (4.13-rc1) [15d3042a937c13f5d9244241c7a9c8416ff6e82a] +4.19-upstream-stable: N/A "Fixed before branch point" +4.9-upstream-stable: released (4.9.42) [0f442c5b2e4ac0b65027ed3374462f1c38675f7e] +3.16-upstream-stable: ignored "Hard to backport and low priority outside of Android" +3.2-upstream-stable: N/A "Vulnerable code not present" +sid: released (4.12.6-1) +4.9-stretch-security: released (4.9.47-1) +3.16-jessie-security: ignored "Hard to backport and low priority outside of Android" +3.2-wheezy-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2017-18232 b/retired/CVE-2017-18232 new file mode 100644 index 00000000..ac73c40d --- /dev/null +++ b/retired/CVE-2017-18232 @@ -0,0 +1,15 @@ +Description: scsi: libsas: direct call probe and destruct +References: +Notes: + bwh> Commit message says this was introduced by commit 87c8331fcf72 + bwh> (Linux 3.4). For stretch, this requires an ABI bump. +Bugs: +upstream: released (4.16-rc1) [0558f33c06bb910e2879e355192227a8e8f0219d] +4.19-upstream-stable: N/A "Fixed before branch point" +4.9-upstream-stable: ignored "Minor issue" +3.16-upstream-stable: ignored "Minor issue" +3.2-upstream-stable: N/A "Vulnerability introduced later" +sid: released (4.15.17-1) [bugfix/all/scsi-libsas-direct-call-probe-and-destruct.patch] +4.9-stretch-security: ignored "Minor issue" +3.16-jessie-security: released (3.16.56-1) [bugfix/all/scsi-libsas-direct-call-probe-and-destruct.patch] +3.2-wheezy-security: N/A "Vulnerability introduced later" diff --git a/retired/CVE-2017-18249 b/retired/CVE-2017-18249 new file mode 100644 index 00000000..5be73fcb --- /dev/null +++ b/retired/CVE-2017-18249 @@ -0,0 +1,13 @@ +Description: f2fs: fix race condition in between free nid allocator/initializer +References: +Notes: +Bugs: +upstream: released (4.12-rc1) [30a61ddf8117c26ac5b295e1233eaa9629a94ca3] +4.19-upstream-stable: N/A "Fixed before branch point" +4.9-upstream-stable: released (4.9.144) [cb9b1d4ec206702a4df1cb42ba8142f39acfdd91] +3.16-upstream-stable: ignored "Hard to backport and low priority outside of Android" +3.2-upstream-stable: N/A "Vulnerable code not present" +sid: released (4.12.6-1) +4.9-stretch-security: released (4.9.144-1) +3.16-jessie-security: ignored "Hard to backport and low priority outside of Android" +3.2-wheezy-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2018-13096 b/retired/CVE-2018-13096 new file mode 100644 index 00000000..96dd1e20 --- /dev/null +++ b/retired/CVE-2018-13096 @@ -0,0 +1,13 @@ +Description: buffer overrun in build_sit_info() when mounting a crafted f2fs image +References: + https://bugzilla.kernel.org/show_bug.cgi?id=200167 + https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=8c9c95d5f4e68d22f22091546ce554ac9222689c +Notes: +Bugs: +upstream: released (4.19-rc1) [e34438c903b653daca2b2a7de95aed46226f8ed3] +4.19-upstream-stable: N/A "Fixed before branch point" +4.9-upstream-stable: released (4.9.144) [1c87980591a1dc8c5eafdcc5f9953fca4e518465] +3.16-upstream-stable: ignored "Hard to backport and low priority outside of Android" +sid: released (4.19.9-1) +4.9-stretch-security: released (4.9.144-1) +3.16-jessie-security: ignored "Hard to backport and low priority outside of Android" diff --git a/retired/CVE-2018-13097 b/retired/CVE-2018-13097 new file mode 100644 index 00000000..ae5be2c4 --- /dev/null +++ b/retired/CVE-2018-13097 @@ -0,0 +1,13 @@ +Description: Divide zero in utilization when mount() a corrupted f2fs image +References: + https://bugzilla.kernel.org/show_bug.cgi?id=200171 + https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=d5c28acdb832800fbbcf831f20f75080cba54f04 +Notes: +Bugs: +upstream: released (4.19-rc1) [9dc956b2c8523aed39d1e6508438be9fea28c8fc] +4.19-upstream-stable: N/A "Fixed before branch point" +4.9-upstream-stable: released (4.9.144) [06e606acedaf8bb00c83c4cee43acdd264287a92] +3.16-upstream-stable: ignored "Hard to backport and low priority outside of Android" +sid: released (4.19.9-1) +4.9-stretch-security: released (4.9.144-1) +3.16-jessie-security: ignored "Hard to backport and low priority outside of Android" diff --git a/retired/CVE-2018-13099 b/retired/CVE-2018-13099 new file mode 100644 index 00000000..5b2378a3 --- /dev/null +++ b/retired/CVE-2018-13099 @@ -0,0 +1,14 @@ +Description: use-after-free in update_sit_entry() when operating on a corrupted f2fs image +References: + https://bugzilla.kernel.org/show_bug.cgi?id=200179 + https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=67d88628bd1dcc9ded6f0b7dfc363d1370688004 + https://sourceforge.net/p/linux-f2fs/mailman/message/36356878/ +Notes: +Bugs: +upstream: released (4.19-rc1) [4dbe38dc386910c668c75ae616b99b823b59f3eb] +4.19-upstream-stable: N/A "Fixed before branch point" +4.9-upstream-stable: released (4.9.128) [7e0782ceebaaed70b0c4b775c27b81e8f8cf6ddb] +3.16-upstream-stable: ignored "Hard to backport and low priority outside of Android" +sid: released (4.18.10-1) +4.9-stretch-security: released (4.9.110-3+deb9u5) [bugfix/all/f2fs-fix-to-do-sanity-check-with-reserved-blkaddr-of.patch] +3.16-jessie-security: ignored "Hard to backport and low priority outside of Android" diff --git a/retired/CVE-2018-13100 b/retired/CVE-2018-13100 new file mode 100644 index 00000000..b321827b --- /dev/null +++ b/retired/CVE-2018-13100 @@ -0,0 +1,13 @@ +Description: Divide zero in reset_curseg() when mounting a crafted f2fs image +References: + https://bugzilla.kernel.org/show_bug.cgi?id=200183 + https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=e72ba39212abc9e77f367cd95d7d3c8689aba14a +Notes: +Bugs: +upstream: released (4.19-rc1) [42bf546c1fe3f3654bdf914e977acbc2b80a5be5] +4.19-upstream-stable: N/A "Fixed before branch point" +4.9-upstream-stable: released (4.9.144) [a3dccfacd3a574365ab6c5118f8a944a4ba691fa] +3.16-upstream-stable: ignored "Hard to backport and low priority outside of Android" +sid: released (4.18.10-1) +4.9-stretch-security: released (4.9.144-1) +3.16-jessie-security: ignored "Hard to backport and low priority outside of Android" diff --git a/retired/CVE-2018-14614 b/retired/CVE-2018-14614 new file mode 100644 index 00000000..a85db69e --- /dev/null +++ b/retired/CVE-2018-14614 @@ -0,0 +1,13 @@ +Description: NULL pointer dereference in __remove_dirty_segment() when mounting an f2fs image +References: + https://bugzilla.kernel.org/show_bug.cgi?id=200419 + https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=bf2d987b270ed14fb205c83c6dcfbfa6dfcd9f8c +Notes: +Bugs: +upstream: released (4.19-rc1) [e494c2f995d6181d6e29c4927d68e0f295ecf75b] +4.19-upstream-stable: N/A "Fixed before branch point" +4.9-upstream-stable: released (4.9.144) [91fe514bedf4c72ae8046fe4cfa98c5e201f6b84] +3.16-upstream-stable: ignored "Hard to backport and low priority outside of Android" +sid: released (4.19.9-1) +4.9-stretch-security: released (4.9.144-1) +3.16-jessie-security: ignored "Hard to backport and low priority outside of Android" diff --git a/retired/CVE-2018-7273 b/retired/CVE-2018-7273 new file mode 100644 index 00000000..f6525375 --- /dev/null +++ b/retired/CVE-2018-7273 @@ -0,0 +1,16 @@ +Description: floppy: Don't print kernel addresses to log in show_floppy +References: + https://lkml.org/lkml/2018/2/20/669 +Notes: + bwh> All addresses formatted with %p are now hashed, so I don't think + bwh> this needs to be specifically addressed upstream. +Bugs: +upstream: released (4.15-rc2) [ad67b74d2469d9b82aaa572d76474c95bc484d57] +4.19-upstream-stable: N/A "Fixed before branch point" +4.9-upstream-stable: ignored "Minor issue" +3.16-upstream-stable: ignored "Minor issue" +3.2-upstream-stable: ignored "Minor issue" +sid: released (4.15.4-1) +4.9-stretch-security: ignored "Minor issue" +3.16-jessie-security: ignored "Minor issue" +3.2-wheezy-security: ignored "Minor issue" diff --git a/retired/CVE-2019-7308 b/retired/CVE-2019-7308 new file mode 100644 index 00000000..055455f2 --- /dev/null +++ b/retired/CVE-2019-7308 @@ -0,0 +1,19 @@ +Description: out-of-bounds speculation on pointer arithmetic in various cases +References: + https://bugs.chromium.org/p/project-zero/issues/detail?id=1711 +Notes: + carnil> At last be95a845cc4402272994ce290e3ad928aff06cb9 was backported to 4.9.x + carnil> as 5cb917aa1f1e03df9a4c29b363e3900d73508fa8 and included in 4.9.79. + bwh> Before commit f1174f77b50c "bpf/verifier: rework value tracking", + bwh> the only case where pointer arithmetic was permitted with a variable + bwh> offset was packet (context) access. The upstream fixes don't cover + bwh> that case (though it's not clear to me why) so I don't believe this + bwh> issue is applicable to any version before that rework. +Bugs: +upstream: released (5.0-rc1) [979d63d50c0c0f7bc537bf821e056cc9fe5abd38], (5.0-rc3) [d3bd7413e0ca40b60cf60d4003246d067cafdeda] +4.19-upstream-stable: released (4.19.19) [f92a819b4cbef8c9527d9797110544b2055a4b96, eed84f94ff8d97abcbc5706f6f9427520fd60a10] +4.9-upstream-stable: N/A "Vulnerable code not present" +3.16-upstream-stable: N/A "Vulnerable code not present" +sid: released (4.19.20-1) +4.9-stretch-security: N/A "Vulnerable code not present" +3.16-jessie-security: N/A "Vulnerable code not present" |