Retire inactive issues

11 files changed, 162 insertions, 0 deletions

diff --git a/retired/CVE-2017-10662 b/retired/CVE-2017-10662
new file mode 100644
index 00000000..b7bef7f0
--- /dev/null
+++ b/retired/CVE-2017-10662
@@ -0,0 +1,16 @@
+Description: f2fs: sanity check segment count
+References:
+ https://source.android.com/security/bulletin/2017-08-01
+Notes:
+ bwh> Vulnerable code added in 3.8 by commit 39a53e0ce0df "f2fs: add superblock
+ bwh> and major in-memory structure".
+Bugs:
+upstream: released (4.12-rc1) [b9dd46188edc2f0d1f37328637860bb65a771124]
+4.19-upstream-stable: N/A "Fixed before branch point"
+4.9-upstream-stable: released (4.9.28) [93862955cbf485215f0677229292d0f358af55fc]
+3.16-upstream-stable: ignored "Hard to backport and low priority outside of Android"
+3.2-upstream-stable: N/A "Vulnerable code not present"
+sid: released (4.9.30-1)
+4.9-stretch-security: N/A "Fixed before the initial release of Stretch"
+3.16-jessie-security: ignored "Hard to backport and low priority outside of Android"
+3.2-wheezy-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2017-10663 b/retired/CVE-2017-10663
new file mode 100644
index 00000000..1f493245
--- /dev/null
+++ b/retired/CVE-2017-10663
@@ -0,0 +1,17 @@
+Description: f2fs: sanity check checkpoint segno and blkoff
+References:
+ https://source.android.com/security/bulletin/2017-08-01
+ https://sourceforge.net/p/linux-f2fs/mailman/message/35835945/
+Notes:
+ bwh> Vulnerable code added in 3.8 by commit 127e670abfa7 "f2fs: add checkpoint
+ bwh> operations".
+Bugs:
+upstream: released (4.13-rc1) [15d3042a937c13f5d9244241c7a9c8416ff6e82a]
+4.19-upstream-stable: N/A "Fixed before branch point"
+4.9-upstream-stable: released (4.9.42) [0f442c5b2e4ac0b65027ed3374462f1c38675f7e]
+3.16-upstream-stable: ignored "Hard to backport and low priority outside of Android"
+3.2-upstream-stable: N/A "Vulnerable code not present"
+sid: released (4.12.6-1)
+4.9-stretch-security: released (4.9.47-1)
+3.16-jessie-security: ignored "Hard to backport and low priority outside of Android"
+3.2-wheezy-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2017-18232 b/retired/CVE-2017-18232
new file mode 100644
index 00000000..ac73c40d
--- /dev/null
+++ b/retired/CVE-2017-18232
@@ -0,0 +1,15 @@
+Description: scsi: libsas: direct call probe and destruct
+References:
+Notes:
+ bwh> Commit message says this was introduced by commit 87c8331fcf72
+ bwh> (Linux 3.4).  For stretch, this requires an ABI bump.
+Bugs:
+upstream: released (4.16-rc1) [0558f33c06bb910e2879e355192227a8e8f0219d]
+4.19-upstream-stable: N/A "Fixed before branch point"
+4.9-upstream-stable: ignored "Minor issue"
+3.16-upstream-stable: ignored "Minor issue"
+3.2-upstream-stable: N/A "Vulnerability introduced later"
+sid: released (4.15.17-1) [bugfix/all/scsi-libsas-direct-call-probe-and-destruct.patch]
+4.9-stretch-security: ignored "Minor issue"
+3.16-jessie-security: released (3.16.56-1) [bugfix/all/scsi-libsas-direct-call-probe-and-destruct.patch]
+3.2-wheezy-security: N/A "Vulnerability introduced later"
diff --git a/retired/CVE-2017-18249 b/retired/CVE-2017-18249
new file mode 100644
index 00000000..5be73fcb
--- /dev/null
+++ b/retired/CVE-2017-18249
@@ -0,0 +1,13 @@
+Description: f2fs: fix race condition in between free nid allocator/initializer
+References:
+Notes:
+Bugs:
+upstream: released (4.12-rc1) [30a61ddf8117c26ac5b295e1233eaa9629a94ca3]
+4.19-upstream-stable: N/A "Fixed before branch point"
+4.9-upstream-stable: released (4.9.144) [cb9b1d4ec206702a4df1cb42ba8142f39acfdd91]
+3.16-upstream-stable: ignored "Hard to backport and low priority outside of Android"
+3.2-upstream-stable: N/A "Vulnerable code not present"
+sid: released (4.12.6-1)
+4.9-stretch-security: released (4.9.144-1)
+3.16-jessie-security: ignored "Hard to backport and low priority outside of Android"
+3.2-wheezy-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2018-13096 b/retired/CVE-2018-13096
new file mode 100644
index 00000000..96dd1e20
--- /dev/null
+++ b/retired/CVE-2018-13096
@@ -0,0 +1,13 @@
+Description: buffer overrun in build_sit_info() when mounting a crafted f2fs image
+References:
+ https://bugzilla.kernel.org/show_bug.cgi?id=200167
+ https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=8c9c95d5f4e68d22f22091546ce554ac9222689c
+Notes:
+Bugs:
+upstream: released (4.19-rc1) [e34438c903b653daca2b2a7de95aed46226f8ed3]
+4.19-upstream-stable: N/A "Fixed before branch point"
+4.9-upstream-stable: released (4.9.144) [1c87980591a1dc8c5eafdcc5f9953fca4e518465]
+3.16-upstream-stable: ignored "Hard to backport and low priority outside of Android"
+sid: released (4.19.9-1)
+4.9-stretch-security: released (4.9.144-1)
+3.16-jessie-security: ignored "Hard to backport and low priority outside of Android"
diff --git a/retired/CVE-2018-13097 b/retired/CVE-2018-13097
new file mode 100644
index 00000000..ae5be2c4
--- /dev/null
+++ b/retired/CVE-2018-13097
@@ -0,0 +1,13 @@
+Description: Divide zero in utilization when mount() a corrupted f2fs image 
+References:
+ https://bugzilla.kernel.org/show_bug.cgi?id=200171
+ https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=d5c28acdb832800fbbcf831f20f75080cba54f04
+Notes:
+Bugs:
+upstream: released (4.19-rc1) [9dc956b2c8523aed39d1e6508438be9fea28c8fc]
+4.19-upstream-stable: N/A "Fixed before branch point"
+4.9-upstream-stable: released (4.9.144) [06e606acedaf8bb00c83c4cee43acdd264287a92]
+3.16-upstream-stable: ignored "Hard to backport and low priority outside of Android"
+sid: released (4.19.9-1)
+4.9-stretch-security: released (4.9.144-1)
+3.16-jessie-security: ignored "Hard to backport and low priority outside of Android"
diff --git a/retired/CVE-2018-13099 b/retired/CVE-2018-13099
new file mode 100644
index 00000000..5b2378a3
--- /dev/null
+++ b/retired/CVE-2018-13099
@@ -0,0 +1,14 @@
+Description: use-after-free in update_sit_entry() when operating on a corrupted f2fs image 
+References:
+ https://bugzilla.kernel.org/show_bug.cgi?id=200179
+ https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=67d88628bd1dcc9ded6f0b7dfc363d1370688004
+ https://sourceforge.net/p/linux-f2fs/mailman/message/36356878/
+Notes:
+Bugs:
+upstream: released (4.19-rc1) [4dbe38dc386910c668c75ae616b99b823b59f3eb]
+4.19-upstream-stable: N/A "Fixed before branch point"
+4.9-upstream-stable: released (4.9.128) [7e0782ceebaaed70b0c4b775c27b81e8f8cf6ddb]
+3.16-upstream-stable: ignored "Hard to backport and low priority outside of Android"
+sid: released (4.18.10-1)
+4.9-stretch-security: released (4.9.110-3+deb9u5) [bugfix/all/f2fs-fix-to-do-sanity-check-with-reserved-blkaddr-of.patch]
+3.16-jessie-security: ignored "Hard to backport and low priority outside of Android"
diff --git a/retired/CVE-2018-13100 b/retired/CVE-2018-13100
new file mode 100644
index 00000000..b321827b
--- /dev/null
+++ b/retired/CVE-2018-13100
@@ -0,0 +1,13 @@
+Description: Divide zero in reset_curseg() when mounting a crafted f2fs image
+References:
+ https://bugzilla.kernel.org/show_bug.cgi?id=200183
+ https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=e72ba39212abc9e77f367cd95d7d3c8689aba14a
+Notes:
+Bugs:
+upstream: released (4.19-rc1) [42bf546c1fe3f3654bdf914e977acbc2b80a5be5]
+4.19-upstream-stable: N/A "Fixed before branch point"
+4.9-upstream-stable: released (4.9.144) [a3dccfacd3a574365ab6c5118f8a944a4ba691fa]
+3.16-upstream-stable: ignored "Hard to backport and low priority outside of Android"
+sid: released (4.18.10-1)
+4.9-stretch-security: released (4.9.144-1)
+3.16-jessie-security: ignored "Hard to backport and low priority outside of Android"
diff --git a/retired/CVE-2018-14614 b/retired/CVE-2018-14614
new file mode 100644
index 00000000..a85db69e
--- /dev/null
+++ b/retired/CVE-2018-14614
@@ -0,0 +1,13 @@
+Description: NULL pointer dereference in __remove_dirty_segment() when mounting an f2fs image
+References:
+ https://bugzilla.kernel.org/show_bug.cgi?id=200419
+ https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=bf2d987b270ed14fb205c83c6dcfbfa6dfcd9f8c
+Notes:
+Bugs:
+upstream: released (4.19-rc1) [e494c2f995d6181d6e29c4927d68e0f295ecf75b]
+4.19-upstream-stable: N/A "Fixed before branch point"
+4.9-upstream-stable: released (4.9.144) [91fe514bedf4c72ae8046fe4cfa98c5e201f6b84]
+3.16-upstream-stable: ignored "Hard to backport and low priority outside of Android"
+sid: released (4.19.9-1)
+4.9-stretch-security: released (4.9.144-1)
+3.16-jessie-security: ignored "Hard to backport and low priority outside of Android"
diff --git a/retired/CVE-2018-7273 b/retired/CVE-2018-7273
new file mode 100644
index 00000000..f6525375
--- /dev/null
+++ b/retired/CVE-2018-7273
@@ -0,0 +1,16 @@
+Description: floppy: Don't print kernel addresses to log in show_floppy
+References:
+ https://lkml.org/lkml/2018/2/20/669
+Notes:
+ bwh> All addresses formatted with %p are now hashed, so I don't think
+ bwh> this needs to be specifically addressed upstream.
+Bugs:
+upstream: released (4.15-rc2) [ad67b74d2469d9b82aaa572d76474c95bc484d57]
+4.19-upstream-stable: N/A "Fixed before branch point"
+4.9-upstream-stable: ignored "Minor issue"
+3.16-upstream-stable: ignored "Minor issue"
+3.2-upstream-stable: ignored "Minor issue"
+sid: released (4.15.4-1)
+4.9-stretch-security: ignored "Minor issue"
+3.16-jessie-security: ignored "Minor issue"
+3.2-wheezy-security: ignored "Minor issue"
diff --git a/retired/CVE-2019-7308 b/retired/CVE-2019-7308
new file mode 100644
index 00000000..055455f2
--- /dev/null
+++ b/retired/CVE-2019-7308
@@ -0,0 +1,19 @@
+Description: out-of-bounds speculation on pointer arithmetic in various cases
+References:
+ https://bugs.chromium.org/p/project-zero/issues/detail?id=1711
+Notes:
+ carnil> At last be95a845cc4402272994ce290e3ad928aff06cb9 was backported to 4.9.x
+ carnil> as 5cb917aa1f1e03df9a4c29b363e3900d73508fa8 and included in 4.9.79.
+ bwh> Before commit f1174f77b50c "bpf/verifier: rework value tracking",
+ bwh> the only case where pointer arithmetic was permitted with a variable
+ bwh> offset was packet (context) access. The upstream fixes don't cover
+ bwh> that case (though it's not clear to me why) so I don't believe this
+ bwh> issue is applicable to any version before that rework.
+Bugs:
+upstream: released (5.0-rc1) [979d63d50c0c0f7bc537bf821e056cc9fe5abd38], (5.0-rc3) [d3bd7413e0ca40b60cf60d4003246d067cafdeda]
+4.19-upstream-stable: released (4.19.19) [f92a819b4cbef8c9527d9797110544b2055a4b96, eed84f94ff8d97abcbc5706f6f9427520fd60a10]
+4.9-upstream-stable: N/A "Vulnerable code not present"
+3.16-upstream-stable: N/A "Vulnerable code not present"
+sid: released (4.19.20-1)
+4.9-stretch-security: N/A "Vulnerable code not present"
+3.16-jessie-security: N/A "Vulnerable code not present"