diff options
author | Ben Hutchings <ben@decadent.org.uk> | 2020-02-21 00:50:24 +0000 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2020-02-21 00:50:24 +0000 |
commit | 5d5896440eb95041fd886993d1e2a157e22c8999 (patch) | |
tree | dcc548fa8ed5d6816ea04efd05348096b4424d4e /retired | |
parent | 6ab5f20405175e47a4a67c7ff1a4f7cd92fa2914 (diff) |
Retire inactive issues
Diffstat (limited to 'retired')
-rw-r--r-- | retired/CVE-2019-14615 | 12 | ||||
-rw-r--r-- | retired/CVE-2019-19043 | 16 | ||||
-rw-r--r-- | retired/CVE-2019-19046 | 16 | ||||
-rw-r--r-- | retired/CVE-2019-19049 | 14 | ||||
-rw-r--r-- | retired/CVE-2019-19054 | 14 | ||||
-rw-r--r-- | retired/CVE-2019-19063 | 14 | ||||
-rw-r--r-- | retired/CVE-2019-19064 | 14 | ||||
-rw-r--r-- | retired/CVE-2019-19070 | 14 | ||||
-rw-r--r-- | retired/CVE-2019-19927 | 23 |
9 files changed, 137 insertions, 0 deletions
diff --git a/retired/CVE-2019-14615 b/retired/CVE-2019-14615 new file mode 100644 index 000000000..de99110e5 --- /dev/null +++ b/retired/CVE-2019-14615 @@ -0,0 +1,12 @@ +Description: drm/i915/gen9: Clear residual context state on context switch +References: +Notes: +Bugs: +upstream: released (5.5-rc7) [bc8a76a152c5f9ef3b48104154a65a68a8b76946] +4.19-upstream-stable: released (4.19.96) [dd4f3b3508f65fe37975db223365216316da3998] +4.9-upstream-stable: released (4.9.210) [571233331e1910206ec365ac61e5b51e77cce3b9] +3.16-upstream-stable: N/A "Driver doesn't support this hardware" +sid: released (5.4.13-1) +4.19-buster-security: released (4.19.98-1) +4.9-stretch-security: released (4.9.210-1) +3.16-jessie-security: N/A "Driver doesn't support this hardware" diff --git a/retired/CVE-2019-19043 b/retired/CVE-2019-19043 new file mode 100644 index 000000000..cb758e602 --- /dev/null +++ b/retired/CVE-2019-19043 @@ -0,0 +1,16 @@ +Description: i40e: prevent memory leak in i40e_setup_macvlans +References: + https://github.com/torvalds/linux/commit/27d461333459d282ffa4a2bdb6b215a59d493a8f +Notes: + bwh> Introduced in 5.3 by commit 1d8d80b4e4ff "i40e: Add macvlan support on + bwh> i40e". + carnil> Fixed in 5.4.14. +Bugs: +upstream: released (5.5-rc1) [27d461333459d282ffa4a2bdb6b215a59d493a8f] +4.19-upstream-stable: N/A "Vulnerable code not present" +4.9-upstream-stable: N/A "Vulnerable code not present" +3.16-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.4.19-1) +4.19-buster-security: N/A "Vulnerable code not present" +4.9-stretch-security: N/A "Vulnerable code not present" +3.16-jessie-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2019-19046 b/retired/CVE-2019-19046 new file mode 100644 index 000000000..5d024822a --- /dev/null +++ b/retired/CVE-2019-19046 @@ -0,0 +1,16 @@ +Description: ipmi: Fix memory leak in __ipmi_bmc_register +References: + https://github.com/torvalds/linux/commit/4aa7afb0ee20a97fbf0c5bab3df028d5fb85fdab +Notes: + bwh> This is a potential memory leak on probe or triggered by a change + bwh> on the BMC, which is not a vulnerability. + carnil> Fixed as well in 5.4.15 +Bugs: +upstream: released (5.5-rc1) [4aa7afb0ee20a97fbf0c5bab3df028d5fb85fdab] +4.19-upstream-stable: released (4.19.99) [211eabc55d07fc3709e967b08b6f5bb77198dbd0] +4.9-upstream-stable: ignored "Not a real issue" +3.16-upstream-stable: ignored "Not a real issue" +sid: released (5.4.19-1) +4.19-buster-security: ignored "Not a real issue" +4.9-stretch-security: ignored "Not a real issue" +3.16-jessie-security: ignored "Not a real issue" diff --git a/retired/CVE-2019-19049 b/retired/CVE-2019-19049 new file mode 100644 index 000000000..4eab7ed43 --- /dev/null +++ b/retired/CVE-2019-19049 @@ -0,0 +1,14 @@ +Description: of: unittest: fix memory leak in unittest_data_add +References: +Notes: + carnil> unittest.c can only be reached during boot? + bwh> Indeed, so not a vulnerability at all. +Bugs: +upstream: released (5.4-rc5) [e13de8fe0d6a51341671bbe384826d527afe8d44] +4.19-upstream-stable: released (4.19.83) [fcc3f7c810c3bc595ce179ea4d9e18f506fd0d03] +4.9-upstream-stable: released (4.9.200) [0228cd262dda0916948b52a74b88fa1f8b3cc810] +3.16-upstream-stable: ignored "Not a real issue" +sid: released (5.3.15-1) +4.19-buster-security: released (4.19.87-1) +4.9-stretch-security: released (4.9.210-1) +3.16-jessie-security: ignored "Not a real issue" diff --git a/retired/CVE-2019-19054 b/retired/CVE-2019-19054 new file mode 100644 index 000000000..f3bd6a5a4 --- /dev/null +++ b/retired/CVE-2019-19054 @@ -0,0 +1,14 @@ +Description: media: rc: prevent memory leak in cx23888_ir_probe +References: + https://github.com/torvalds/linux/commit/a7b2df76b42bdd026e3106cf2ba97db41345a177 +Notes: + bwh> This is a potential memory leak on probe, which is not a vulnerability. +Bugs: +upstream: released (5.5-rc1) [a7b2df76b42bdd026e3106cf2ba97db41345a177] +4.19-upstream-stable: ignored "Not a real issue" +4.9-upstream-stable: ignored "Not a real issue" +3.16-upstream-stable: ignored "Not a real issue" +sid: ignored "Not a real issue" +4.19-buster-security: ignored "Not a real issue" +4.9-stretch-security: ignored "Not a real issue" +3.16-jessie-security: ignored "Not a real issue" diff --git a/retired/CVE-2019-19063 b/retired/CVE-2019-19063 new file mode 100644 index 000000000..10071040c --- /dev/null +++ b/retired/CVE-2019-19063 @@ -0,0 +1,14 @@ +Description: rtlwifi: prevent memory leak in rtl_usb_probe +References: + https://github.com/torvalds/linux/commit/3f93616951138a598d930dcaec40f2bfd9ce43bb +Notes: + bwh> These are potential memory leaks on probe, which are not a vulnerability. +Bugs: +upstream: released (5.5-rc1) [3f93616951138a598d930dcaec40f2bfd9ce43bb] +4.19-upstream-stable: released (4.19.92) [3717a450f83945c481059a6921440e5e6fe3c856] +4.9-upstream-stable: released (4.9.208) [4a06822bba46026212c06076284b940c0864bae4] +3.16-upstream-stable: ignored "Not a real issue" +sid: released (5.4.8-1) +4.19-buster-security: released (4.19.98-1) +4.9-stretch-security: released (4.9.210-1) +3.16-jessie-security: ignored "Not a real issue" diff --git a/retired/CVE-2019-19064 b/retired/CVE-2019-19064 new file mode 100644 index 000000000..6d52029fe --- /dev/null +++ b/retired/CVE-2019-19064 @@ -0,0 +1,14 @@ +Description: spi: lpspi: fix memory leak in fsl_lpspi_probe +References: + https://github.com/torvalds/linux/commit/057b8945f78f76d0b04eeb5c27cd9225e5e7ad86 +Notes: + bwh> This is a potential memory leak on probe, which is not a vulnerability. +Bugs: +upstream: released (5.5-rc1) [057b8945f78f76d0b04eeb5c27cd9225e5e7ad86] +4.19-upstream-stable: ignored "Not a real issue" +4.9-upstream-stable: ignored "Not a real issue" +3.16-upstream-stable: ignored "Not a real issue" +sid: released (5.4.13-1) +4.19-buster-security: ignored "Not a real issue" +4.9-stretch-security: ignored "Not a real issue" +3.16-jessie-security: ignored "Not a real issue" diff --git a/retired/CVE-2019-19070 b/retired/CVE-2019-19070 new file mode 100644 index 000000000..10b6eaa02 --- /dev/null +++ b/retired/CVE-2019-19070 @@ -0,0 +1,14 @@ +Description: spi: gpio: prevent memory leak in spi_gpio_probe +References: + https://github.com/torvalds/linux/commit/d3b0ffa1d75d5305ebe34735598993afbb8a869d +Notes: + bwh> This is a potential memory leak on probe, which is not a vulnerability. +Bugs: +upstream: released (5.5-rc1) [d3b0ffa1d75d5305ebe34735598993afbb8a869d] +4.19-upstream-stable: ignored "Not a real issue" +4.9-upstream-stable: ignored "Not a real issue" +3.16-upstream-stable: ignored "Not a real issue" +sid: ignored "Not a real issue" +4.19-buster-security: ignored "Not a real issue" +4.9-stretch-security: ignored "Not a real issue" +3.16-jessie-security: ignored "Not a real issue" diff --git a/retired/CVE-2019-19927 b/retired/CVE-2019-19927 new file mode 100644 index 000000000..83dfc7841 --- /dev/null +++ b/retired/CVE-2019-19927 @@ -0,0 +1,23 @@ +Description: drm/ttm: Out-of-bounds access in THP handling in ttm_put_pages() +References: + https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19927 + https://github.com/torvalds/linux/commit/453393369dc9806d2455151e329c599684762428 + https://github.com/torvalds/linux/commit/a66477b0efe511d98dde3e4aaeb189790e6f0a39 + https://github.com/torvalds/linux/commit/ac1e516d5a4c56bf0cb4a3dfc0672f689131cfd4 +Notes: + carnil> One of the commits, a66477b0efe5 ("drm/ttm: fix out-of-bounds + carnil> read in ttm_put_pages() v2") was as well backported to 4.19.37. + carnil> What is relevant to the supported branches to be backported? + carnil> All three commits need to be applied, cf. + carnil> https://lore.kernel.org/stable/20200116064439.GA62849@google.com/ + bwh> This is related to THP (transparent huge page) support which was + bwh> added in 4.15. +Bugs: +upstream: released (5.1-rc6) [453393369dc9806d2455151e329c599684762428, a66477b0efe511d98dde3e4aaeb189790e6f0a39, ac1e516d5a4c56bf0cb4a3dfc0672f689131cfd4] +4.19-upstream-stable: released (4.19.97) [8c2cdfb2c81bb533b9e6a3874ee5399102c4c580, 96800ba9e565ab752774cd88328f96aed28a1436, 83a88fb92950ef34b9924c39ff7554ae92c9af69] +4.9-upstream-stable: N/A "Vulnerable code not present" +3.16-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.2.6-1) +4.19-buster-security: released (4.19.98-1) +4.9-stretch-security: N/A "Vulnerable code not present" +3.16-jessie-security: N/A "Vulnerable code not present" |