Retire inactive issues

9 files changed, 137 insertions, 0 deletions

diff --git a/retired/CVE-2019-14615 b/retired/CVE-2019-14615
new file mode 100644
index 000000000..de99110e5
--- /dev/null
+++ b/retired/CVE-2019-14615
@@ -0,0 +1,12 @@
+Description: drm/i915/gen9: Clear residual context state on context switch
+References:
+Notes:
+Bugs:
+upstream: released (5.5-rc7) [bc8a76a152c5f9ef3b48104154a65a68a8b76946]
+4.19-upstream-stable: released (4.19.96) [dd4f3b3508f65fe37975db223365216316da3998]
+4.9-upstream-stable: released (4.9.210) [571233331e1910206ec365ac61e5b51e77cce3b9]
+3.16-upstream-stable: N/A "Driver doesn't support this hardware"
+sid: released (5.4.13-1)
+4.19-buster-security: released (4.19.98-1)
+4.9-stretch-security: released (4.9.210-1)
+3.16-jessie-security: N/A "Driver doesn't support this hardware"
diff --git a/retired/CVE-2019-19043 b/retired/CVE-2019-19043
new file mode 100644
index 000000000..cb758e602
--- /dev/null
+++ b/retired/CVE-2019-19043
@@ -0,0 +1,16 @@
+Description: i40e: prevent memory leak in i40e_setup_macvlans
+References:
+ https://github.com/torvalds/linux/commit/27d461333459d282ffa4a2bdb6b215a59d493a8f
+Notes:
+ bwh> Introduced in 5.3 by commit 1d8d80b4e4ff "i40e: Add macvlan support on
+ bwh> i40e".
+ carnil> Fixed in 5.4.14.
+Bugs:
+upstream: released (5.5-rc1) [27d461333459d282ffa4a2bdb6b215a59d493a8f]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+3.16-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.4.19-1)
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
+3.16-jessie-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2019-19046 b/retired/CVE-2019-19046
new file mode 100644
index 000000000..5d024822a
--- /dev/null
+++ b/retired/CVE-2019-19046
@@ -0,0 +1,16 @@
+Description: ipmi: Fix memory leak in __ipmi_bmc_register
+References:
+ https://github.com/torvalds/linux/commit/4aa7afb0ee20a97fbf0c5bab3df028d5fb85fdab
+Notes:
+ bwh> This is a potential memory leak on probe or triggered by a change
+ bwh> on the BMC, which is not a vulnerability.
+ carnil> Fixed as well in 5.4.15
+Bugs:
+upstream: released (5.5-rc1) [4aa7afb0ee20a97fbf0c5bab3df028d5fb85fdab]
+4.19-upstream-stable: released (4.19.99) [211eabc55d07fc3709e967b08b6f5bb77198dbd0]
+4.9-upstream-stable: ignored "Not a real issue"
+3.16-upstream-stable: ignored "Not a real issue"
+sid: released (5.4.19-1)
+4.19-buster-security: ignored "Not a real issue"
+4.9-stretch-security: ignored "Not a real issue"
+3.16-jessie-security: ignored "Not a real issue"
diff --git a/retired/CVE-2019-19049 b/retired/CVE-2019-19049
new file mode 100644
index 000000000..4eab7ed43
--- /dev/null
+++ b/retired/CVE-2019-19049
@@ -0,0 +1,14 @@
+Description: of: unittest: fix memory leak in unittest_data_add
+References:
+Notes:
+ carnil> unittest.c can only be reached during boot?
+ bwh> Indeed, so not a vulnerability at all.
+Bugs:
+upstream: released (5.4-rc5) [e13de8fe0d6a51341671bbe384826d527afe8d44]
+4.19-upstream-stable: released (4.19.83) [fcc3f7c810c3bc595ce179ea4d9e18f506fd0d03]
+4.9-upstream-stable: released (4.9.200) [0228cd262dda0916948b52a74b88fa1f8b3cc810]
+3.16-upstream-stable: ignored "Not a real issue"
+sid: released (5.3.15-1)
+4.19-buster-security: released (4.19.87-1)
+4.9-stretch-security: released (4.9.210-1)
+3.16-jessie-security: ignored "Not a real issue"
diff --git a/retired/CVE-2019-19054 b/retired/CVE-2019-19054
new file mode 100644
index 000000000..f3bd6a5a4
--- /dev/null
+++ b/retired/CVE-2019-19054
@@ -0,0 +1,14 @@
+Description: media: rc: prevent memory leak in cx23888_ir_probe
+References:
+ https://github.com/torvalds/linux/commit/a7b2df76b42bdd026e3106cf2ba97db41345a177
+Notes:
+ bwh> This is a potential memory leak on probe, which is not a vulnerability.
+Bugs:
+upstream: released (5.5-rc1) [a7b2df76b42bdd026e3106cf2ba97db41345a177]
+4.19-upstream-stable: ignored "Not a real issue"
+4.9-upstream-stable: ignored "Not a real issue"
+3.16-upstream-stable: ignored "Not a real issue"
+sid: ignored "Not a real issue"
+4.19-buster-security: ignored "Not a real issue"
+4.9-stretch-security: ignored "Not a real issue"
+3.16-jessie-security: ignored "Not a real issue"
diff --git a/retired/CVE-2019-19063 b/retired/CVE-2019-19063
new file mode 100644
index 000000000..10071040c
--- /dev/null
+++ b/retired/CVE-2019-19063
@@ -0,0 +1,14 @@
+Description: rtlwifi: prevent memory leak in rtl_usb_probe
+References:
+ https://github.com/torvalds/linux/commit/3f93616951138a598d930dcaec40f2bfd9ce43bb
+Notes:
+ bwh> These are potential memory leaks on probe, which are not a vulnerability.
+Bugs:
+upstream: released (5.5-rc1) [3f93616951138a598d930dcaec40f2bfd9ce43bb]
+4.19-upstream-stable: released (4.19.92) [3717a450f83945c481059a6921440e5e6fe3c856]
+4.9-upstream-stable: released (4.9.208) [4a06822bba46026212c06076284b940c0864bae4]
+3.16-upstream-stable: ignored "Not a real issue"
+sid: released (5.4.8-1)
+4.19-buster-security: released (4.19.98-1)
+4.9-stretch-security: released (4.9.210-1)
+3.16-jessie-security: ignored "Not a real issue"
diff --git a/retired/CVE-2019-19064 b/retired/CVE-2019-19064
new file mode 100644
index 000000000..6d52029fe
--- /dev/null
+++ b/retired/CVE-2019-19064
@@ -0,0 +1,14 @@
+Description: spi: lpspi: fix memory leak in fsl_lpspi_probe
+References:
+ https://github.com/torvalds/linux/commit/057b8945f78f76d0b04eeb5c27cd9225e5e7ad86
+Notes:
+ bwh> This is a potential memory leak on probe, which is not a vulnerability.
+Bugs:
+upstream: released (5.5-rc1) [057b8945f78f76d0b04eeb5c27cd9225e5e7ad86]
+4.19-upstream-stable: ignored "Not a real issue"
+4.9-upstream-stable: ignored "Not a real issue"
+3.16-upstream-stable: ignored "Not a real issue"
+sid: released (5.4.13-1)
+4.19-buster-security: ignored "Not a real issue"
+4.9-stretch-security: ignored "Not a real issue"
+3.16-jessie-security: ignored "Not a real issue"
diff --git a/retired/CVE-2019-19070 b/retired/CVE-2019-19070
new file mode 100644
index 000000000..10b6eaa02
--- /dev/null
+++ b/retired/CVE-2019-19070
@@ -0,0 +1,14 @@
+Description: spi: gpio: prevent memory leak in spi_gpio_probe 
+References:
+ https://github.com/torvalds/linux/commit/d3b0ffa1d75d5305ebe34735598993afbb8a869d
+Notes:
+ bwh> This is a potential memory leak on probe, which is not a vulnerability.
+Bugs:
+upstream: released (5.5-rc1) [d3b0ffa1d75d5305ebe34735598993afbb8a869d]
+4.19-upstream-stable: ignored "Not a real issue"
+4.9-upstream-stable: ignored "Not a real issue"
+3.16-upstream-stable: ignored "Not a real issue"
+sid: ignored "Not a real issue"
+4.19-buster-security: ignored "Not a real issue"
+4.9-stretch-security: ignored "Not a real issue"
+3.16-jessie-security: ignored "Not a real issue"
diff --git a/retired/CVE-2019-19927 b/retired/CVE-2019-19927
new file mode 100644
index 000000000..83dfc7841
--- /dev/null
+++ b/retired/CVE-2019-19927
@@ -0,0 +1,23 @@
+Description: drm/ttm: Out-of-bounds access in THP handling in ttm_put_pages()
+References:
+ https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19927
+ https://github.com/torvalds/linux/commit/453393369dc9806d2455151e329c599684762428
+ https://github.com/torvalds/linux/commit/a66477b0efe511d98dde3e4aaeb189790e6f0a39
+ https://github.com/torvalds/linux/commit/ac1e516d5a4c56bf0cb4a3dfc0672f689131cfd4
+Notes:
+ carnil> One of the commits, a66477b0efe5 ("drm/ttm: fix out-of-bounds
+ carnil> read in ttm_put_pages() v2") was as well backported to 4.19.37.
+ carnil> What is relevant to the supported branches to be backported?
+ carnil> All three commits need to be applied, cf.
+ carnil> https://lore.kernel.org/stable/20200116064439.GA62849@google.com/
+ bwh> This is related to THP (transparent huge page) support which was
+ bwh> added in 4.15.
+Bugs:
+upstream: released (5.1-rc6) [453393369dc9806d2455151e329c599684762428, a66477b0efe511d98dde3e4aaeb189790e6f0a39, ac1e516d5a4c56bf0cb4a3dfc0672f689131cfd4]
+4.19-upstream-stable: released (4.19.97) [8c2cdfb2c81bb533b9e6a3874ee5399102c4c580, 96800ba9e565ab752774cd88328f96aed28a1436, 83a88fb92950ef34b9924c39ff7554ae92c9af69]
+4.9-upstream-stable: N/A "Vulnerable code not present"
+3.16-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.2.6-1)
+4.19-buster-security: released (4.19.98-1)
+4.9-stretch-security: N/A "Vulnerable code not present"
+3.16-jessie-security: N/A "Vulnerable code not present"