Retire some CVEs

24 files changed, 381 insertions, 0 deletions

diff --git a/retired/CVE-2021-47109 b/retired/CVE-2021-47109
new file mode 100644
index 00000000..54604371
--- /dev/null
+++ b/retired/CVE-2021-47109
@@ -0,0 +1,16 @@
+Description: neighbour: allow NUD_NOARP entries to be forced GCed
+References:
+Notes:
+ carnil> Introduced in 58956317c8de (neighbor: Improve garbage collection). Vulnerable
+ carnil> versions: 5.0-rc1.
+Bugs:
+upstream: released (5.13-rc7) [7a6b1ab7475fd6478eeaf5c9d1163e7a18125c8f]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [d17d47da59f726dc4c87caebda3a50333d7e2fd3]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47111 b/retired/CVE-2021-47111
new file mode 100644
index 00000000..065a14aa
--- /dev/null
+++ b/retired/CVE-2021-47111
@@ -0,0 +1,16 @@
+Description: xen-netback: take a reference to the RX task thread
+References:
+Notes:
+ carnil> Introduced in 2ac061ce97f4 ('xen/netback: cleanup init and deinit code').
+ carnil> Vulnerable versions: 5.5-rc1.
+Bugs:
+upstream: released (5.13-rc6) [107866a8eb0b664675a260f1ba0655010fac1e08]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [6b53db8c4c14b4e7256f058d202908b54a7b85b4]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47114 b/retired/CVE-2021-47114
new file mode 100644
index 00000000..b40b06d4
--- /dev/null
+++ b/retired/CVE-2021-47114
@@ -0,0 +1,15 @@
+Description: ocfs2: fix data corruption by fallocate
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.13-rc5) [6bba4471f0cc1296fe3c2089b9e52442d3074b2e]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [c8d5faee46242c3f33b8a71a4d7d52214785bfcc]
+4.19-upstream-stable: released (4.19.194) [cec4e857ffaa8c447f51cd8ab4e72350077b6770]
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47115 b/retired/CVE-2021-47115
new file mode 100644
index 00000000..f3dcec9a
--- /dev/null
+++ b/retired/CVE-2021-47115
@@ -0,0 +1,16 @@
+Description: nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect
+References:
+Notes:
+ carnil> Introduced in d646960f7986 ("NFC: Initial LLCP support"). Vulnerable versions:
+ carnil> 3.3-rc1.
+Bugs:
+upstream: released (5.13-rc5) [4ac06a1e013cf5fdd963317ffd3b968560f33bba]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [48ee0db61c8299022ec88c79ad137f290196cac2]
+4.19-upstream-stable: released (4.19.194) [93e4ac2a9979a9a4ecc158409ed9c3044dc0ae1f]
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47117 b/retired/CVE-2021-47117
new file mode 100644
index 00000000..83a24607
--- /dev/null
+++ b/retired/CVE-2021-47117
@@ -0,0 +1,15 @@
+Description: ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.13-rc5) [082cd4ec240b8734a82a89ffb890216ac98fec68]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [d3b668b96ad3192c0581a248ae2f596cd054792a]
+4.19-upstream-stable: released (4.19.194) [569496aa3776eea1ff0d49d0174ac1b7e861e107]
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47118 b/retired/CVE-2021-47118
new file mode 100644
index 00000000..210b07e5
--- /dev/null
+++ b/retired/CVE-2021-47118
@@ -0,0 +1,16 @@
+Description: pid: take a reference when initializing `cad_pid`
+References:
+Notes:
+ carnil> Introduced in 9ec52099e4b8678a ("[PATCH] replace cad_pid by a struct pid").
+ carnil> Vulnerable versions: 2.6.19-rc1.
+Bugs:
+upstream: released (5.13-rc5) [0711f0d7050b9e07c44bc159bbc64ac0a1022c7f]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [7178be006d495ffb741c329012da289b62dddfe6]
+4.19-upstream-stable: released (4.19.194) [d106f05432e60f9f62d456ef017687f5c73cb414]
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47120 b/retired/CVE-2021-47120
new file mode 100644
index 00000000..7ccb3f60
--- /dev/null
+++ b/retired/CVE-2021-47120
@@ -0,0 +1,16 @@
+Description: HID: magicmouse: fix NULL-deref on disconnect
+References:
+Notes:
+ carnil> Introduced in 9d7b18668956 ("HID: magicmouse: add support for Apple Magic
+ carnil> Trackpad 2"). Vulnerable versions: 4.20-rc1.
+Bugs:
+upstream: released (5.13-rc5) [4b4f6cecca446abcb686c6e6c451d4f1ec1a7497]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [b5d013c4c76b276890135b5d32803c4c63924b77]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47121 b/retired/CVE-2021-47121
new file mode 100644
index 00000000..62703df2
--- /dev/null
+++ b/retired/CVE-2021-47121
@@ -0,0 +1,16 @@
+Description: net: caif: fix memory leak in cfusbl_device_notify
+References:
+Notes:
+ carnil> Introduced in 7ad65bf68d70 ("caif: Add support for CAIF over CDC NCM USB
+ carnil> interface"). Vulnerable versions: 3.3-rc1.
+Bugs:
+upstream: released (5.13-rc5) [7f5d86669fa4d485523ddb1d212e0a2d90bd62bb]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [46403c1f80b0d3f937ff9c4f5edc63bb64bc5051]
+4.19-upstream-stable: released (4.19.194) [9ea0ab48e755d8f29fe89eb235fb86176fdb597f]
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47122 b/retired/CVE-2021-47122
new file mode 100644
index 00000000..6c9933cd
--- /dev/null
+++ b/retired/CVE-2021-47122
@@ -0,0 +1,16 @@
+Description: net: caif: fix memory leak in caif_device_notify
+References:
+Notes:
+ carnil> Introduced in 7c18d2205ea7 ("caif: Restructure how link caif link layer
+ carnil> enroll"). Vulnerable versions: 3.3-rc1.
+Bugs:
+upstream: released (5.13-rc5) [b53558a950a89824938e9811eddfc8efcd94e1bb]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [af2806345a37313f01b1c9f15e046745b8ee2daa]
+4.19-upstream-stable: released (4.19.194) [3be863c11cab725add9fef4237ed4e232c3fc3bb]
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47123 b/retired/CVE-2021-47123
new file mode 100644
index 00000000..d1c163e4
--- /dev/null
+++ b/retired/CVE-2021-47123
@@ -0,0 +1,16 @@
+Description: io_uring: fix ltout double free on completion race
+References:
+Notes:
+ carnil> Introduced in 90cd7e424969d ("io_uring: track link timeout's master
+ carnil> explicitly"). Vulnerable versions: 5.11-rc1.
+Bugs:
+upstream: released (5.13-rc2) [447c19f3b5074409c794b350b10306e1da1ef4ba]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47124 b/retired/CVE-2021-47124
new file mode 100644
index 00000000..23c07b01
--- /dev/null
+++ b/retired/CVE-2021-47124
@@ -0,0 +1,16 @@
+Description: io_uring: fix link timeout refs
+References:
+Notes:
+ carnil> Introduced in 9ae1f8dd372e0 ("io_uring: fix inconsistent lock state").
+ carnil> Vulnerable versions: 5.10.26 5.11.6 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc2) [a298232ee6b9a1d5d732aa497ff8be0d45b5bd82]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.55) [6f5d7a45f58d3abe3a936de1441b8d6318f978ff]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.70-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47125 b/retired/CVE-2021-47125
new file mode 100644
index 00000000..202a0e78
--- /dev/null
+++ b/retired/CVE-2021-47125
@@ -0,0 +1,16 @@
+Description: sch_htb: fix refcount leak in htb_parent_to_leaf_offload
+References:
+Notes:
+ carnil> Introduced in ae81feb7338c ("sch_htb: fix null pointer dereference on a null
+ carnil> new_q"). Vulnerable versions: 5.12-rc7.
+Bugs:
+upstream: released (5.13-rc5) [944d671d5faa0d78980a3da5c0f04960ef1ad893]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47126 b/retired/CVE-2021-47126
new file mode 100644
index 00000000..7469aed5
--- /dev/null
+++ b/retired/CVE-2021-47126
@@ -0,0 +1,18 @@
+Description: ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions
+References:
+Notes:
+ carnil> Introduced in f88d8ea67fbdb ("ipv6: Plumb support for nexthop object in a
+ carnil> fib6_info")
+ carnil> 706ec91916462 ("ipv6: Fix nexthop refcnt leak when creating ipv6 route info").
+ carnil> Vulnerable versions: 5.3-rc1 5.4.58 5.7.15 5.8.
+Bugs:
+upstream: released (5.13-rc5) [821bbf79fe46a8b1d18aa456e8ed0a3c208c3754]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [09870235827451409ff546b073d754a19fd17e2e]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47127 b/retired/CVE-2021-47127
new file mode 100644
index 00000000..db6c7394
--- /dev/null
+++ b/retired/CVE-2021-47127
@@ -0,0 +1,16 @@
+Description: ice: track AF_XDP ZC enabled queues in bitmap
+References:
+Notes:
+ carnil> Introduced in c7a219048e45 ("ice: Remove xsk_buff_pool from VSI structure").
+ carnil> Vulnerable versions: 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc5) [e102db780e1c14f10c70dafa7684af22a745b51d]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47128 b/retired/CVE-2021-47128
new file mode 100644
index 00000000..529b4471
--- /dev/null
+++ b/retired/CVE-2021-47128
@@ -0,0 +1,16 @@
+Description: bpf, lockdown, audit: Fix buggy SELinux lockdown permission checks
+References:
+Notes:
+ carnil> Introduced in 59438b46471a ("security,lockdown,selinux: implement SELinux
+ carnil> lockdown"). Vulnerable versions: 5.6-rc1.
+Bugs:
+upstream: released (5.13-rc5) [ff40e51043af63715ab413995ff46996ecf9583f]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [ff5039ec75c83d2ed5b781dc7733420ee8c985fc]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47129 b/retired/CVE-2021-47129
new file mode 100644
index 00000000..f9838405
--- /dev/null
+++ b/retired/CVE-2021-47129
@@ -0,0 +1,16 @@
+Description: netfilter: nft_ct: skip expectations for confirmed conntrack
+References:
+Notes:
+ carnil> Introduced in 857b46027d6f ("netfilter: nft_ct: add ct expectations support").
+ carnil> Vulnerable versions: 5.3-rc1.
+Bugs:
+upstream: released (5.13-rc5) [1710eb913bdcda3917f44d383c32de6bdabfc836]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [5f3429c05e4028a0e241afdad856dd15dec2ffb9]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47130 b/retired/CVE-2021-47130
new file mode 100644
index 00000000..ee2d4af1
--- /dev/null
+++ b/retired/CVE-2021-47130
@@ -0,0 +1,16 @@
+Description: nvmet: fix freeing unallocated p2pmem
+References:
+Notes:
+ carnil> Introduced in c6e3f1339812 ("nvmet: add metadata support for block devices").
+ carnil> Vulnerable versions: 5.8-rc1.
+Bugs:
+upstream: released (5.13-rc5) [bcd9a0797d73eeff659582f23277e7ab6e5f18f3]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [c440cd080761b18a52cac20f2a42e5da1e3995af]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47132 b/retired/CVE-2021-47132
new file mode 100644
index 00000000..bf34c4f8
--- /dev/null
+++ b/retired/CVE-2021-47132
@@ -0,0 +1,16 @@
+Description: mptcp: fix sk_forward_memory corruption on retransmission
+References:
+Notes:
+ carnil> Introduced in 64b9cea7a0af ("mptcp: fix spurious retransmissions"). Vulnerable
+ carnil> versions: 5.11.4 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc5) [b5941f066b4ca331db225a976dae1d6ca8cf0ae3]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47133 b/retired/CVE-2021-47133
new file mode 100644
index 00000000..4a78e032
--- /dev/null
+++ b/retired/CVE-2021-47133
@@ -0,0 +1,16 @@
+Description: HID: amd_sfh: Fix memory leak in amd_sfh_work
+References:
+Notes:
+ carnil> Introduced in 4b2c53d93a4b ("SFH:Transport Driver to add support of AMD Sensor
+ carnil> Fusion Hub (SFH)"). Vulnerable versions: 5.11-rc1.
+Bugs:
+upstream: released (5.13-rc5) [5ad755fd2b326aa2bc8910b0eb351ee6aece21b1]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47134 b/retired/CVE-2021-47134
new file mode 100644
index 00000000..8958a6f6
--- /dev/null
+++ b/retired/CVE-2021-47134
@@ -0,0 +1,16 @@
+Description: efi/fdt: fix panic when no valid fdt found
+References:
+Notes:
+ carnil> Introduced in b91540d52a08b ("RISC-V: Add EFI runtime services"). Vulnerable
+ carnil> versions: 5.10-rc1.
+Bugs:
+upstream: released (5.13-rc5) [668a84c1bfb2b3fd5a10847825a854d63fac7baa]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [5148066edbdc89c6fe5bc419c31a5c22e5f83bdb]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47135 b/retired/CVE-2021-47135
new file mode 100644
index 00000000..8aece323
--- /dev/null
+++ b/retired/CVE-2021-47135
@@ -0,0 +1,16 @@
+Description: mt76: mt7921: fix possible AOOB issue in mt7921_mcu_tx_rate_report
+References:
+Notes:
+ carnil> Introduced in 1c099ab44727c ("mt76: mt7921: add MCU support"). Vulnerable
+ carnil> versions: 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc5) [d874e6c06952382897d35bf4094193cd44ae91bd]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52451 b/retired/CVE-2023-52451
new file mode 100644
index 00000000..65b77220
--- /dev/null
+++ b/retired/CVE-2023-52451
@@ -0,0 +1,12 @@
+Description: powerpc/pseries/memhp: Fix access beyond end of drmem array
+References:
+Notes:
+Bugs:
+upstream: released (6.8-rc1) [bd68ffce69f6cf8ddd3a3c32549d1d2275e49fc5]
+6.1-upstream-stable: released (6.1.75) [026fd977dc50ff4a5e09bfb0603557f104d3f3a0]
+5.10-upstream-stable: released (5.10.209) [b582aa1f66411d4adcc1aa55b8c575683fb4687e]
+4.19-upstream-stable: released (4.19.306) [bb79613a9a704469ddb8d6c6029d532a5cea384c]
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: released (5.10.209-1)
+4.19-buster-security: ignored "powerpc not supported in LTS"
diff --git a/retired/CVE-2023-52506 b/retired/CVE-2023-52506
new file mode 100644
index 00000000..ed8d7e16
--- /dev/null
+++ b/retired/CVE-2023-52506
@@ -0,0 +1,17 @@
+Description: LoongArch: Set all reserved memblocks on Node#0 at initialization
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+ bwh> LoongArch was only added in 5.19 and is not supported in any
+ bwh> Debian stable release.
+Bugs:
+upstream: released (6.6-rc3) [b795fb9f5861ee256070d59e33130980a01fadd7]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [f105e893a8edd48bdf4bef9fef845a9ff402f737]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26630 b/retired/CVE-2024-26630
new file mode 100644
index 00000000..078e8719
--- /dev/null
+++ b/retired/CVE-2024-26630
@@ -0,0 +1,16 @@
+Description: mm: cachestat: fix folio read-after-free in cache walk
+References:
+Notes:
+ carnil> Introduced in cf264e1329fb ("cachestat: implement cachestat syscall").
+ carnil> Vulnerable versions: 6.5-rc1.
+Bugs:
+upstream: released (6.8-rc7) [3a75cb05d53f4a6823a32deb078de1366954a804]
+6.7-upstream-stable: released (6.7.9) [fe7e008e0ce728252e4ec652cceebcc62211657c]
+6.6-upstream-stable: released (6.6.21) [ba60fdf75e89ea762bb617be578dc47f27655117]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.9-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"