Retire resolved CVEs

23 files changed, 368 insertions, 0 deletions

diff --git a/retired/CVE-2021-47082 b/retired/CVE-2021-47082
new file mode 100644
index 00000000..e899aa55
--- /dev/null
+++ b/retired/CVE-2021-47082
@@ -0,0 +1,15 @@
+Description: tun: avoid double free in tun_free_netdev
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.16-rc7) [158b515f703e75e7d68289bf4d98c664e1d632df]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.136) [a01a4e9f5dc93335c716fa4023b1901956e8c904]
+4.19-upstream-stable: released (4.19.280) [8eb43d635950e27c29f1e9e49a23b31637f37757]
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.136-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2021-47084 b/retired/CVE-2021-47084
new file mode 100644
index 00000000..ea7c2f58
--- /dev/null
+++ b/retired/CVE-2021-47084
@@ -0,0 +1,15 @@
+Description: hamradio: defer ax25 kfree after unregister_netdev
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.16-rc1) [3e0588c291d6ce225f2b891753ca41d45ba42469]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.89) [450121075a6a6f1d50f97225d3396315309d61a1]
+4.19-upstream-stable: released (4.19.223) [896193a02a2981e60c40d4614fd095ce92135ccd]
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/retired/CVE-2021-47085 b/retired/CVE-2021-47085
new file mode 100644
index 00000000..c3ea36a3
--- /dev/null
+++ b/retired/CVE-2021-47085
@@ -0,0 +1,15 @@
+Description: hamradio: improve the incomplete fix to avoid NPD
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.16-rc7) [b2f37aead1b82a770c48b5d583f35ec22aabb61e]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.89) [7dd52af1eb5798f590d9d9e1c56ed8f5744ee0ca]
+4.19-upstream-stable: released (4.19.223) [b68f41c6320b2b7fbb54a95f07a69f3dc7e56c59]
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/retired/CVE-2021-47086 b/retired/CVE-2021-47086
new file mode 100644
index 00000000..f06d9fb0
--- /dev/null
+++ b/retired/CVE-2021-47086
@@ -0,0 +1,15 @@
+Description: phonet/pep: refuse to enable an unbound pipe
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.16-rc7) [75a2f31520095600f650597c0ac41f48b5ba0068]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.89) [52ad5da8e316fa11e3a50b3f089aa63e4089bf52]
+4.19-upstream-stable: released (4.19.223) [982b6ba1ce626ef87e5c29f26f2401897554f235]
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/retired/CVE-2021-47087 b/retired/CVE-2021-47087
new file mode 100644
index 00000000..e5d2150a
--- /dev/null
+++ b/retired/CVE-2021-47087
@@ -0,0 +1,16 @@
+Description: tee: optee: Fix incorrect page free bug
+References:
+Notes:
+ carnil> Introduced in ec185dd3ab25 ("optee: Fix memory leak when failing to register
+ carnil> shm pages"). Vulnerable versions: 5.4.140 5.10.58 5.13.10 5.14-rc5.
+Bugs:
+upstream: released (5.16-rc7) [18549bf4b21c739a9def39f27dcac53e27286ab5]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.89) [ad338d825e3f7b96ee542bf313728af2d19fe9ad]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47088 b/retired/CVE-2021-47088
new file mode 100644
index 00000000..defea2ea
--- /dev/null
+++ b/retired/CVE-2021-47088
@@ -0,0 +1,16 @@
+Description: mm/damon/dbgfs: protect targets destructions with kdamond_lock
+References:
+Notes:
+ carnil> Introduced in 4bc05954d007 ("mm/damon: implement a debugfs-based user space
+ carnil> interface"). Vulnerable versions: 5.15-rc1.
+Bugs:
+upstream: released (5.16-rc7) [34796417964b8d0aef45a99cf6c2d20cebe33733]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47089 b/retired/CVE-2021-47089
new file mode 100644
index 00000000..f9c0f686
--- /dev/null
+++ b/retired/CVE-2021-47089
@@ -0,0 +1,16 @@
+Description: kfence: fix memory leak when cat kfence objects
+References:
+Notes:
+ carnil> Introduced in 0ce20dd84089 ("mm: add Kernel Electric-Fence infrastructure").
+ carnil> Vulnerable versions: 5.12-rc1.
+Bugs:
+upstream: released (5.16-rc7) [0129ab1f268b6cf88825eae819b9b84aa0a85634]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47090 b/retired/CVE-2021-47090
new file mode 100644
index 00000000..b37f8556
--- /dev/null
+++ b/retired/CVE-2021-47090
@@ -0,0 +1,16 @@
+Description: mm/hwpoison: clear MF_COUNT_INCREASED before retrying get_any_page()
+References:
+Notes:
+ carnil> Introduced in b94e02822deb ("mm,hwpoison: try to narrow window race for free
+ carnil> pages"). Vulnerable versions: 5.10-rc1.
+Bugs:
+upstream: released (5.16-rc7) [2a57d83c78f889bf3f54eede908d0643c40d5418]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.89) [1f207076740101fed87074a6bc924dbe806f08a5]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47091 b/retired/CVE-2021-47091
new file mode 100644
index 00000000..87fc79e6
--- /dev/null
+++ b/retired/CVE-2021-47091
@@ -0,0 +1,16 @@
+Description: mac80211: fix locking in ieee80211_start_ap error path
+References:
+Notes:
+ carnil> Introduced in 295b02c4be74 ("mac80211: Add FILS discovery support"). Vulnerable
+ carnil> versions: 5.10-rc1.
+Bugs:
+upstream: released (5.16-rc7) [87a270625a89fc841f1a7e21aae6176543d8385c]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.89) [ac61b9c6c0549aaeb98194cf429d93c41bfe5f79]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47092 b/retired/CVE-2021-47092
new file mode 100644
index 00000000..53257ac9
--- /dev/null
+++ b/retired/CVE-2021-47092
@@ -0,0 +1,16 @@
+Description: KVM: VMX: Always clear vmx->fail on emulation_required
+References:
+Notes:
+ carnil> Introduced in c8607e4a086f ("KVM: x86: nVMX: don't fail nested VM entry on
+ carnil> invalid guest state if !from_vmentry"). Vulnerable versions: 5.15-rc4.
+Bugs:
+upstream: released (5.16-rc7) [a80dfc025924024d2c61a4c1b8ef62b2fce76a04]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47093 b/retired/CVE-2021-47093
new file mode 100644
index 00000000..9da02033
--- /dev/null
+++ b/retired/CVE-2021-47093
@@ -0,0 +1,16 @@
+Description: platform/x86: intel_pmc_core: fix memleak on registration failure
+References:
+Notes:
+ carnil> Introduced in 938835aa903a ("platform/x86: intel_pmc_core: do not create a
+ carnil> static struct device"). Vulnerable versions: 5.9.
+Bugs:
+upstream: released (5.16-rc7) [26a8b09437804fabfb1db080d676b96c0de68e7c]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.89) [7a37f2e370699e2feca3dca6c8178c71ceee7e8a]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47095 b/retired/CVE-2021-47095
new file mode 100644
index 00000000..230bbce4
--- /dev/null
+++ b/retired/CVE-2021-47095
@@ -0,0 +1,16 @@
+Description: ipmi: ssif: initialize ssif_info->client early
+References:
+Notes:
+ carnil> Introduced in c4436c9149c5 ("ipmi_ssif: avoid registering duplicate ssif
+ carnil> interface"). Vulnerable versions: 5.4-rc1.
+Bugs:
+upstream: released (5.16-rc7) [34f35f8f14bc406efc06ee4ff73202c6fd245d15]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.89) [1f6ab847461ce7dd89ae9db2dd4658c993355d7c]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47096 b/retired/CVE-2021-47096
new file mode 100644
index 00000000..bb2dad10
--- /dev/null
+++ b/retired/CVE-2021-47096
@@ -0,0 +1,16 @@
+Description: ALSA: rawmidi - fix the uninitalized user_pversion
+References:
+Notes:
+ carnil> Introduced in 09d23174402d ("ALSA: rawmidi: introduce
+ carnil> SNDRV_RAWMIDI_IOCTL_USER_PVERSION"). Vulnerable versions: 5.14.10 5.15-rc4.
+Bugs:
+upstream: released (5.16-rc7) [39a8fc4971a00d22536aeb7d446ee4a97810611b]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47097 b/retired/CVE-2021-47097
new file mode 100644
index 00000000..a98b7fad
--- /dev/null
+++ b/retired/CVE-2021-47097
@@ -0,0 +1,16 @@
+Description: Input: elantech - fix stack out of bound access in elantech_change_report_id()
+References:
+Notes:
+ carnil> Introduced in e4c9062717fe ("Input: elantech - fix protocol errors for some
+ carnil> trackpoints in SMBus mode"). Vulnerable versions: 5.4.103 5.10.21 5.11-rc1.
+Bugs:
+upstream: released (5.16-rc7) [1d72d9f960ccf1052a0630a68c3d358791dbdaaa]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.89) [676c572439e58b7ee6b7ca3f1e5595382921045c]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47098 b/retired/CVE-2021-47098
new file mode 100644
index 00000000..2a30b16f
--- /dev/null
+++ b/retired/CVE-2021-47098
@@ -0,0 +1,16 @@
+Description: hwmon: (lm90) Prevent integer overflow/underflow in hysteresis calculations
+References:
+Notes:
+ carnil> Introduced in b50aa49638c7 ("hwmon: (lm90) Prevent integer underflows of
+ carnil> temperature calculations"). Vulnerable versions: 5.14-rc1.
+Bugs:
+upstream: released (5.16-rc7) [55840b9eae5367b5d5b29619dc2fb7e4596dba46]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47099 b/retired/CVE-2021-47099
new file mode 100644
index 00000000..766441a7
--- /dev/null
+++ b/retired/CVE-2021-47099
@@ -0,0 +1,16 @@
+Description: veth: ensure skb entering GRO are not cloned.
+References:
+Notes:
+ carnil> Introduced in d3256efd8e8b ("veth: allow enabling NAPI even without XDP").
+ carnil> Vulnerable versions: 5.13-rc1.
+Bugs:
+upstream: released (5.16-rc7) [9695b7de5b4760ed22132aca919570c0190cb0ce]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47100 b/retired/CVE-2021-47100
new file mode 100644
index 00000000..8c185311
--- /dev/null
+++ b/retired/CVE-2021-47100
@@ -0,0 +1,16 @@
+Description: ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module
+References:
+Notes:
+ carnil> Introduced in b2cfd8ab4add ("ipmi: Rework device id and guid handling to catch
+ carnil> changing BMCs"). Vulnerable versions: 4.15-rc1.
+Bugs:
+upstream: released (5.16-rc7) [ffb76a86f8096a8206be03b14adda6092e18e275]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.89) [6809da5185141e61401da5b01896b79a4deed1ad]
+4.19-upstream-stable: released (4.19.223) [925229d552724e1bba1abf01d3a0b1318539b012]
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/retired/CVE-2021-47102 b/retired/CVE-2021-47102
new file mode 100644
index 00000000..0deb5cc4
--- /dev/null
+++ b/retired/CVE-2021-47102
@@ -0,0 +1,16 @@
+Description: net: marvell: prestera: fix incorrect structure access
+References:
+Notes:
+ carnil> Introduced in 3d5048cc54bd ("net: marvell: prestera: move netdev topology
+ carnil> validation to prestera_main"). Vulnerable versions: 5.14-rc1.
+Bugs:
+upstream: released (5.16-rc7) [2efc2256febf214e7b2bdaa21fe6c3c3146acdcb]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47103 b/retired/CVE-2021-47103
new file mode 100644
index 00000000..81dc65fa
--- /dev/null
+++ b/retired/CVE-2021-47103
@@ -0,0 +1,16 @@
+Description: inet: fully convert sk->sk_rx_dst to RCU rules
+References:
+Notes:
+ carnil> Introduced in 41063e9dd119 ("ipv4: Early TCP socket demux."). Vulnerable
+ carnil> versions: 3.6-rc1.
+Bugs:
+upstream: released (5.16-rc7) [8f905c0e7354ef261360fb7535ea079b1082c105]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.150) [f039b43cbaea5e0700980c2f0052da05a70782e0]
+4.19-upstream-stable: released (4.19.262) [75a578000ae5e511e5d0e8433c94a14d9c99c412]
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.158-1)
+4.19-buster-security: released (4.19.269-1)
diff --git a/retired/CVE-2021-47104 b/retired/CVE-2021-47104
new file mode 100644
index 00000000..c2c0236b
--- /dev/null
+++ b/retired/CVE-2021-47104
@@ -0,0 +1,17 @@
+Description: IB/qib: Fix memory leak in qib_user_sdma_queue_pkts()
+References:
+Notes:
+ carnil> Introduced in d39bf40e55e6 ("IB/qib: Protect from buffer overflow in struct
+ carnil> qib_user_sdma_pkt fields"). Vulnerable versions: 4.4.292 4.9.290 4.14.255
+ carnil> 4.19.216 5.4.157 5.10.77 5.14.16 5.15.
+Bugs:
+upstream: released (5.16-rc7) [bee90911e0138c76ee67458ac0d58b38a3190f65]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.89) [7cf6466e00a77b0a914b7b2c28a1fc7947d55e59]
+4.19-upstream-stable: released (4.19.223) [0aaec9c5f60754b56f84460ea439b8c5e91f4caa]
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/retired/CVE-2021-47106 b/retired/CVE-2021-47106
new file mode 100644
index 00000000..c49f691f
--- /dev/null
+++ b/retired/CVE-2021-47106
@@ -0,0 +1,16 @@
+Description: netfilter: nf_tables: fix use-after-free in nft_set_catchall_destroy()
+References:
+Notes:
+ carnil> Introduced in aaa31047a6d2 ("netfilter: nftables: add catch-all set element
+ carnil> support"). Vulnerable versions: 5.13-rc1.
+Bugs:
+upstream: released (5.16-rc7) [0f7d9b31ce7abdbb29bf018131ac920c9f698518]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47107 b/retired/CVE-2021-47107
new file mode 100644
index 00000000..b66b83ed
--- /dev/null
+++ b/retired/CVE-2021-47107
@@ -0,0 +1,18 @@
+Description: NFSD: Fix READDIR buffer overflow
+References:
+Notes:
+ carnil> Introduced in f5dcccd647da ("NFSD: Update the NFSv2 READDIR entry encoder to
+ carnil> use struct xdr_stream")
+ carnil> 7f87fc2d34d4 ("NFSD: Update NFSv3 READDIR entry encoders to use struct
+ carnil> xdr_stream"). Vulnerable versions: 5.13-rc1.
+Bugs:
+upstream: released (5.16-rc7) [53b1119a6e5028b125f431a0116ba73510d82a72]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47108 b/retired/CVE-2021-47108
new file mode 100644
index 00000000..f1e0fe12
--- /dev/null
+++ b/retired/CVE-2021-47108
@@ -0,0 +1,17 @@
+Description: drm/mediatek: hdmi: Perform NULL pointer check for mtk_hdmi_conf
+References:
+Notes:
+ carnil> Introduced in 41ca9caaae0b ("drm/mediatek: hdmi: Add check for CEA modes only")
+ carnil> c91026a938c2 ("drm/mediatek: hdmi: Add optional limit on maximal HDMI mode
+ carnil> clock"). Vulnerable versions: 5.14-rc1.
+Bugs:
+upstream: released (5.16-rc7) [3b8e19a0aa3933a785be9f1541afd8d398c4ec69]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"