Retire some CVEs

author: Salvatore Bonaccorso <carnil@debian.org> 2024-01-15 21:24:04 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2024-01-15 21:24:04 +0100
commit: be56a91174d148278f04a2b36cdca1dbc472a8db (patch)
tree: 7ff55efd41dc3dc8ee088794dd7dd469fc422341 /retired
parent: 13cf3f2842f77be6267661da63b54b09b52b8d05 (diff)
4 files changed, 67 insertions, 0 deletions
diff --git a/retired/CVE-2022-48619 b/retired/CVE-2022-48619
new file mode 100644
index 00000000..b413e514
--- /dev/null
+++ b/retired/CVE-2022-48619
@@ -0,0 +1,12 @@
+Description: Input: add bounds checking to input_set_capability()
+References:
+Notes:
+Bugs:
+upstream: released (5.18-rc1) [409353cbe9fe48f6bc196114c442b1cff05a39bc]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.118) [d5e88c2d76efa9d7bb7ceffaec60fe6c76c748d7]
+4.19-upstream-stable: released (4.19.245) [01d41d7e7fc7eef99ae5b1065d9186f91ff099e7]
+sid: released (5.17.11-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.120-1)
+4.19-buster-security: released (4.19.249-1)
diff --git a/retired/CVE-2024-0193 b/retired/CVE-2024-0193
new file mode 100644
index 00000000..0fa15bea
--- /dev/null
+++ b/retired/CVE-2024-0193
@@ -0,0 +1,19 @@
+Description: netfilter: nf_tables: skip set commit for deleted/destroyed sets
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2255653
+ https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git/commit/?id=7315dc1e122c85ffdfc8defffbb8f8b616c2eb1a
+Notes:
+ carnil> Commit fixes 5f68718b34a5 ("netfilter: nf_tables: GC
+ carnil> transaction API to avoid race with control plane") in 6.5-rc6
+ carnil> (and got backported to 5.10.198, 6.1.56, 6.4.11). This was part
+ carnil> of the fix for CVE-2023-4244 and backported as well in Debian.
+ carnil> Fixed in 6.6.10 for 6.6.y.
+Bugs:
+upstream: released (6.7) [7315dc1e122c85ffdfc8defffbb8f8b616c2eb1a]
+6.1-upstream-stable: released (6.1.71) [0105571f80edb96f81bb4bbdd5233a9130dc345b]
+5.10-upstream-stable: released (5.10.206) [73117ea03363d4493bd4e9f82f29b34b92d88a91]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.11-1)
+6.1-bookworm-security: released (6.1.69-1) [bugfix/all/netfilter-nf_tables-skip-set-commit-for-deleted-dest.patch]
+5.10-bullseye-security: released (5.10.205-1) [bugfix/all/netfilter-nf_tables-skip-set-commit-for-deleted-dest.patch]
+4.19-buster-security: N/A "Vulnerable code not present in a Debian released version"
diff --git a/retired/CVE-2024-0443 b/retired/CVE-2024-0443
new file mode 100644
index 00000000..1182fa97
--- /dev/null
+++ b/retired/CVE-2024-0443
@@ -0,0 +1,20 @@
+Description: blk-cgroup: Flush stats at blkgs destruction path
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2257968
+ https://lore.kernel.org/linux-block/20221215033132.230023-3-longman@redhat.com/
+Notes:
+ carnil> Initially there was attempt to address it with dae590a6c96c ("blk-
+ carnil> cgroup: Flush stats at blkgs destruction path") but then
+ carnil> reverted with c62256dda371 ("Revert "blk-cgroup: Flush stats at
+ carnil> blkgs destruction path"").
+ carnil> Commit fixes 3b8cc6298724 ("blk-cgroup: Optimize
+ carnil> blkcg_rstat_flush()") in 6.2-rc1.
+Bugs:
+upstream: released (6.4-rc7) [20cb1c2fb7568a6054c55defe044311397e01ddb]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.3.11-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-0562 b/retired/CVE-2024-0562
new file mode 100644
index 00000000..c388b114
--- /dev/null
+++ b/retired/CVE-2024-0562
@@ -0,0 +1,16 @@
+Description: writeback: avoid use-after-free after removing device
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2258475
+ https://patchwork.kernel.org/project/linux-mm/patch/20220801155034.3772543-1-khazhy@google.com/
+Notes:
+ carnil> Commit fixes 45a2966fd641 ("writeback: fix bandwidth estimate
+ carnil> for spiky workload") in 5.15-rc1.
+Bugs:
+upstream: released (6.0-rc3) [f87904c075515f3e1d8f4a7115869d3b914674fd]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.19.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
author	Salvatore Bonaccorso <carnil@debian.org>	2024-01-15 21:24:04 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2024-01-15 21:24:04 +0100
commit	be56a91174d148278f04a2b36cdca1dbc472a8db (patch)
tree	7ff55efd41dc3dc8ee088794dd7dd469fc422341 /retired
parent	13cf3f2842f77be6267661da63b54b09b52b8d05 (diff)