diff options
author | Ben Hutchings <ben@decadent.org.uk> | 2019-08-19 12:59:40 +0100 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2019-08-19 12:59:40 +0100 |
commit | c0ec86e76aff965bc968141f1f433f88a2c4af98 (patch) | |
tree | 5eb0debfcc9062dc8ce92a9469b471cc344c4fcc /retired | |
parent | 1ad723f6597479af484c1ca867ccc3c04944a1dd (diff) |
Retire inactive issues
Diffstat (limited to 'retired')
-rw-r--r-- | retired/CVE-2015-8553 | 29 | ||||
-rw-r--r-- | retired/CVE-2016-10907 | 14 | ||||
-rw-r--r-- | retired/CVE-2017-18509 | 14 | ||||
-rw-r--r-- | retired/CVE-2017-18549 | 14 | ||||
-rw-r--r-- | retired/CVE-2017-18550 | 14 | ||||
-rw-r--r-- | retired/CVE-2017-18552 | 14 | ||||
-rw-r--r-- | retired/CVE-2018-1108 | 21 | ||||
-rw-r--r-- | retired/CVE-2018-20510 | 14 | ||||
-rw-r--r-- | retired/CVE-2018-20836 | 12 | ||||
-rw-r--r-- | retired/CVE-2018-20856 | 14 | ||||
-rw-r--r-- | retired/CVE-2018-20961 | 14 | ||||
-rw-r--r-- | retired/CVE-2018-5995 | 22 | ||||
-rw-r--r-- | retired/CVE-2019-10207 | 19 | ||||
-rw-r--r-- | retired/CVE-2019-10639 | 18 | ||||
-rw-r--r-- | retired/CVE-2019-1125 | 14 | ||||
-rw-r--r-- | retired/CVE-2019-11599 | 20 | ||||
-rw-r--r-- | retired/CVE-2019-12817 | 15 | ||||
-rw-r--r-- | retired/CVE-2019-13233 | 15 | ||||
-rw-r--r-- | retired/CVE-2019-13631 | 13 | ||||
-rw-r--r-- | retired/CVE-2019-13648 | 16 | ||||
-rw-r--r-- | retired/CVE-2019-14283 | 12 | ||||
-rw-r--r-- | retired/CVE-2019-14284 | 12 | ||||
-rw-r--r-- | retired/CVE-2019-14763 | 21 | ||||
-rw-r--r-- | retired/CVE-2019-1999 | 16 | ||||
-rw-r--r-- | retired/CVE-2019-3882 | 15 |
25 files changed, 402 insertions, 0 deletions
diff --git a/retired/CVE-2015-8553 b/retired/CVE-2015-8553 new file mode 100644 index 00000000..8924ab19 --- /dev/null +++ b/retired/CVE-2015-8553 @@ -0,0 +1,29 @@ +Description: Incomplete fix for CVE-2015-2150 +References: + http://xenbits.xen.org/xsa/advisory-120.html + http://thread.gmane.org/gmane.comp.emulators.xen.devel/140440/focus=140441 + http://thread.gmane.org/gmane.linux.kernel/1924087/focus=1924088 +Notes: + bwh> Upstream fix is not clearly correct; see discussions in the references. + jmm> I've gotten in touch with the subsystems maintainers; the patch breaks + jmm> qemu (as used by xen). While this was fixed upstream in qemu, the patch + jmm> hasn't been merged yet since it would break with older versions of qemu + jmm> I'm trying to find out which version is fine, so maybe we can carry that + jmm> the xsa120-addendum.patch as a Debian-specific patch it's merged at some + jmm> point + carnil> qemu fix is in + carnil> https://git.qemu.org/?p=qemu.git;a=commitdiff;h=2e87512eccf3c5e40f3142ff5a763f4f850839f4 + carnil> which is at least in qemu v2.5.0-rc0 onwards. + bwh> The kernel fix will be applied to 4.9, so we will need to add a + bwh> Breaks against old qemu and revert the fix for the jessie backport. +Bugs: +upstream: released (5.1-rc1) [7681f31ec9cdacab4fd10570be924f2cef6669ba] +4.19-upstream-stable: released (4.19.48) [99dcf4a4dd2e102aa843ef2cf9ab65c89e9d56df] +4.9-upstream-stable: released (4.9.181) [19474aa3d81ad5ae8692f7a45ff8ea12fbfd7ede] +3.16-upstream-stable: ignored "breaks qemu versions likely to be used with this kernel version" +3.2-upstream-stable: ignored "EOL" +sid: released (4.19.37-1) [bugfix/all/xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch] +4.19-buster-security: N/A "Fixed before branching point" +4.9-stretch-security: released (4.9.168-1+deb9u5) [bugfix/all/xen-pciback-don-t-disable-pci_command-on-pci-device-.patch] +3.16-jessie-security: ignored "breaks qemu as used in jessie" +3.2-wheezy-security: ignored "breaks qemu as used in jessie" diff --git a/retired/CVE-2016-10907 b/retired/CVE-2016-10907 new file mode 100644 index 00000000..ed200c53 --- /dev/null +++ b/retired/CVE-2016-10907 @@ -0,0 +1,14 @@ +Description: iio: ad5755: fix off-by-one on devnr limit check +References: +Notes: + bwh> Introduced in 4.8 by commit c947459979c6 "iio: ad5755: add support + bwh> for dt bindings". +Bugs: +upstream: released (4.9-rc1) [9d47964bfd471f0dd4c89f28556aec68bffa0020] +4.19-upstream-stable: N/A "Fixed before branching point" +4.9-upstream-stable: N/A "Fixed before branching point" +3.16-upstream-stable: N/A "Vulnerable code not present" +sid: released (4.9.2-1) +4.19-buster-security: N/A "Fixed before branching point" +4.9-stretch-security: N/A "Fixed before branching point" +3.16-jessie-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2017-18509 b/retired/CVE-2017-18509 new file mode 100644 index 00000000..abd095c3 --- /dev/null +++ b/retired/CVE-2017-18509 @@ -0,0 +1,14 @@ +Description: IPv6 mroute missing type check +References: + https://lists.openwall.net/netdev/2017/12/04/40 + https://pulsesecurity.co.nz/advisories/linux-kernel-4.9-inetcsklistenstop-gpf +Notes: +Bugs: +upstream: released (4.11-rc1) [99253eb750fda6a644d5188fb26c43bad8d5a745] +4.19-upstream-stable: N/A "Fixed before branch point" +4.9-upstream-stable: released (4.9.187) [1e531ad4316cb47c6c2b42f3257d1841a6e837e7] +3.16-upstream-stable: released (3.16.72) [2b8d63b97d78835d3cd75b0ee344d21489df4edc] +sid: released (4.11.6-1) +4.19-buster-security: N/A "Fixed before branch point" +4.9-stretch-security: released (4.9.168-1+deb9u5) [bugfix/all/ipv6-check-sk-sk_type-and-protocol-early-in-ip_mrout.patch] +3.16-jessie-security: released (3.16.72-1) diff --git a/retired/CVE-2017-18549 b/retired/CVE-2017-18549 new file mode 100644 index 00000000..38304b29 --- /dev/null +++ b/retired/CVE-2017-18549 @@ -0,0 +1,14 @@ +Description: scsi: aacraid: Don't copy uninitialized stack memory to userspace +References: +Notes: + bwh> Introduced in 4.11 by commit 423400e64d377 "scsi: aacraid: Include HBA + bwh> direct interface". +Bugs: +upstream: released (4.13-rc1) [342ffc26693b528648bdc9377e51e4f2450b4860] +4.19-upstream-stable: N/A "Fixed before branching point" +4.9-upstream-stable: N/A "Vulnerable code not present" +3.16-upstream-stable: N/A "Vulnerable code not present" +sid: released (4.13.4-1) +4.19-buster-security: N/A "Fixed before branching point" +4.9-stretch-security: N/A "Vulnerable code not present" +3.16-jessie-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2017-18550 b/retired/CVE-2017-18550 new file mode 100644 index 00000000..6e932adf --- /dev/null +++ b/retired/CVE-2017-18550 @@ -0,0 +1,14 @@ +Description: scsi: aacraid: Don't copy uninitialized stack memory to userspace +References: +Notes: + bwh> Introduced in 4.11 by commit c799d519bf088 "scsi: aacraid: Retrieve HBA + bwh> host information ioctl" +Bugs: +upstream: released (4.13-rc1) [342ffc26693b528648bdc9377e51e4f2450b4860] +4.19-upstream-stable: N/A "Fixed before branching point" +4.9-upstream-stable: N/A "Vulnerable code not present" +3.16-upstream-stable: N/A "Vulnerable code not present" +sid: released (4.13.4-1) +4.19-buster-security: N/A "Fixed before branching point" +4.9-stretch-security: N/A "Vulnerable code not present" +3.16-jessie-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2017-18552 b/retired/CVE-2017-18552 new file mode 100644 index 00000000..b90ec74c --- /dev/null +++ b/retired/CVE-2017-18552 @@ -0,0 +1,14 @@ +Description: RDS: validate the requested traces user input against max supported +References: +Notes: + bwh> Introduced in 4.11 by commit 3289025aedc0 "RDS: add receive message + bwh> trace used by application". +Bugs: +upstream: released (4.11-rc1) [780e982905bef61d13496d9af5310bf4af3a64d3]] +4.19-upstream-stable: N/A "Fixed before branching point" +4.9-upstream-stable: N/A "Vulnerable code not present" +3.16-upstream-stable: N/A "Vulnerable code not present" +sid: released (4.11.6-1) +4.19-buster-security: N/A "Fixed before branching point" +4.9-stretch-security: N/A "Vulnerable code not present" +3.16-jessie-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2018-1108 b/retired/CVE-2018-1108 new file mode 100644 index 00000000..dbe962e9 --- /dev/null +++ b/retired/CVE-2018-1108 @@ -0,0 +1,21 @@ +Description: random: fix crng_ready() test +References: + https://bugs.chromium.org/p/project-zero/issues/detail?id=1559 +Notes: + carnil> Commit message mentions as fixing commit for CVE-2018-1108 + carnil> 43838a23a05fbd13e47d750d3dfd77001536dd33, and related commits + carnil> dc12baacb95f205948f64dc936a47d89ee110117 (needed for 4.13+) + carnil> and 8ef35c866f8862df074a49a93b0309725812dea8 (needed for 4.8+) + carnil> CVE-2018-1108 itself has "Cc: stable@kernel.org # 4.8+" + carnil> 4.9.88-1+deb9u1 reverts the fix due to various reported regressions. +Bugs: +upstream: released (4.17-rc2) [43838a23a05fbd13e47d750d3dfd77001536dd33] +4.19-upstream-stable: N/A "Fixed before branch point" +4.9-upstream-stable: released (4.9.96) [4dfb3442bb7e1fb80515df4a199ca5a7a8edf900] +3.16-upstream-stable: N/A "Vulnerable code not present" +3.2-upstream-stable: N/A "Vulnerable code not present" +sid: released (4.16.5-1) +4.19-buster-security: N/A "Fixed before branching point" +4.9-stretch-security: ignored "Can't be fixed without many user-space changes" +3.16-jessie-security: N/A "Vulnerable code not present" +3.2-wheezy-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2018-20510 b/retired/CVE-2018-20510 new file mode 100644 index 00000000..32c888ea --- /dev/null +++ b/retired/CVE-2018-20510 @@ -0,0 +1,14 @@ +Description: binder: replace "%p" with "%pK" +References: + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20510 + https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20510.html +Notes: +Bugs: +upstream: released (4.16-rc3) [8ca86f1639ec5890d400fff9211aca22d0a392eb) +4.19-upstream-stable: N/A "Fixed before branching point" +4.9-upstream-stable: released (4.9.181) [6f3433c47e8223c97746ad227d1e6f5531e0758a] +3.16-upstream-stable: released (3.16.57) [c2c37cd0a0f45dd883fc03b38b04a7f0a269a1ca] +sid: released (4.16.5-1) +4.19-buster-security: N/A "Fixed before branching point" +4.9-stretch-security: ignored "Vulnerable code is not enabled" +3.16-jessie-security: released (3.16.57-1) diff --git a/retired/CVE-2018-20836 b/retired/CVE-2018-20836 new file mode 100644 index 00000000..8bf2734e --- /dev/null +++ b/retired/CVE-2018-20836 @@ -0,0 +1,12 @@ +Description: scsi: libsas: fix a race condition when smp task timeout +References: +Notes: +Bugs: +upstream: released (4.20-rc1) [b90cd6f2b905905fb42671009dc0e27c310a16ae] +4.19-upstream-stable: released (4.19.42) [0f18e433b97bf74bb62e0caa95c61e8631967fb9] +4.9-upstream-stable: released (4.9.175) [41b5d3eee4af6a4ea488a1735ed82e4e593eec0d] +3.16-upstream-stable: released (3.16.72) [d5534b2998f7c7009e600d57f27f68ed45779da2] +sid: released (5.2.6-1) +4.19-buster-security: released (4.19.37-5+deb10u2) [bugfix/all/scsi-libsas-fix-a-race-condition-when-smp-task-timeout.patch] +4.9-stretch-security: released (4.9.168-1+deb9u5) [bugfix/all/scsi-libsas-fix-a-race-condition-when-smp-task-timeo.patch] +3.16-jessie-security: released (3.16.72-1) diff --git a/retired/CVE-2018-20856 b/retired/CVE-2018-20856 new file mode 100644 index 00000000..a33161b0 --- /dev/null +++ b/retired/CVE-2018-20856 @@ -0,0 +1,14 @@ +Description: block: blk_init_allocated_queue() set q->fq as NULL in the fail case +References: +Notes: + bwh> Introduced in Linux 3.18 by commit 7c94e1c157a2 "block: introduce + bwh> blk_flush_queue to drive flush machinery". +Bugs: +upstream: released (4.19-rc1) [54648cf1ec2d7f4b6a71767799c45676a138ca24] +4.19-upstream-stable: N/A "Fixed before branching point" +4.9-upstream-stable: released (4.9.189) [c19199167c87841006350cc7c0a59881416e8748] +3.16-upstream-stable: N/A "Vulnerability introduced later" +sid: released (4.18.8-1) +4.19-buster-security: N/A "Fixed before branching point" +4.9-stretch-security: released (4.9.168-1+deb9u5) [bugfix/all/block-blk_init_allocated_queue-set-q-fq-as-null-in-t.patch] +3.16-jessie-security: N/A "Vulnerability introduced later" diff --git a/retired/CVE-2018-20961 b/retired/CVE-2018-20961 new file mode 100644 index 00000000..987884f8 --- /dev/null +++ b/retired/CVE-2018-20961 @@ -0,0 +1,14 @@ +Description: USB: gadget: f_midi: fixing a possible double-free in f_midi +References: +Notes: + carnil> Issue fixes ad0d1a058eac ("usb: gadget: f_midi: fix leak on + carnil> failed to enqueue out requests") which is in 4.4-rc5. +Bugs: +upstream: released (4.17-rc1) [7fafcfdf6377b18b2a726ea554d6e593ba44349f] +4.19-upstream-stable: N/A "Fixed before branching point" +4.9-upstream-stable: released (4.9.96) [b3b0809ac25c3ffedc58e7f83bc01a03193e7834] +3.16-upstream-stable: N/A "Vulnerability introduced later" +sid: released (4.16.5-1) +4.19-buster-security: N/A "Fixed before branching point" +4.9-stretch-security: released (4.9.107-1) +3.16-jessie-security: N/A "Vulnerability introduced later" diff --git a/retired/CVE-2018-5995 b/retired/CVE-2018-5995 new file mode 100644 index 00000000..66f6fa15 --- /dev/null +++ b/retired/CVE-2018-5995 @@ -0,0 +1,22 @@ +Description: local information disclosure +References: + https://github.com/johnsonwangqize/cve-linux/blob/master/CVE-2018-5995.md +Notes: + bwh> The upstream fix was to obscure formatted pointer values by + bwh> default. This carries a high risk of regression so I don't + bwh> think it should be backported. A more targetted fix should + bwh> be possible. + carnil> 4.9 stretch-security marked as ignored for tracking given the + carnil> kernel log is restricted to root by default. But as 4.9.171 + carnil> includes the fix the fix will land in a stretch point release + carnil> as well. So not retiring it yet to mark the fixed version + carnil> later on. +Bugs: +upstream: released (4.15-rc2) [ad67b74d2469d9b82aaa572d76474c95bc484d57] +4.19-upstream-stable: N/A "Fixed before branch point" +4.9-upstream-stable: released (4.9.171) [2c4ae3a694fabfc19b0fc6e65d530a7cdb542bda] +3.16-upstream-stable: released (3.16.67) [14c2d9209a135872def8508e3f19c74f0f3fee52] +sid: released (4.15.4-1) +4.19-buster-security: N/A "Fixed before branching point" +4.9-stretch-security: released (4.9.168-1+deb9u5) [bugfix/all/percpu-stop-printing-kernel-addresses.patch] +3.16-jessie-security: released (3.16.68-1) diff --git a/retired/CVE-2019-10207 b/retired/CVE-2019-10207 new file mode 100644 index 00000000..9ce031ae --- /dev/null +++ b/retired/CVE-2019-10207 @@ -0,0 +1,19 @@ +Description: bluetooth: hci_uart: 0x0 address execution as nonprivileged user +References: + https://www.openwall.com/lists/oss-security/2019/07/25/1 + https://lore.kernel.org/linux-bluetooth/20190725120909.31235-1-vdronov@redhat.com/T/#u +Notes: + bwh> For hci_ath, this was introduced in Linux 2.6.36 by commit + bwh> b3190df62861 "Bluetooth: Support for Atheros AR300x serial chip". + bwh> For hci_uart, this was introduced in Linux 4.2 by commit + bwh> 2a973dfada2b "Bluetooth: hci_uart: Add new line discipline + bwh> enhancements". +Bugs: +upstream: released (5.3-rc3) [b36a1552d7319bbfd5cf7f08726c23c5c66d4f73] +4.19-upstream-stable: released (4.19.64) [56966212e23f82ced10831f7cca02f7339147428] +4.9-upstream-stable: released (4.9.187) [58a01b0bd8ea5fddb51d4d854bb149a1a7312c12] +3.16-upstream-stable: released (3.16.72) [ebb8302ce770e8c455d9209cb598f4cd03021e42] +sid: released (5.2.6-1) +4.19-buster-security: released (4.19.37-5+deb10u2) [bugfix/all/Bluetooth-hci_uart-check-for-missing-tty-operations.patch] +4.9-stretch-security: released (4.9.168-1+deb9u5) [bugfix/all/bluetooth-hci_uart-check-for-missing-tty-operations.patch] +3.16-jessie-security: released (3.16.72-1) diff --git a/retired/CVE-2019-10639 b/retired/CVE-2019-10639 new file mode 100644 index 00000000..55b2d35b --- /dev/null +++ b/retired/CVE-2019-10639 @@ -0,0 +1,18 @@ +Description: netns: provide pure entropy for net_hash_mix() +References: + https://arxiv.org/pdf/1906.10478.pdf +Notes: + bwh> This is a leak of net namespace addresses, which also leaks the KASLR + bwh> base address since init_net is static. It was specifically found to + bwh> leak through IPv4 IDs since commit b6a7719aedd7 "ipv4: hash net ptr + bwh> into fragmentation bucket selection" in Linux 4.1. However, other + bwh> uses may also leak the address in 3.16. +Bugs: +upstream: released (5.1-rc4) [355b98553789b646ed97ad801a619ff898471b92] +4.19-upstream-stable: released (4.19.35) [a1c2f3229734a4bb8d5ac008c0a67e025aa11547] +4.9-upstream-stable: released (4.9.169) [6996763856e1fb27ccae260e41fd73a3fff56678] +3.16-upstream-stable: released (3.16.70) [188da790e1f4d164bcfdea486e91fd47e1ba59c5] +sid: released (4.19.37-1) +4.19-buster-security: N/A "Fixed before branching point" +4.9-stretch-security: released (4.9.168-1+deb9u5) [bugfix/all/inet-switch-ip-id-generator-to-siphash.patch] +3.16-jessie-security: released (3.16.70-1) diff --git a/retired/CVE-2019-1125 b/retired/CVE-2019-1125 new file mode 100644 index 00000000..7637b3f7 --- /dev/null +++ b/retired/CVE-2019-1125 @@ -0,0 +1,14 @@ +Description: Spectre v1 SWAPGS, aka Grand Schemozzle +References: + https://access.redhat.com/articles/4329821 +Notes: + bwh> Variant on Spectre v1, attacking conditional SWAPGS. +Bugs: +upstream: released (5.3-rc4) [18ec54fdd6d18d92025af097cd042a75cf0ea24c, a2059825986a1c8143fd6698774fa9d83733bb11, 64dbc122b20f75183d8822618c24f85144a5a94d, f36cf386e3fec258a341d446915862eded3e13d8, 4c92057661a3412f547ede95715641d7ee16ddac] +4.19-upstream-stable: released (4.19.65) [befb822c062b4c3d93380a58d5fd479395e8b267, 23e7a7b3a75f6dd24c161bf7d1399f251bf5c109, 931b6bfe8af1069fd1a494ef6ab14509ffeacdc3, b88241aef6f1654417bb281546da316ffab57807, 7634b9cd27e8f867dd3438d262c78d4b9262497f] +4.9-upstream-stable: released (4.9.189) [7092a21c757c35d1f924da06092dbed7c113f79a, e90ec5e2b679fd882a0f59eb1bf155d96b34b29c, 90d45f0856f3479a742ae29d5150c59116d3f34a, 6583ecced632cf7f92ff8313d9a6d168df291124, 2224e89446b6095988606ffee3c040e6a7a2c049] +3.16-upstream-stable: released (3.16.72) [79969c78fd8622fa7e7f925acd483eb01714efa4, bba3308d5fe2c8c4605db3ea868ba57ad990d27d, e191f5119eba311b3585492174825db763eeb3b9, 822ef687a0a8e92fab6c12e3c2b5e1a5f1a97d54] +sid: released (5.2.7-1) +4.19-buster-security: released (4.19.37-5+deb10u2) [bugfix/x86/x86-speculation-Prepare-entry-code-for-Spectre-v1-sw.patch, bugfix/x86/x86-speculation-Enable-Spectre-v1-swapgs-mitigations.patch, bugfix/x86/x86-entry-64-Use-JMP-instead-of-JMPQ.patch, bugfix/x86/x86-speculation-swapgs-Exclude-ATOMs-from-speculatio.patch, bugfix/all/Documentation-Add-swapgs-description-to-the-Spectre-.patch] +4.9-stretch-security: released (4.9.168-1+deb9u5) [bugfix/x86/x86-speculation-prepare-entry-code-for-spectre-v1-sw.patch, bugfix/x86/x86-speculation-enable-spectre-v1-swapgs-mitigations.patch, bugfix/x86/x86-entry-64-use-jmp-instead-of-jmpq.patch, bugfix/x86/x86-speculation-swapgs-exclude-atoms-from-speculatio.patch] +3.16-jessie-security: released (3.16.72-1) diff --git a/retired/CVE-2019-11599 b/retired/CVE-2019-11599 new file mode 100644 index 00000000..767f6402 --- /dev/null +++ b/retired/CVE-2019-11599 @@ -0,0 +1,20 @@ +Description: race condition between mmget_not_zero()/get_task_mm() and core dumping +References: + https://bugzilla.redhat.com/show_bug.cgi?id=1696015 + https://marc.info/?l=linux-mm&m=155355419911404&w=2 + https://bugs.chromium.org/p/project-zero/issues/detail?id=1790 +Notes: + carnil> Effect of the race condition should be reproducible since + carnil> before commit 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, cf. + carnil> https://marc.info/?l=linux-mm&m=155355419911404&w=2 . + bwh> The backports to 4.4 and 4.9 are still under discussion. + bwh> The backport to 3.16 might need to be revised based on this. +Bugs: +upstream: released (5.1-rc6) [04f5866e41fb70690e28397487d8bd8eea7d712a] +4.19-upstream-stable: released (4.19.37) [6ff17bc5936e5fab33de8064dc0690f6c8c789ca] +4.9-upstream-stable: released (4.9.188) [16903f1a5ba7707c051edfdfa457620bba45e2c9] +3.16-upstream-stable: released (3.16.66) [a301e6a651037c11d2d9932a35fb56a04eedba8c] +sid: released (4.19.37-1) +4.19-buster-security: N/A "Fixed before branching point" +4.9-stretch-security: released (4.9.168-1+deb9u3) [bugfix/all/coredump-fix-race-condition-between-mmget_not_zero-get_task_mm-and-core-dumping.patch] +3.16-jessie-security: released (3.16.68-1) diff --git a/retired/CVE-2019-12817 b/retired/CVE-2019-12817 new file mode 100644 index 00000000..68624a94 --- /dev/null +++ b/retired/CVE-2019-12817 @@ -0,0 +1,15 @@ +Description: powerpc: Unrelated processes may be able to read/write to each other's virtual memory +References: + https://lore.kernel.org/lkml/87lfxr82ls.fsf@concordia.ellerman.id.au/ +Notes: + carnil> bug introduced with f384796c40dc ("powerpc/mm: Add support for + carnil> handling > 512TB address in SLB miss") (4.17-rc1). +Bugs: +upstream: released (5.2-rc7) [ca72d88378b2f2444d3ec145dd442d449d3fefbc] +4.19-upstream-stable: released (4.19.56) [cd3e49394cb0f45c8dbf3c17c0818cd3d30b1332] +4.9-upstream-stable: N/A "Vulnerable code introduced later" +3.16-upstream-stable: N/A "Vulnerable code introduced later" +sid: released (5.2.6-1) +4.19-buster-security: released (4.19.37-5+deb10u2) [bugfix/powerpc/powerpc-mm-64s-hash-Reallocate-context-ids-on-fork.patch] +4.9-stretch-security: N/A "Vulnerable code not present" +3.16-jessie-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2019-13233 b/retired/CVE-2019-13233 new file mode 100644 index 00000000..31393757 --- /dev/null +++ b/retired/CVE-2019-13233 @@ -0,0 +1,15 @@ +Description: x86/insn-eval: Fix use-after-free access to LDT entry +References: + https://bugs.chromium.org/p/project-zero/issues/detail?id=1879 +Notes: + carnil> Introduced in 670f928ba09b ("x86/insn-eval: Add utility + carnil> function to get segment descriptor") first included in 4.15-rc1 +Bugs: +upstream: released (5.2-rc4) [de9f869616dd95e95c00bdd6b0fcd3421e8a4323] +4.19-upstream-stable: released (4.19.50) [b598ddc7b9fc87b09bdadb63abf92b4ba46cd385] +4.9-upstream-stable: N/A "Vulnerable code introduced later" +3.16-upstream-stable: N/A "Vulnerable code introduced later" +sid: released (5.2.6-1) +4.19-buster-security: released (4.19.37-5+deb10u2) [bugfix/x86/x86-insn-eval-Fix-use-after-free-access-to-LDT-entry.patch] +4.9-stretch-security: N/A "Vulnerable code introduced later" +3.16-jessie-security: N/A "Vulnerable code introduced later" diff --git a/retired/CVE-2019-13631 b/retired/CVE-2019-13631 new file mode 100644 index 00000000..aa48226d --- /dev/null +++ b/retired/CVE-2019-13631 @@ -0,0 +1,13 @@ +Description: Input: gtco - bounds check collection indent level +References: + https://patchwork.kernel.org/patch/11040813/ +Notes: +Bugs: +upstream: released (5.3-rc1) [2a017fd82c5402b3c8df5e3d6e5165d9e6147dc1] +4.19-upstream-stable: released (4.19.61) [d657077eda7b5572d86f2f618391bb016b5d9a64] +4.9-upstream-stable: released (4.9.187) [2628fa1a6d824ee1f3fe67a272a3d00ba33d23fa] +3.16-upstream-stable: released (3.16.72) [754d0ca82fed0ad682e875bea824c348d597ca28] +sid: released (5.2.6-1) +4.19-buster-security: released (4.19.37-5+deb10u2) [bugfix/all/input-gtco-bounds-check-collection-indent-level.patch] +4.9-stretch-security: released (4.9.168-1+deb9u5) [bugfix/all/input-gtco-bounds-check-collection-indent-level.patch] +3.16-jessie-security: released (3.16.72-1) diff --git a/retired/CVE-2019-13648 b/retired/CVE-2019-13648 new file mode 100644 index 00000000..fc9932d2 --- /dev/null +++ b/retired/CVE-2019-13648 @@ -0,0 +1,16 @@ +Description: powerpc/tm: Fix oops on sigreturn on systems without TM +References: + https://patchwork.ozlabs.org/patch/1133904/ + https://www.openwall.com/lists/oss-security/2019/07/30/1 +Notes: + bwh> We have disabled CONFIG_PPC_TRANSACTIONAL_MEM in 4.9.184-1 for + bwh> other reasons, which I think will also fix this. +Bugs: +upstream: released (5.3-rc2) [f16d80b75a096c52354c6e0a574993f3b0dfbdfe] +4.19-upstream-stable: released (4.19.63) [b993a66d8ddc1c26da0d9aa3471789cc170b28ee] +4.9-upstream-stable: released (4.9.187) [08ee34d86c9c6a9b93c0986d7fc6e272690e8d24] +3.16-upstream-stable: released (3.16.72) [929606ae749185c940a5476d3a0e8d8e7c9c1db6] +sid: released (5.2.6-1) +4.19-buster-security: released (4.19.37-5+deb10u2) [bugfix/powerpc/powerpc-tm-Fix-oops-on-sigreturn-on-systems-without-TM.patch] +4.9-stretch-security: released (4.9.168-1+deb9u5) [bugfix/powerpc/powerpc-tm-fix-oops-on-sigreturn-on-systems-without-.patch] +3.16-jessie-security: ignored "powerpc not supported in LTS" diff --git a/retired/CVE-2019-14283 b/retired/CVE-2019-14283 new file mode 100644 index 00000000..882512b2 --- /dev/null +++ b/retired/CVE-2019-14283 @@ -0,0 +1,12 @@ +Description: floppy: fix out-of-bounds read in copy_buffer +References: +Notes: +Bugs: +upstream: released (5.3-rc1) [da99466ac243f15fbba65bd261bfc75ffa1532b6] +4.19-upstream-stable: released (4.19.61) [ff54c44f103825a426e46d08b5d3d76e44791a87] +4.9-upstream-stable: released (4.9.187) [1fdefbb5bc70ff20ea49083c6984aae86e3ecf93] +3.16-upstream-stable: released (3.16.72) [05429983fa0fa3bfa1b8436beb63913d9d4aad1a] +sid: released (5.2.6-1) +4.19-buster-security: released (4.19.37-5+deb10u2) [bugfix/all/floppy-fix-out-of-bounds-read-in-copy_buffer.patch] +4.9-stretch-security: released (4.9.168-1+deb9u5) [bugfix/all/floppy-fix-out-of-bounds-read-in-copy_buffer.patch] +3.16-jessie-security: released (3.16.72-1) diff --git a/retired/CVE-2019-14284 b/retired/CVE-2019-14284 new file mode 100644 index 00000000..17cd0987 --- /dev/null +++ b/retired/CVE-2019-14284 @@ -0,0 +1,12 @@ +Description: floppy: fix div-by-zero in setup_format_params +References: +Notes: +Bugs: +upstream: released (5.3-rc1) [f3554aeb991214cbfafd17d55e2bfddb50282e32] +4.19-upstream-stable: released (4.19.61) [6e34fd07484a0622a17b40e0ca89ed451260ef45] +4.9-upstream-stable: released (4.9.187) [604206cde7a6c1907f6f03d90c37505a45ef1b62] +3.16-upstream-stable: released (3.16.72) [a36b6459cbff32a0ef228241c99d6586ca7e944c] +sid: released (5.2.6-1) +4.19-buster-security: released (4.19.37-5+deb10u2) [bugfix/all/floppy-fix-div-by-zero-in-setup_format_params.patch] +4.9-stretch-security: released (4.9.168-1+deb9u5) [bugfix/all/floppy-fix-div-by-zero-in-setup_format_params.patch] +3.16-jessie-security: released (3.16.72-1) diff --git a/retired/CVE-2019-14763 b/retired/CVE-2019-14763 new file mode 100644 index 00000000..af0765be --- /dev/null +++ b/retired/CVE-2019-14763 @@ -0,0 +1,21 @@ +Description: double-locking error in drivers/usb/dwc3/gadget.c may potentially cause a deadlock with f_hid +References: +Notes: + carnil> The issue (as the CVE is bound the drivers/usb/dwc3/gadget.c) + carnil> might be considered as fixed already solely by c91815b59624 + carnil> ("usb: dwc3: gadget: never call ->complete() from ->ep_queue()"). + carnil> There is a related commit 072684e8c58d ("USB: gadget: f_hid: + carnil> fix deadlock in f_hidg_write()") only present in 5.1-rc3 and + carnil> potential backports. The assignment seems though specific to + carnil> c91815b59624. + benh> Introduced in 4.10 by commit 15b8d9332b92 "usb: dwc3: gadget: + benh> giveback request if we can't kick it" +Bugs: +upstream: released (4.17-rc1) [c91815b596245fd7da349ecc43c8def670d2269e] +4.19-upstream-stable: N/A "Fixed before branching point" +4.9-upstream-stable: N/A "Vulnerability introduced later" +3.16-upstream-stable: N/A "Vulnerability introduced later" +sid: released (4.16.5-1) +4.19-buster-security: N/A "Fixed before branching point" +4.9-stretch-security: N/A "Vulnerability introduced later" +3.16-jessie-security: N/A "Vulnerability introduced later" diff --git a/retired/CVE-2019-1999 b/retired/CVE-2019-1999 new file mode 100644 index 00000000..cde03f75 --- /dev/null +++ b/retired/CVE-2019-1999 @@ -0,0 +1,16 @@ +Description: binder: fix race between munmap() and direct reclaim +References: + https://source.android.com/security/bulletin/2019-02-01 +Notes: + bwh> Introduced in 4.14 by f2517eb76f1f "android: binder: Add global lru + bwh> shrinker to binder". Backports of the fix to stable have incorrect + bwh> metadata. +Bugs: +upstream: released (v5.1-rc3) [5cec2d2e5839f9c0fec319c523a911e0a7fd299f] +4.19-upstream-stable: released (4.19.38) [6bf7d3c5c0c5dad650bfc4345ed553c18b69d59e] +4.9-upstream-stable: N/A "Vulnerable code introduced later" +3.16-upstream-stable: N/A "Vulnerable code introduced later" +sid: released (5.2.6-1) +4.19-buster-security: released (4.19.37-5+deb10u2) [bugfix/all/binder-fix-race-between-munmap-and-direct-reclaim.patch] +4.9-stretch-security: N/A "Vulnerable code introduced later" +3.16-jessie-security: N/A "Vulnerable code introduced later" diff --git a/retired/CVE-2019-3882 b/retired/CVE-2019-3882 new file mode 100644 index 00000000..a5f1fba9 --- /dev/null +++ b/retired/CVE-2019-3882 @@ -0,0 +1,15 @@ +Description: DoS through vfio/type1 DMA mappings +References: + https://www.openwall.com/lists/oss-security/2019/04/03/1 + https://lore.kernel.org/lkml/155414977872.12780.13728555131525362206.stgit@gimli.home/T/#u + https://bugzilla.redhat.com/show_bug.cgi?id=1689426 +Notes: +Bugs: +upstream: released (5.1-rc4) [492855939bdb59c6f947b0b5b44af9ad82b7e38c] +4.19-upstream-stable: released (4.19.38) [f7b467ad1be0478f0341afa8a9ac112732def088] +4.9-upstream-stable: released (4.9.173) [4f97abd571ec3d56c50a2edfe0932059f4549afa] +3.16-upstream-stable: released (3.16.66) [d3334471c34797ab1729cbadddd411118d51c584] +sid: released (4.19.37-1) [bugfix/all/vfio-type1-Limit-DMA-mappings-per-container.patch] +4.19-buster-security: N/A "Fixed before branching point" +4.9-stretch-security: released (4.9.168-1+deb9u5) [bugfix/all/vfio-type1-limit-dma-mappings-per-container.patch] +3.16-jessie-security: released (3.16.68-1) |