Retire CVEs

author: Salvatore Bonaccorso <carnil@debian.org> 2024-02-29 07:55:53 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2024-02-29 07:55:53 +0100
commit: c289ed05ac639a3e8c9efc1122633dd94123af99 (patch)
tree: 1afcf9bafedaa0cda0f0506120e65b0882c927b7 /retired
parent: 78df14178f64ab8464e05f783ff8693946c3b7c5 (diff)
76 files changed, 1223 insertions, 0 deletions
diff --git a/retired/CVE-2020-36778 b/retired/CVE-2020-36778
new file mode 100644
index 00000000..0e99f9e4
--- /dev/null
+++ b/retired/CVE-2020-36778
@@ -0,0 +1,16 @@
+Description: i2c: xiic: fix reference leak when pm_runtime_get_sync fails
+References:
+Notes:
+ carnil> Introduced in 10b17004a74c ("i2c: xiic: Fix the clocking across bind unbind").
+ carnil> Vulnerable versions: 5.6-rc1.
+Bugs:
+upstream: released (5.13-rc1) [a85c5c7a3aa8041777ff691400b4046e56149fd3]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [c977426db644ba476938125597947979e8aba725]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2020-36779 b/retired/CVE-2020-36779
new file mode 100644
index 00000000..16719022
--- /dev/null
+++ b/retired/CVE-2020-36779
@@ -0,0 +1,16 @@
+Description: i2c: stm32f7: fix reference leak when pm_runtime_get_sync fails
+References:
+Notes:
+ carnil> Introduced in ea6dd25deeb5 ("i2c: stm32f7: add PM_SLEEP suspend/resume
+ carnil> support"). Vulnerable versions: 5.6-rc1.
+Bugs:
+upstream: released (5.13-rc1) [2c662660ce2bd3b09dae21a9a9ac9395e1e6c00b]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [c323b270a52a26aa8038a4d1fd9a850904a41166]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2020-36781 b/retired/CVE-2020-36781
new file mode 100644
index 00000000..5c48c726
--- /dev/null
+++ b/retired/CVE-2020-36781
@@ -0,0 +1,16 @@
+Description: i2c: imx: fix reference leak when pm_runtime_get_sync fails
+References:
+Notes:
+ carnil> Introduced in 3a5ee18d2a32 ("i2c: imx: implement master_xfer_atomic callback").
+ carnil> Vulnerable versions: 5.7-rc1.
+Bugs:
+upstream: released (5.13-rc1) [47ff617217ca6a13194fcb35c6c3a0c57c080693]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [3a0cdd336d92c429b51a79bf4f64b17eafa0325d]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2020-36785 b/retired/CVE-2020-36785
new file mode 100644
index 00000000..3bb8ca11
--- /dev/null
+++ b/retired/CVE-2020-36785
@@ -0,0 +1,16 @@
+Description: media: atomisp: Fix use after free in atomisp_alloc_css_stat_bufs()
+References:
+Notes:
+ carnil> Introduced in ad85094b293e ("Revert "media: staging: atomisp: Remove driver"").
+ carnil> Vulnerable versions: 5.8-rc1.
+Bugs:
+upstream: released (5.13-rc1) [ba11bbf303fafb33989e95473e409f6ab412b18d]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [d218c7a0284f6b92a7b82d2e19706e18663b4193]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2020-36786 b/retired/CVE-2020-36786
new file mode 100644
index 00000000..564dae55
--- /dev/null
+++ b/retired/CVE-2020-36786
@@ -0,0 +1,16 @@
+Description: media: [next] staging: media: atomisp: fix memory leak of object flash
+References:
+Notes:
+ carnil> Introduced in 9289cdf39992 ("staging: media: atomisp: Convert to GPIO
+ carnil> descriptors"). Vulnerable versions: 5.10-rc1.
+Bugs:
+upstream: released (5.13-rc1) [6045b01dd0e3cd3759eafe7f290ed04c957500b1]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [cc4cc2fb5aaf9adb83c02211eb13b16cfcb7ba64]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2020-36787 b/retired/CVE-2020-36787
new file mode 100644
index 00000000..f5e61012
--- /dev/null
+++ b/retired/CVE-2020-36787
@@ -0,0 +1,17 @@
+Description: media: aspeed: fix clock handling logic
+References:
+Notes:
+ carnil> Introduced in d2b4387f3bdf ("media: platform: Add Aspeed Video Engine driver")
+ carnil> d3d04f6c330a ("clk: Add support for AST2600 SoC"). Vulnerable versions: 5.0-rc1
+ carnil> 5.4-rc1.
+Bugs:
+upstream: released (5.13-rc1) [3536169f8531c2c5b153921dc7d1ac9fd570cda7]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [a59d01384c80a8a4392665802df57c3df20055f5]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46976 b/retired/CVE-2021-46976
new file mode 100644
index 00000000..f13b1b8b
--- /dev/null
+++ b/retired/CVE-2021-46976
@@ -0,0 +1,16 @@
+Description: drm/i915: Fix crash in auto_retire
+References:
+Notes:
+ carnil> Introduced in 229007e02d69 ("drm/i915: Wrap i915_active in a simple kreffed
+ carnil> struct"). Vulnerable versions: 5.8-rc1.
+Bugs:
+upstream: released (5.13-rc2) [402be8a101190969fc7ff122d07e262df86e132b]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [805c990a9c54b9451d3daff640b850909c31ab9d]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46977 b/retired/CVE-2021-46977
new file mode 100644
index 00000000..a225085c
--- /dev/null
+++ b/retired/CVE-2021-46977
@@ -0,0 +1,16 @@
+Description: KVM: VMX: Disable preemption when probing user return MSRs
+References:
+Notes:
+ carnil> Introduced in 4be534102624 ("KVM: VMX: Initialize vmx->guest_msrs[] right after
+ carnil> allocation"). Vulnerable versions: 5.5-rc1.
+Bugs:
+upstream: released (5.13-rc2) [5104d7ffcf24749939bea7fdb5378d186473f890]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [31f29749ee970c251b3a7e5b914108425940d089]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46978 b/retired/CVE-2021-46978
new file mode 100644
index 00000000..88f3d3ce
--- /dev/null
+++ b/retired/CVE-2021-46978
@@ -0,0 +1,16 @@
+Description: KVM: nVMX: Always make an attempt to map eVMCS after migration
+References:
+Notes:
+ carnil> Introduced in f2c7ef3ba955 ("KVM: nSVM: cancel KVM_REQ_GET_NESTED_STATE_PAGES
+ carnil> on nested vmexit"). Vulnerable versions: 5.10.13 5.11-rc3.
+Bugs:
+upstream: released (5.13-rc2) [f5c7e8425f18fdb9bdb7d13340651d7876890329]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [c8bf64e3fb77cc19bad146fbe26651985b117194]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46979 b/retired/CVE-2021-46979
new file mode 100644
index 00000000..3fda350d
--- /dev/null
+++ b/retired/CVE-2021-46979
@@ -0,0 +1,16 @@
+Description: iio: core: fix ioctl handlers removal
+References:
+Notes:
+ carnil> Introduced in 8dedcc3eee3ac ("iio: core: centralize ioctl() calls to the main
+ carnil> chardev"). Vulnerable versions: 5.11-rc1.
+Bugs:
+upstream: released (5.13-rc2) [901f84de0e16bde10a72d7eb2f2eb73fcde8fa1a]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46980 b/retired/CVE-2021-46980
new file mode 100644
index 00000000..e420fb7e
--- /dev/null
+++ b/retired/CVE-2021-46980
@@ -0,0 +1,18 @@
+Description: usb: typec: ucsi: Retrieve all the PDOs instead of just the first 4
+References:
+Notes:
+ carnil> Introduced in 992a60ed0d5e ("usb: typec: ucsi: register with power_supply
+ carnil> class")
+ carnil> 4dbc6a4ef06d ("usb: typec: ucsi: save power data objects in PD mode").
+ carnil> Vulnerable versions: 5.8-rc1.
+Bugs:
+upstream: released (5.13-rc2) [1f4642b72be79757f050924a9b9673b6a02034bc]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [e5366bea0277425e1868ba20eeb27c879d5a6e2d]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46982 b/retired/CVE-2021-46982
new file mode 100644
index 00000000..443a12eb
--- /dev/null
+++ b/retired/CVE-2021-46982
@@ -0,0 +1,16 @@
+Description: f2fs: compress: fix race condition of overwrite vs truncate
+References:
+Notes:
+ carnil> Introduced in 4c8ff7095bef ("f2fs: support data compression"). Vulnerable
+ carnil> versions: 5.6-rc1.
+Bugs:
+upstream: released (5.13-rc2) [a949dc5f2c5cfe0c910b664650f45371254c0744]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [5639b73fd3bc6fc8ca72e3a9ac15aacaabd7ebff]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46983 b/retired/CVE-2021-46983
new file mode 100644
index 00000000..24016075
--- /dev/null
+++ b/retired/CVE-2021-46983
@@ -0,0 +1,16 @@
+Description: nvmet-rdma: Fix NULL deref when SEND is completed with error
+References:
+Notes:
+ carnil> Introduced in ca0f1a8055be2 ("nvmet-rdma: use new shared CQ mechanism").
+ carnil> Vulnerable versions: 5.9-rc1.
+Bugs:
+upstream: released (5.13-rc2) [8cc365f9559b86802afc0208389f5c8d46b4ad61]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [64f3410c7bfc389b1a58611d0799f4a36ce4b6b5]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46985 b/retired/CVE-2021-46985
new file mode 100644
index 00000000..b325d2e4
--- /dev/null
+++ b/retired/CVE-2021-46985
@@ -0,0 +1,16 @@
+Description: ACPI: scan: Fix a memory leak in an error handling path
+References:
+Notes:
+ carnil> Introduced in eb50aaf960e3 ("ACPI: scan: Use unique number for instance_no").
+ carnil> Vulnerable versions: 4.9.264 4.14.228 4.19.184 5.4.109 5.10.27 5.11.11 5.12-rc5.
+Bugs:
+upstream: released (5.13-rc2) [0c8bd174f0fc131bc9dfab35cd8784f59045da87]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [e2381174daeae0ca35eddffef02dcc8de8c1ef8a]
+4.19-upstream-stable: released (4.19.191) [69cc821e89ce572884548ac54c4f80eec7a837a5]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-46986 b/retired/CVE-2021-46986
new file mode 100644
index 00000000..ad09dd9b
--- /dev/null
+++ b/retired/CVE-2021-46986
@@ -0,0 +1,16 @@
+Description: usb: dwc3: gadget: Free gadget structure only after freeing endpoints
+References:
+Notes:
+ carnil> Introduced in e81a7018d93a ("usb: dwc3: allocate gadget structure
+ carnil> dynamically"). Vulnerable versions: 5.10-rc1.
+Bugs:
+upstream: released (5.13-rc2) [bb9c74a5bd1462499fe5ccb1e3c5ac40dcfa9139]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [1ea775021282d90e1d08d696b7ab54aa75d688e5]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46988 b/retired/CVE-2021-46988
new file mode 100644
index 00000000..2c1d5964
--- /dev/null
+++ b/retired/CVE-2021-46988
@@ -0,0 +1,16 @@
+Description: userfaultfd: release page in error path to avoid BUG_ON
+References:
+Notes:
+ carnil> Introduced in cb658a453b93 ("userfaultfd: shmem: avoid leaking blocks and used
+ carnil> blocks in UFFDIO_COPY"). Vulnerable versions: 4.11-rc1.
+Bugs:
+upstream: released (5.13-rc2) [7ed9d238c7dbb1fdb63ad96a6184985151b0171c]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [140cfd9980124aecb6c03ef2e69c72d0548744de]
+4.19-upstream-stable: released (4.19.191) [07c9b834c97d0fa3402fb7f3f3b32df370a6ff1f]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-46989 b/retired/CVE-2021-46989
new file mode 100644
index 00000000..7a3877bb
--- /dev/null
+++ b/retired/CVE-2021-46989
@@ -0,0 +1,16 @@
+Description: hfsplus: prevent corruption in shrinking truncate
+References:
+Notes:
+ carnil> Introduced in 31651c607151f ("hfsplus: avoid deadlock on file truncation").
+ carnil> Vulnerable versions: 4.19-rc1.
+Bugs:
+upstream: released (5.13-rc2) [c3187cf32216313fb316084efac4dab3a8459b1d]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [adbd8a2a8cc05d9e501f93e5c95c59307874cc99]
+4.19-upstream-stable: released (4.19.191) [52dde855663e5db824af51db39b5757d2ef3e28a]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46990 b/retired/CVE-2021-46990
new file mode 100644
index 00000000..c8e35526
--- /dev/null
+++ b/retired/CVE-2021-46990
@@ -0,0 +1,16 @@
+Description: powerpc/64s: Fix crashes when toggling entry flush barrier
+References:
+Notes:
+ carnil> Introduced in f79643787e0a ("powerpc/64s: flush L1D on kernel entry").
+ carnil> Vulnerable versions: 4.4.245 4.9.245 4.14.208 4.19.159 5.4.79 5.9.10 5.10-rc5.
+Bugs:
+upstream: released (5.13-rc2) [aec86b052df6541cc97c5fca44e5934cbea4963b]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [d2e3590ca39ccfd8a5a46d8c7f095cb6c7b9ae92]
+4.19-upstream-stable: released (4.19.191) [2db22ba4e0e103f00e0512e0ecce36ac78c644f8]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-46991 b/retired/CVE-2021-46991
new file mode 100644
index 00000000..efd42c49
--- /dev/null
+++ b/retired/CVE-2021-46991
@@ -0,0 +1,16 @@
+Description: i40e: Fix use-after-free in i40e_client_subtask()
+References:
+Notes:
+ carnil> Introduced in 7b0b1a6d0ac9 ("i40e: Disable iWARP VSI PETCP_ENA flag on netdev
+ carnil> down events"). Vulnerable versions: 4.16-rc1.
+Bugs:
+upstream: released (5.13-rc1) [38318f23a7ef86a8b1862e5e8078c4de121960c3]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [829a713450b8fb127cbabfc1244c1d8179ec5107]
+4.19-upstream-stable: released (4.19.191) [c1322eaeb8af0d8985b5cc5fa759140fa0e57b84]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-46992 b/retired/CVE-2021-46992
new file mode 100644
index 00000000..f1d9fc8b
--- /dev/null
+++ b/retired/CVE-2021-46992
@@ -0,0 +1,16 @@
+Description: netfilter: nftables: avoid overflows in nft_hash_buckets()
+References:
+Notes:
+ carnil> Introduced in 0ed6389c483d ("netfilter: nf_tables: rename set
+ carnil> implementations"). Vulnerable versions: 4.9-rc1.
+Bugs:
+upstream: released (5.13-rc1) [a54754ec9891830ba548e2010c889e3c8146e449]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [72b49dd116ca00a46a11d5a4d8d7987f05ed9cd7]
+4.19-upstream-stable: released (4.19.191) [efcd730ddd6f25578bd31bfe703e593e2421d708]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-46993 b/retired/CVE-2021-46993
new file mode 100644
index 00000000..44dfca42
--- /dev/null
+++ b/retired/CVE-2021-46993
@@ -0,0 +1,16 @@
+Description: sched: Fix out-of-bound access in uclamp
+References:
+Notes:
+ carnil> Introduced in 69842cba9ace ("sched/uclamp: Add CPU's clamp buckets
+ carnil> refcounting"). Vulnerable versions: 5.3-rc1.
+Bugs:
+upstream: released (5.13-rc1) [6d2f8909a5fabb73fe2a63918117943986c39b6c]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [f7347c85490b92dd144fa1fba9e1eca501656ab3]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46994 b/retired/CVE-2021-46994
new file mode 100644
index 00000000..99f51c44
--- /dev/null
+++ b/retired/CVE-2021-46994
@@ -0,0 +1,16 @@
+Description: can: mcp251x: fix resume from sleep before interface was brought up
+References:
+Notes:
+ carnil> Introduced in 8ce8c0abcba3 ("can: mcp251x: only reset hardware as required").
+ carnil> Vulnerable versions: 5.5-rc1.
+Bugs:
+upstream: released (5.13-rc1) [03c427147b2d3e503af258711af4fc792b89b0af]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [eecb4df8ec9f896b19ee05bfa632ac6c1dcd8f21]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46995 b/retired/CVE-2021-46995
new file mode 100644
index 00000000..c6ab8bb6
--- /dev/null
+++ b/retired/CVE-2021-46995
@@ -0,0 +1,16 @@
+Description: can: mcp251xfd: mcp251xfd_probe(): fix an error pointer dereference in probe
+References:
+Notes:
+ carnil> Introduced in cf8ee6de2543 ("can: mcp251xfd: mcp251xfd_probe(): use
+ carnil> dev_err_probe() to simplify error handling"). Vulnerable versions: 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc1) [4cc7faa406975b460aa674606291dea197c1210c]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46996 b/retired/CVE-2021-46996
new file mode 100644
index 00000000..f47d0143
--- /dev/null
+++ b/retired/CVE-2021-46996
@@ -0,0 +1,16 @@
+Description: netfilter: nftables: Fix a memleak from userdata error path in new objects
+References:
+Notes:
+ carnil> Introduced in b131c96496b3 ("netfilter: nf_tables: add userdata support for
+ carnil> nft_object"). Vulnerable versions: 5.10-rc1.
+Bugs:
+upstream: released (5.13-rc1) [85dfd816fabfc16e71786eda0a33a7046688b5b0]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [2c784a500f5edd337258b0fdb2f31bc9abde1a23]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46997 b/retired/CVE-2021-46997
new file mode 100644
index 00000000..a6b31cfb
--- /dev/null
+++ b/retired/CVE-2021-46997
@@ -0,0 +1,20 @@
+Description: arm64: entry: always set GIC_PRIO_PSR_I_SET during entry
+References:
+Notes:
+ carnil> Introduced in 23529049c684 ("arm64: entry: fix non-NMI user<->kernel
+ carnil> transitions")
+ carnil> 7cd1ea1010ac ("arm64: entry: fix non-NMI kernel<->kernel transitions")
+ carnil> f0cd5ac1e4c5 ("arm64: entry: fix NMI {user, kernel}->kernel transitions")
+ carnil> 2a9b3e6ac69a ("arm64: entry: fix EL1 debug transitions"). Vulnerable versions:
+ carnil> 5.10-rc7.
+Bugs:
+upstream: released (5.13-rc1) [4d6a38da8e79e94cbd1344aa90876f0f805db705]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [51524fa8b5f7b879ba569227738375d283b79382]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46998 b/retired/CVE-2021-46998
new file mode 100644
index 00000000..25a6480a
--- /dev/null
+++ b/retired/CVE-2021-46998
@@ -0,0 +1,16 @@
+Description: ethernet:enic: Fix a use after free bug in enic_hard_start_xmit
+References:
+Notes:
+ carnil> Introduced in fb7516d42478e ("enic: add sw timestamp support"). Vulnerable
+ carnil> versions: 4.16-rc1.
+Bugs:
+upstream: released (5.13-rc1) [643001b47adc844ae33510c4bb93c236667008a3]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [7afdd6aba95c8a526038e7abe283eeac3e4320f1]
+4.19-upstream-stable: released (4.19.191) [25a87b1f566b5eb2af2857a928f0e2310d900976]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-46999 b/retired/CVE-2021-46999
new file mode 100644
index 00000000..ee21f385
--- /dev/null
+++ b/retired/CVE-2021-46999
@@ -0,0 +1,16 @@
+Description: sctp: do asoc update earlier in sctp_sf_do_dupcook_a
+References:
+Notes:
+ carnil> Introduced in 145cb2f7177d ("sctp: Fix bundling of SHUTDOWN with COOKIE-ACK").
+ carnil> Vulnerable versions: 4.19.123 5.4.41 5.6.13 5.7-rc3.
+Bugs:
+upstream: released (5.13-rc1) [35b4f24415c854cd718ccdf38dbea6297f010aae]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [f01988ecf3654f805282dce2d3bb9afe68d2691e]
+4.19-upstream-stable: released (4.19.191) [d624f2991b977821375fbd56c91b0c91d456a697]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47000 b/retired/CVE-2021-47000
new file mode 100644
index 00000000..60b792c1
--- /dev/null
+++ b/retired/CVE-2021-47000
@@ -0,0 +1,16 @@
+Description: ceph: fix inode leak on getattr error in __fh_to_dentry
+References:
+Notes:
+ carnil> Introduced in 878dabb64117 ("ceph: don't return -ESTALE if there's still an
+ carnil> open file"). Vulnerable versions: 5.4.49 5.7.6 5.8-rc1.
+Bugs:
+upstream: released (5.13-rc1) [1775c7ddacfcea29051c67409087578f8f4d751b]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [bf45c9fe99aa8003d2703f1bd353f956dea47e40]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47001 b/retired/CVE-2021-47001
new file mode 100644
index 00000000..d3583ee2
--- /dev/null
+++ b/retired/CVE-2021-47001
@@ -0,0 +1,16 @@
+Description: xprtrdma: Fix cwnd update ordering
+References:
+Notes:
+ carnil> Introduced in 2ae50ad68cd7 ("xprtrdma: Close window between waking RPC senders
+ carnil> and posting Receives"). Vulnerable versions: 5.4.13 5.5-rc1.
+Bugs:
+upstream: released (5.13-rc1) [35d8b10a25884050bb3b0149b62c3818ec59f77c]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [eddae8be7944096419c2ae29477a45f767d0fcd4]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47002 b/retired/CVE-2021-47002
new file mode 100644
index 00000000..0f190902
--- /dev/null
+++ b/retired/CVE-2021-47002
@@ -0,0 +1,16 @@
+Description: SUNRPC: Fix null pointer dereference in svc_rqst_free()
+References:
+Notes:
+ carnil> Introduced in 5191955d6fc6 ("SUNRPC: Prepare for xdr_stream-style decoding on
+ carnil> the server-side"). Vulnerable versions: 5.11-rc1.
+Bugs:
+upstream: released (5.13-rc1) [b9f83ffaa0c096b4c832a43964fe6bff3acffe10]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47003 b/retired/CVE-2021-47003
new file mode 100644
index 00000000..0c7a5f0f
--- /dev/null
+++ b/retired/CVE-2021-47003
@@ -0,0 +1,16 @@
+Description: dmaengine: idxd: Fix potential null dereference on pointer status
+References:
+Notes:
+ carnil> Introduced in 89e3becd8f82 ("dmaengine: idxd: check device state before issue
+ carnil> command"). Vulnerable versions: 5.10.17 5.11.
+Bugs:
+upstream: released (5.13-rc1) [28ac8e03c43dfc6a703aa420d18222540b801120]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [5756f757c72501ef1a16f5f63f940623044180e9]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47004 b/retired/CVE-2021-47004
new file mode 100644
index 00000000..a0af8f9c
--- /dev/null
+++ b/retired/CVE-2021-47004
@@ -0,0 +1,17 @@
+Description: f2fs: fix to avoid touching checkpointed data in get_victim()
+References:
+Notes:
+ carnil> Introduced in 4354994f097d ("f2fs: checkpoint disabling")
+ carnil> 093749e296e2 ("f2fs: support age threshold based garbage collection").
+ carnil> Vulnerable versions: 4.20-rc1 5.10-rc1.
+Bugs:
+upstream: released (5.13-rc1) [61461fc921b756ae16e64243f72af2bfc2e620db]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [105155a8146ddb54c119d8318964eef3859d109d]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47005 b/retired/CVE-2021-47005
new file mode 100644
index 00000000..4b0865bc
--- /dev/null
+++ b/retired/CVE-2021-47005
@@ -0,0 +1,16 @@
+Description: PCI: endpoint: Fix NULL pointer dereference for ->get_features()
+References:
+Notes:
+ carnil> Introduced in 2c04c5b8eef79 ("PCI: pci-epf-test: Use pci_epc_get_features() to
+ carnil> get EPC features"). Vulnerable versions: 5.1-rc1.
+Bugs:
+upstream: released (5.13-rc1) [6613bc2301ba291a1c5a90e1dc24cf3edf223c03]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [bbed83d7060e07a5d309104d25a00f0a24441428]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47006 b/retired/CVE-2021-47006
new file mode 100644
index 00000000..55432a90
--- /dev/null
+++ b/retired/CVE-2021-47006
@@ -0,0 +1,16 @@
+Description: ARM: 9064/1: hw_breakpoint: Do not directly check the event's overflow_handler hook
+References:
+Notes:
+ carnil> Introduced in 1879445dfa7b ("perf/core: Set event's default
+ carnil> ::overflow_handler()"). Vulnerable versions: 4.7-rc1.
+Bugs:
+upstream: released (5.13-rc1) [a506bd5756290821a4314f502b4bafc2afcf5260]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [630146203108bf6b8934eec0dfdb3e46dcb917de]
+4.19-upstream-stable: released (4.19.191) [a9938d6d78a238d6ab8de57a4d3dcf77adceb9bb]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47007 b/retired/CVE-2021-47007
new file mode 100644
index 00000000..5ea925f0
--- /dev/null
+++ b/retired/CVE-2021-47007
@@ -0,0 +1,16 @@
+Description: f2fs: fix panic during f2fs_resize_fs()
+References:
+Notes:
+ carnil> Introduced in b4b10061ef98 ("f2fs: refactor resize_fs to avoid meta updates in
+ carnil> progress"). Vulnerable versions: 5.8-rc1.
+Bugs:
+upstream: released (5.13-rc1) [3ab0598e6d860ef49d029943ba80f627c15c15d6]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [1c20a4896409f5ca1c770e1880c33d0a28a8b10f]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47008 b/retired/CVE-2021-47008
new file mode 100644
index 00000000..41c055f0
--- /dev/null
+++ b/retired/CVE-2021-47008
@@ -0,0 +1,18 @@
+Description: KVM: SVM: Make sure GHCB is mapped before updating
+References:
+Notes:
+ carnil> Introduced in f1c6366e3043 ("KVM: SVM: Add required changes to support
+ carnil> intercepts under SEV-ES")
+ carnil> 647daca25d24 ("KVM: SVM: Add support for booting APs in an SEV-ES guest").
+ carnil> Vulnerable versions: 5.11-rc1 5.11-rc3.
+Bugs:
+upstream: released (5.13-rc1) [a3ba26ecfb569f4aa3f867e80c02aa65f20aadad]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47009 b/retired/CVE-2021-47009
new file mode 100644
index 00000000..2542237a
--- /dev/null
+++ b/retired/CVE-2021-47009
@@ -0,0 +1,16 @@
+Description: KEYS: trusted: Fix memory leak on object td
+References:
+Notes:
+ carnil> Introduced in 5df16caada3f ("KEYS: trusted: Fix incorrect handling of
+ carnil> tpm_get_random()"). Vulnerable versions: 5.10.20 5.11.3 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc2) [83a775d5f9bfda95b1c295f95a3a041a40c7f321]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [31c9a4b24d86cbb36ff0d7a085725a3b4f0138c8]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47010 b/retired/CVE-2021-47010
new file mode 100644
index 00000000..068b9c1f
--- /dev/null
+++ b/retired/CVE-2021-47010
@@ -0,0 +1,16 @@
+Description: net: Only allow init netns to set default tcp cong to a restricted algo
+References:
+Notes:
+ carnil> Introduced in 6670e1524477 ("tcp: Namespace-ify
+ carnil> sysctl_tcp_default_congestion_control"). Vulnerable versions: 4.15-rc1.
+Bugs:
+upstream: released (5.13-rc1) [8d432592f30fcc34ef5a10aac4887b4897884493]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [6c1ea8bee75df8fe2184a50fcd0f70bf82986f42]
+4.19-upstream-stable: released (4.19.191) [992de06308d9a9584d59b96d294ac676f924e437]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47011 b/retired/CVE-2021-47011
new file mode 100644
index 00000000..9f9345ed
--- /dev/null
+++ b/retired/CVE-2021-47011
@@ -0,0 +1,16 @@
+Description: mm: memcontrol: slab: fix obtain a reference to a freeing memcg
+References:
+Notes:
+ carnil> Introduced in 3de7d4f25a74 ("mm: memcg/slab: optimize objcg stock draining").
+ carnil> Vulnerable versions: 5.10.11 5.11-rc5.
+Bugs:
+upstream: released (5.13-rc1) [9f38f03ae8d5f57371b71aa6b4275765b65454fd]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [31df8bc4d3feca9f9c6b2cd06fd64a111ae1a0e6]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47012 b/retired/CVE-2021-47012
new file mode 100644
index 00000000..a80d32bb
--- /dev/null
+++ b/retired/CVE-2021-47012
@@ -0,0 +1,16 @@
+Description: RDMA/siw: Fix a use after free in siw_alloc_mr
+References:
+Notes:
+ carnil> Introduced in 2251334dcac9 ("rdma/siw: application buffer management").
+ carnil> Vulnerable versions: 5.3-rc1.
+Bugs:
+upstream: released (5.13-rc1) [3093ee182f01689b89e9f8797b321603e5de4f63]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [608a4b90ece039940e9425ee2b39c8beff27e00c]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47013 b/retired/CVE-2021-47013
new file mode 100644
index 00000000..37cb8d4d
--- /dev/null
+++ b/retired/CVE-2021-47013
@@ -0,0 +1,16 @@
+Description: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send
+References:
+Notes:
+ carnil> Introduced in b9b17debc69d2 ("net: emac: emac gigabit ethernet controller
+ carnil> driver"). Vulnerable versions: 4.9-rc1.
+Bugs:
+upstream: released (5.13-rc1) [6d72e7c767acbbdd44ebc7d89c6690b405b32b57]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [9dc373f74097edd0e35f3393d6248eda8d1ba99d]
+4.19-upstream-stable: released (4.19.191) [16d8c44be52e3650917736d45f5904384a9da834]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47017 b/retired/CVE-2021-47017
new file mode 100644
index 00000000..c564e64f
--- /dev/null
+++ b/retired/CVE-2021-47017
@@ -0,0 +1,16 @@
+Description: ath10k: Fix a use after free in ath10k_htc_send_bundle
+References:
+Notes:
+ carnil> Introduced in c8334512f3dd1 ("ath10k: add htt TX bundle for sdio"). Vulnerable
+ carnil> versions: 5.8-rc1.
+Bugs:
+upstream: released (5.13-rc1) [8392df5d7e0b6a7d21440da1fc259f9938f4dec3]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [8bb054fb336f4250002fff4e0b075221c05c3c65]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47018 b/retired/CVE-2021-47018
new file mode 100644
index 00000000..45bca5d3
--- /dev/null
+++ b/retired/CVE-2021-47018
@@ -0,0 +1,16 @@
+Description: powerpc/64: Fix the definition of the fixmap area
+References:
+Notes:
+ carnil> Introduced in 265c3491c4bc ("powerpc: Add support for GENERIC_EARLY_IOREMAP").
+ carnil> Vulnerable versions: 5.5-rc1.
+Bugs:
+upstream: released (5.13-rc1) [9ccba66d4d2aff9a3909aa77d57ea8b7cc166f3c]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [4b9fb2c9039a206d37f215936a4d5bee7b1bf9cd]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47019 b/retired/CVE-2021-47019
new file mode 100644
index 00000000..fa0eb51a
--- /dev/null
+++ b/retired/CVE-2021-47019
@@ -0,0 +1,16 @@
+Description: mt76: mt7921: fix possible invalid register access
+References:
+Notes:
+ carnil> Introduced in ffa1bf97425b ("mt76: mt7921: introduce PM support"). Vulnerable
+ carnil> versions: 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc1) [fe3fccde8870764ba3e60610774bd7bc9f8faeff]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47021 b/retired/CVE-2021-47021
new file mode 100644
index 00000000..c8cb8e5a
--- /dev/null
+++ b/retired/CVE-2021-47021
@@ -0,0 +1,16 @@
+Description: mt76: mt7915: fix memleak when mt7915_unregister_device()
+References:
+Notes:
+ carnil> Introduced in f285dfb98562 ("mt76: mt7915: reset token when mac_reset
+ carnil> happens"). Vulnerable versions: 5.11.4 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc1) [e9d32af478cfc3744a45245c0b126738af4b3ac4]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47022 b/retired/CVE-2021-47022
new file mode 100644
index 00000000..c5196b6a
--- /dev/null
+++ b/retired/CVE-2021-47022
@@ -0,0 +1,16 @@
+Description: mt76: mt7615: fix memleak when mt7615_unregister_device()
+References:
+Notes:
+ carnil> Introduced in a6275e934605 ("mt76: mt7615: reset token when mac_reset
+ carnil> happens"). Vulnerable versions: 5.10.21 5.11.4 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc1) [8ab31da7b89f71c4c2defcca989fab7b42f87d71]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [4fa28c807da54c1d720b3cc12e48eb9bea1e2c8f]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47023 b/retired/CVE-2021-47023
new file mode 100644
index 00000000..4f11a945
--- /dev/null
+++ b/retired/CVE-2021-47023
@@ -0,0 +1,16 @@
+Description: net: marvell: prestera: fix port event handling on init
+References:
+Notes:
+ carnil> Introduced in 501ef3066c89 ("net: marvell: prestera: Add driver for Prestera
+ carnil> family ASIC devices"). Vulnerable versions: 5.10-rc1.
+Bugs:
+upstream: released (5.13-rc1) [333980481b99edb24ebd5d1a53af70a15d9146de]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [0ce6052802be2cb61a57b753e41301339c88c839]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47025 b/retired/CVE-2021-47025
new file mode 100644
index 00000000..503717ea
--- /dev/null
+++ b/retired/CVE-2021-47025
@@ -0,0 +1,16 @@
+Description: iommu/mediatek: Always enable the clk on resume
+References:
+Notes:
+ carnil> Introduced in c0b57581b73b ("iommu/mediatek: Add power-domain operation").
+ carnil> Vulnerable versions: 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc1) [b34ea31fe013569d42b7e8681ef3f717f77c5b72]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47026 b/retired/CVE-2021-47026
new file mode 100644
index 00000000..d0bbf7f2
--- /dev/null
+++ b/retired/CVE-2021-47026
@@ -0,0 +1,16 @@
+Description: RDMA/rtrs-clt: destroy sysfs after removing session from active list
+References:
+Notes:
+ carnil> Introduced in 6a98d71daea1 ("RDMA/rtrs: client: main functionality").
+ carnil> Vulnerable versions: 5.8-rc1.
+Bugs:
+upstream: released (5.13-rc1) [7f4a8592ff29f19c5a2ca549d0973821319afaad]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [b64415c6b3476cf9fa4d0aea3807065b8403a937]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47027 b/retired/CVE-2021-47027
new file mode 100644
index 00000000..d1703086
--- /dev/null
+++ b/retired/CVE-2021-47027
@@ -0,0 +1,16 @@
+Description: mt76: mt7921: fix kernel crash when the firmware fails to download
+References:
+Notes:
+ carnil> Introduced in 5c14a5f944b9 ("mt76: mt7921: introduce mt7921e support").
+ carnil> Vulnerable versions: 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc1) [e230f0c44f011f3270680a506b19b7e84c5e8923]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47029 b/retired/CVE-2021-47029
new file mode 100644
index 00000000..a8fc7a6c
--- /dev/null
+++ b/retired/CVE-2021-47029
@@ -0,0 +1,16 @@
+Description: mt76: connac: fix kernel warning adding monitor interface
+References:
+Notes:
+ carnil> Introduced in d0e274af2f2e4 ("mt76: mt76_connac: create mcu library").
+ carnil> Vulnerable versions: 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc1) [c996f0346e40e3b1ac2ebaf0681df898fb157f60]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47030 b/retired/CVE-2021-47030
new file mode 100644
index 00000000..a9ed3657
--- /dev/null
+++ b/retired/CVE-2021-47030
@@ -0,0 +1,16 @@
+Description: mt76: mt7615: fix memory leak in mt7615_coredump_work
+References:
+Notes:
+ carnil> Introduced in d2bf7959d9c0f ("mt76: mt7663: introduce coredump support").
+ carnil> Vulnerable versions: 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc1) [49cc85059a2cb656f96ff3693f891e8fe8f669a9]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47031 b/retired/CVE-2021-47031
new file mode 100644
index 00000000..567051fa
--- /dev/null
+++ b/retired/CVE-2021-47031
@@ -0,0 +1,16 @@
+Description: mt76: mt7921: fix memory leak in mt7921_coredump_work
+References:
+Notes:
+ carnil> Introduced in 1c099ab44727c ("mt76: mt7921: add MCU support"). Vulnerable
+ carnil> versions: 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc1) [782b3e86ea970e899f8e723db9f64708a15ca30e]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47032 b/retired/CVE-2021-47032
new file mode 100644
index 00000000..980666f4
--- /dev/null
+++ b/retired/CVE-2021-47032
@@ -0,0 +1,16 @@
+Description: mt76: mt7915: fix tx skb dma unmap
+References:
+Notes:
+ carnil> Introduced in 27d5c528a7ca ("mt76: fix double DMA unmap of the first buffer on
+ carnil> 7615/7915"). Vulnerable versions: 5.10-rc1.
+Bugs:
+upstream: released (5.13-rc1) [7dcf3c04f0aca746517a77433b33d40868ca4749]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [4e7914ce23306b28d377ec395e00e5fde0e6f96e]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47033 b/retired/CVE-2021-47033
new file mode 100644
index 00000000..6900464b
--- /dev/null
+++ b/retired/CVE-2021-47033
@@ -0,0 +1,16 @@
+Description: mt76: mt7615: fix tx skb dma unmap
+References:
+Notes:
+ carnil> Introduced in 27d5c528a7ca ("mt76: fix double DMA unmap of the first buffer on
+ carnil> 7615/7915"). Vulnerable versions: 5.10-rc1.
+Bugs:
+upstream: released (5.13-rc1) [ebee7885bb12a8fe2c2f9bac87dbd87a05b645f9]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [75bc5f779a7664d1fc19cb915039439c6e58bb94]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47034 b/retired/CVE-2021-47034
new file mode 100644
index 00000000..d2164f4b
--- /dev/null
+++ b/retired/CVE-2021-47034
@@ -0,0 +1,16 @@
+Description: powerpc/64s: Fix pte update for kernel memory on radix
+References:
+Notes:
+ carnil> Introduced in f1cb8f9beba8 ("powerpc/64s/radix: avoid ptesync after set_pte and
+ carnil> ptep_set_access_flags"). Vulnerable versions: 4.18-rc1.
+Bugs:
+upstream: released (5.13-rc1) [b8b2f37cf632434456182e9002d63cbc4cccc50c]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [84c0762633f2a7ac8399e6b97d3b9bb8e6e1d50f]
+4.19-upstream-stable: released (4.19.191) [b3d5d0983388d6c4fb35f7d722556d5595f167a7]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47035 b/retired/CVE-2021-47035
new file mode 100644
index 00000000..461ab699
--- /dev/null
+++ b/retired/CVE-2021-47035
@@ -0,0 +1,16 @@
+Description: iommu/vt-d: Remove WO permissions on second-level paging entries
+References:
+Notes:
+ carnil> Introduced in b802d070a52a1 ("iommu/vt-d: Use iova over first level").
+ carnil> Vulnerable versions: 5.6-rc1.
+Bugs:
+upstream: released (5.13-rc1) [eea53c5816889ee8b64544fa2e9311a81184ff9c]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [89bd620798704a8805fc9db0d71d7f812cf5b3d2]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47038 b/retired/CVE-2021-47038
new file mode 100644
index 00000000..f9fca470
--- /dev/null
+++ b/retired/CVE-2021-47038
@@ -0,0 +1,16 @@
+Description: Bluetooth: avoid deadlock between hci_dev->lock and socket lock
+References:
+Notes:
+ carnil> Introduced in eab2404ba798 ("Bluetooth: Add BT_PHY socket option"). Vulnerable
+ carnil> versions: 5.7-rc1.
+Bugs:
+upstream: released (5.13-rc1) [17486960d79b900c45e0bb8fbcac0262848582ba]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [7cc0ba67883c6c8d3bddb283f56c167fc837a555]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47039 b/retired/CVE-2021-47039
new file mode 100644
index 00000000..6d4d359a
--- /dev/null
+++ b/retired/CVE-2021-47039
@@ -0,0 +1,16 @@
+Description: ataflop: potential out of bounds in do_format()
+References:
+Notes:
+ carnil> Introduced in bf9c0538e485 ("ataflop: use a separate gendisk for each media
+ carnil> format"). Vulnerable versions: 5.11-rc1.
+Bugs:
+upstream: released (5.13-rc1) [1ffec389a6431782a8a28805830b6fae9bf00af1]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47040 b/retired/CVE-2021-47040
new file mode 100644
index 00000000..329255c7
--- /dev/null
+++ b/retired/CVE-2021-47040
@@ -0,0 +1,16 @@
+Description: io_uring: fix overflows checks in provide buffers
+References:
+Notes:
+ carnil> Introduced in efe68c1ca8f49 ("io_uring: validate the full range of provided
+ carnil> buffers for access"). Vulnerable versions: 5.8-rc1.
+Bugs:
+upstream: released (5.13-rc1) [38134ada0ceea3e848fe993263c0ff6207fd46e7]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [cbbc13b115b8f18e0a714d89f87fbdc499acfe2d]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47041 b/retired/CVE-2021-47041
new file mode 100644
index 00000000..abf3973b
--- /dev/null
+++ b/retired/CVE-2021-47041
@@ -0,0 +1,16 @@
+Description: nvmet-tcp: fix incorrect locking in state_change sk callback
+References:
+Notes:
+ carnil> Introduced in 872d26a391da ("nvmet-tcp: add NVMe over TCP target driver").
+ carnil> Vulnerable versions: 5.0-rc1.
+Bugs:
+upstream: released (5.13-rc1) [b5332a9f3f3d884a1b646ce155e664cc558c1722]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [60ade0d56b06537a28884745059b3801c78e03bc]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47042 b/retired/CVE-2021-47042
new file mode 100644
index 00000000..abe04fdb
--- /dev/null
+++ b/retired/CVE-2021-47042
@@ -0,0 +1,16 @@
+Description: drm/amd/display: Free local data after use
+References:
+Notes:
+ carnil> Introduced in 3a00c04212d1cf ("drm/amd/display/dc/core/dc_link: Move some local
+ carnil> data from the stack to the heap"). Vulnerable versions: 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc1) [616cf23b6cf40ad6f03ffbddfa1b6c4eb68d8ae1]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47043 b/retired/CVE-2021-47043
new file mode 100644
index 00000000..cb60fffe
--- /dev/null
+++ b/retired/CVE-2021-47043
@@ -0,0 +1,16 @@
+Description: media: venus: core: Fix some resource leaks in the error path of 'venus_probe()'
+References:
+Notes:
+ carnil> Introduced in 32f0a6ddc8c9 ("media: venus: Use on-chip interconnect API").
+ carnil> Vulnerable versions: 5.5-rc1.
+Bugs:
+upstream: released (5.13-rc1) [5a465c5391a856a0c1e9554964d660676c35d1b2]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [00b68a7478343afdf83f30c43e64db5296057030]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47044 b/retired/CVE-2021-47044
new file mode 100644
index 00000000..3baec611
--- /dev/null
+++ b/retired/CVE-2021-47044
@@ -0,0 +1,16 @@
+Description: sched/fair: Fix shift-out-of-bounds in load_balance()
+References:
+Notes:
+ carnil> Introduced in 5a7f55590467 ("sched/fair: Relax constraint on task's load during
+ carnil> load balance"). Vulnerable versions: 5.10-rc1.
+Bugs:
+upstream: released (5.13-rc1) [39a2a6eb5c9b66ea7c8055026303b3aa681b49a5]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [80862cbf76c2646f709a57c4517aefe0b094c774]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47045 b/retired/CVE-2021-47045
new file mode 100644
index 00000000..771d0536
--- /dev/null
+++ b/retired/CVE-2021-47045
@@ -0,0 +1,16 @@
+Description: scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb()
+References:
+Notes:
+ carnil> Introduced in 4430f7fd09ec ("scsi: lpfc: Rework locations of ndlp reference
+ carnil> taking"). Vulnerable versions: 5.11-rc1.
+Bugs:
+upstream: released (5.13-rc1) [8dd1c125f7f838abad009b64bff5f0a11afe3cb6]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47046 b/retired/CVE-2021-47046
new file mode 100644
index 00000000..ad8ba15e
--- /dev/null
+++ b/retired/CVE-2021-47046
@@ -0,0 +1,16 @@
+Description: drm/amd/display: Fix off by one in hdmi_14_process_transaction()
+References:
+Notes:
+ carnil> Introduced in 4c283fdac08a ("drm/amd/display: Add HDCP module"). Vulnerable
+ carnil> versions: 5.5-rc1.
+Bugs:
+upstream: released (5.13-rc1) [8e6fafd5a22e7a2eb216f5510db7aab54cc545c1]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [403c4528e5887af3deb9838cb77a557631d1e138]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47047 b/retired/CVE-2021-47047
new file mode 100644
index 00000000..7402934c
--- /dev/null
+++ b/retired/CVE-2021-47047
@@ -0,0 +1,16 @@
+Description: spi: spi-zynqmp-gqspi: return -ENOMEM if dma_map_single fails
+References:
+Notes:
+ carnil> Introduced in 1c26372e5aa9 ("spi: spi-zynqmp-gqspi: Update driver to use
+ carnil> spi-mem framework"). Vulnerable versions: 5.10-rc3.
+Bugs:
+upstream: released (5.13-rc1) [126bdb606fd2802454e6048caef1be3e25dd121e]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [5980a3b9c933408bc22b0e349b78c3ebd7cbf880]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6	.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47048 b/retired/CVE-2021-47048
new file mode 100644
index 00000000..aa3980ae
--- /dev/null
+++ b/retired/CVE-2021-47048
@@ -0,0 +1,16 @@
+Description: spi: spi-zynqmp-gqspi: fix use-after-free in zynqmp_qspi_exec_op
+References:
+Notes:
+ carnil> Introduced in 1c26372e5aa9 ("spi: spi-zynqmp-gqspi: Update driver to use
+ carnil> spi-mem framework"). Vulnerable versions: 5.10-rc3.
+Bugs:
+upstream: released (5.13-rc1) [a2c5bedb2d55dd27c642c7b9fb6886d7ad7bdb58]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [1231279389b5e638bc3b66b9741c94077aed4b5a]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47050 b/retired/CVE-2021-47050
new file mode 100644
index 00000000..ab77ed8f
--- /dev/null
+++ b/retired/CVE-2021-47050
@@ -0,0 +1,16 @@
+Description: memory: renesas-rpc-if: fix possible NULL pointer dereference of resource
+References:
+Notes:
+ carnil> Introduced in ca7d8b980b67 ("memory: add Renesas RPC-IF driver"). Vulnerable
+ carnil> versions: 5.9-rc2.
+Bugs:
+upstream: released (5.13-rc1) [59e27d7c94aa02da039b000d33c304c179395801]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [71bcc1b4a1743534d8abdcb57ff912e6bc390438]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47051 b/retired/CVE-2021-47051
new file mode 100644
index 00000000..c7956550
--- /dev/null
+++ b/retired/CVE-2021-47051
@@ -0,0 +1,16 @@
+Description: spi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware()
+References:
+Notes:
+ carnil> Introduced in 944c01a889d9 ("spi: lpspi: enable runtime pm for lpspi").
+ carnil> Vulnerable versions: 5.2-rc5.
+Bugs:
+upstream: released (5.13-rc1) [a03675497970a93fcf25d81d9d92a59c2d7377a7]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [ce02e58ddf8658a4c3bed2296f32a5873b3f7cce]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47052 b/retired/CVE-2021-47052
new file mode 100644
index 00000000..4703bfdf
--- /dev/null
+++ b/retired/CVE-2021-47052
@@ -0,0 +1,16 @@
+Description: crypto: sa2ul - Fix memory leak of rxd
+References:
+Notes:
+ carnil> Introduced in 00c9211f60db ("crypto: sa2ul - Fix DMA mapping API usage").
+ carnil> Vulnerable versions: 5.10-rc1.
+Bugs:
+upstream: released (5.13-rc1) [854b7737199848a91f6adfa0a03cf6f0c46c86e8]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [0e596b3734649041ed77edc86a23c0442bbe062b]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47053 b/retired/CVE-2021-47053
new file mode 100644
index 00000000..b676ead5
--- /dev/null
+++ b/retired/CVE-2021-47053
@@ -0,0 +1,16 @@
+Description: crypto: sun8i-ss - Fix memory leak of pad
+References:
+Notes:
+ carnil> Introduced in d9b45418a917 ("crypto: sun8i-ss - support hash algorithms").
+ carnil> Vulnerable versions: 5.10-rc1.
+Bugs:
+upstream: released (5.13-rc1) [50274b01ac1689b1a3f6bc4b5b3dbf361a55dd3a]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [2c67a9333da9d0a3b87310e0d116b7c9070c7b00]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52475 b/retired/CVE-2023-52475
new file mode 100644
index 00000000..1e3af3ac
--- /dev/null
+++ b/retired/CVE-2023-52475
@@ -0,0 +1,15 @@
+Description: Input: powermate - fix use-after-free in powermate_config_complete
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.6-rc6) [5c15c60e7be615f05a45cd905093a54b11f461bc]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.59) [2efe67c581a2a6122b328d4bb6f21b3f36f40d46]
+5.10-upstream-stable: released (5.10.199) [cd2fbfd8b922b7fdd50732e47d797754ab59cb06]
+4.19-upstream-stable: released (4.19.297) [67cace72606baf1758fd60feb358f4c6be92e1cc]
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-52477 b/retired/CVE-2023-52477
new file mode 100644
index 00000000..f12727fc
--- /dev/null
+++ b/retired/CVE-2023-52477
@@ -0,0 +1,15 @@
+Description: usb: hub: Guard against accesses to uninitialized BOS descriptors
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.6-rc6) [f74a7afc224acd5e922c7a2e52244d891bbe44ee]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.59) [fb9895ab9533534335fa83d70344b397ac862c81]
+5.10-upstream-stable: released (5.10.199) [241f230324337ed5eae3846a554fb6d15169872c]
+4.19-upstream-stable: released (4.19.297) [8e7346bfea56453e31b7421c1c17ca2fb9ed613d]
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-52478 b/retired/CVE-2023-52478
new file mode 100644
index 00000000..abac82c2
--- /dev/null
+++ b/retired/CVE-2023-52478
@@ -0,0 +1,15 @@
+Description: HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.6-rc6) [dac501397b9d81e4782232c39f94f4307b137452]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.59) [fd72ac9556a473fc7daf54efb6ca8a97180d621d]
+5.10-upstream-stable: released (5.10.199) [093af62c023537f097d2ebdfaa0bc7c1a6e874e1]
+4.19-upstream-stable: released (4.19.297) [44481b244fcaa2b895a53081d6204c574720c38c]
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-52483 b/retired/CVE-2023-52483
new file mode 100644
index 00000000..43db8a4a
--- /dev/null
+++ b/retired/CVE-2023-52483
@@ -0,0 +1,16 @@
+Description: mctp: perform route lookups under a RCU read-side lock
+References:
+Notes:
+ carnil> Introduced in 889b7da23abf ("mctp: Add initial routing framework"). Vulnerable
+ carnil> versions: 5.15-rc1.
+Bugs:
+upstream: released (6.6-rc6) [5093bbfc10ab6636b32728e35813cbd79feb063c]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.59) [1db0724a01b558feb1ecae551782add1951a114a]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
author	Salvatore Bonaccorso <carnil@debian.org>	2024-02-29 07:55:53 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2024-02-29 07:55:53 +0100
commit	c289ed05ac639a3e8c9efc1122633dd94123af99 (patch)
tree	1afcf9bafedaa0cda0f0506120e65b0882c927b7 /retired
parent	78df14178f64ab8464e05f783ff8693946c3b7c5 (diff)