diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2024-03-01 22:46:46 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2024-03-01 22:46:46 +0100 |
commit | cfe5f650c4c0782672d2e5d39dfa399c9f46a610 (patch) | |
tree | cc92c8fbba4cf1ff1e99686999ff50dfec7e98be /retired | |
parent | 47b8f95b2c6a287f933ae7baac7b4c6be0d5951c (diff) |
Retire CVEs
Diffstat (limited to 'retired')
-rw-r--r-- | retired/CVE-2021-46959 | 17 | ||||
-rw-r--r-- | retired/CVE-2021-47016 | 17 | ||||
-rw-r--r-- | retired/CVE-2021-47020 | 16 | ||||
-rw-r--r-- | retired/CVE-2021-47054 | 16 | ||||
-rw-r--r-- | retired/CVE-2021-47055 | 17 | ||||
-rw-r--r-- | retired/CVE-2021-47056 | 16 | ||||
-rw-r--r-- | retired/CVE-2021-47057 | 16 | ||||
-rw-r--r-- | retired/CVE-2021-47058 | 16 | ||||
-rw-r--r-- | retired/CVE-2021-47059 | 16 | ||||
-rw-r--r-- | retired/CVE-2021-47062 | 16 | ||||
-rw-r--r-- | retired/CVE-2021-47064 | 16 | ||||
-rw-r--r-- | retired/CVE-2021-47065 | 16 | ||||
-rw-r--r-- | retired/CVE-2021-47066 | 16 | ||||
-rw-r--r-- | retired/CVE-2021-47067 | 16 | ||||
-rw-r--r-- | retired/CVE-2021-47068 | 17 | ||||
-rw-r--r-- | retired/CVE-2021-47069 | 18 | ||||
-rw-r--r-- | retired/CVE-2021-47071 | 16 | ||||
-rw-r--r-- | retired/CVE-2021-47072 | 16 | ||||
-rw-r--r-- | retired/CVE-2021-47073 | 16 | ||||
-rw-r--r-- | retired/CVE-2021-47075 | 16 | ||||
-rw-r--r-- | retired/CVE-2021-47078 | 15 | ||||
-rw-r--r-- | retired/CVE-2021-47079 | 16 | ||||
-rw-r--r-- | retired/CVE-2021-47080 | 16 | ||||
-rw-r--r-- | retired/CVE-2021-47081 | 16 |
24 files changed, 389 insertions, 0 deletions
diff --git a/retired/CVE-2021-46959 b/retired/CVE-2021-46959 new file mode 100644 index 00000000..4f0dd358 --- /dev/null +++ b/retired/CVE-2021-46959 @@ -0,0 +1,17 @@ +Description: spi: Fix use-after-free with devm_spi_alloc_* +References: +Notes: + carnil> Introduced in 5e844cc37a5c ("spi: Introduce device-managed SPI controller + carnil> allocation"). Vulnerable versions: 4.4.248 4.9.248 4.14.212 4.19.163 5.4.80 + carnil> 5.9.11 5.10-rc5. +Bugs: +upstream: released (5.13-rc1) [794aaf01444d4e765e2b067cba01cc69c1c68ed9] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.37) [c7fabe372a9031acd00498bc718ce27c253abfd1] +4.19-upstream-stable: released (4.19.191) [28a5529068c51cdf0295ab1e11a99a3a909a03e4] +sid: released (5.10.38-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: released (4.19.194-1) diff --git a/retired/CVE-2021-47016 b/retired/CVE-2021-47016 new file mode 100644 index 00000000..8287b06f --- /dev/null +++ b/retired/CVE-2021-47016 @@ -0,0 +1,17 @@ +Description: m68k: mvme147,mvme16x: Don't wipe PCC timer config bits +References: +Notes: + carnil> Introduced in 7529b90d051e ("m68k: mvme147: Handle timer counter overflow") + carnil> 19999a8b8782 ("m68k: mvme16x: Handle timer counter overflow"). Vulnerable + carnil> versions: 5.2-rc1. +Bugs: +upstream: released (5.13-rc1) [43262178c043032e7c42d00de44c818ba05f9967] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.37) [1dfb26df15fc7036a74221d43de7427f74293dae] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.10.38-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2021-47020 b/retired/CVE-2021-47020 new file mode 100644 index 00000000..16be4b37 --- /dev/null +++ b/retired/CVE-2021-47020 @@ -0,0 +1,16 @@ +Description: soundwire: stream: fix memory leak in stream config error path +References: +Notes: + carnil> Introduced in 89e590535f32 ("soundwire: Add support for SoundWire stream + carnil> management"). Vulnerable versions: 4.18-rc1. +Bugs: +upstream: released (5.13-rc1) [48f17f96a81763c7c8bf5500460a359b9939359f] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.37) [7c468deae306d0cbbd539408c26cfec04c66159a] +4.19-upstream-stable: released (4.19.191) [342260fe821047c3d515e3d28085d73fbdce3e80] +sid: released (5.10.38-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: released (4.19.194-1) diff --git a/retired/CVE-2021-47054 b/retired/CVE-2021-47054 new file mode 100644 index 00000000..1cd055ab --- /dev/null +++ b/retired/CVE-2021-47054 @@ -0,0 +1,16 @@ +Description: bus: qcom: Put child node before return +References: +Notes: + carnil> Introduced in 335a12754808 ("bus: qcom: add EBI2 driver"). Vulnerable versions: + carnil> 4.9-rc1. +Bugs: +upstream: released (5.13-rc1) [ac6ad7c2a862d682bb584a4bc904d89fa7721af8] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.37) [00f6abd3509b1d70d0ab0fbe65ce5685cebed8be] +4.19-upstream-stable: released (4.19.191) [a399dd80e697a02cfb23e2fc09b87849994043d9] +sid: released (5.10.38-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: released (4.19.194-1) diff --git a/retired/CVE-2021-47055 b/retired/CVE-2021-47055 new file mode 100644 index 00000000..0a618193 --- /dev/null +++ b/retired/CVE-2021-47055 @@ -0,0 +1,17 @@ +Description: mtd: require write permissions for locking and badblock ioctls +References: +Notes: + carnil> Introduced in f7e6b19bc764 ("mtd: properly check all write ioctls for + carnil> permissions"). Vulnerable versions: 4.4.233 4.9.233 4.14.194 4.19.139 5.4.58 + carnil> 5.7.15 5.8.1 5.9-rc1. +Bugs: +upstream: released (5.13-rc1) [1e97743fd180981bef5f01402342bb54bf1c6366] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.37) [7b6552719c0ccbbea29dde4be141da54fdb5877e] +4.19-upstream-stable: released (4.19.191) [75ed985bd6c8ac1d4e673e93ea9d96c9908c1d37] +sid: released (5.10.38-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: released (4.19.194-1) diff --git a/retired/CVE-2021-47056 b/retired/CVE-2021-47056 new file mode 100644 index 00000000..4997c4e8 --- /dev/null +++ b/retired/CVE-2021-47056 @@ -0,0 +1,16 @@ +Description: crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init +References: +Notes: + carnil> Introduced in 25c6ffb249f6 ("crypto: qat - check if PF is running"). Vulnerable + carnil> versions: 4.7-rc1. +Bugs: +upstream: released (5.13-rc1) [8609f5cfdc872fc3a462efa6a3eca5cb1e2f6446] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.37) [1f50392650ae794a1aea41c213c6a3e1c824413c] +4.19-upstream-stable: released (4.19.191) [09d16cee6285d37cc76311c29add6d97a7e4acda] +sid: released (5.10.38-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: released (4.19.194-1) diff --git a/retired/CVE-2021-47057 b/retired/CVE-2021-47057 new file mode 100644 index 00000000..38e12f22 --- /dev/null +++ b/retired/CVE-2021-47057 @@ -0,0 +1,16 @@ +Description: crypto: sun8i-ss - Fix memory leak of object d when dma_iv fails to map +References: +Notes: + carnil> Introduced in ac2614d721de ("crypto: sun8i-ss - Add support for the PRNG"). + carnil> Vulnerable versions: 5.10-rc1. +Bugs: +upstream: released (5.13-rc1) [98b5ef3e97b16eaeeedb936f8bda3594ff84a70e] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.37) [617ec35ed51f731a593ae7274228ef2cfc9cb781] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.10.38-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2021-47058 b/retired/CVE-2021-47058 new file mode 100644 index 00000000..6d41a6f3 --- /dev/null +++ b/retired/CVE-2021-47058 @@ -0,0 +1,16 @@ +Description: regmap: set debugfs_name to NULL after it is freed +References: +Notes: + carnil> Introduced in cffa4b2122f5 ("regmap: debugfs: Fix a memory leak when calling + carnil> regmap_attach_dev"). Vulnerable versions: 4.19.168 5.4.90 5.10.8 5.11-rc3. +Bugs: +upstream: released (5.13-rc1) [e41a962f82e7afb5b1ee644f48ad0b3aee656268] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.37) [eb949f891226c012138ffd9df90d1e509f428ae6] +4.19-upstream-stable: released (4.19.191) [2dc1554d5f0fdaf47cc5bea442b84b9226fea867] +sid: released (5.10.38-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: released (4.19.194-1) diff --git a/retired/CVE-2021-47059 b/retired/CVE-2021-47059 new file mode 100644 index 00000000..ddb3ebd2 --- /dev/null +++ b/retired/CVE-2021-47059 @@ -0,0 +1,16 @@ +Description: crypto: sun8i-ss - fix result memory leak on error path +References: +Notes: + carnil> Introduced in d9b45418a917 ("crypto: sun8i-ss - support hash algorithms"). + carnil> Vulnerable versions: 5.10-rc1. +Bugs: +upstream: released (5.13-rc1) [1dbc6a1e25be8575d6c4114d1d2b841a796507f7] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.37) [1f12aaf07f61122cf5074d29714ee26f8d44b0e7] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.10.38-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2021-47062 b/retired/CVE-2021-47062 new file mode 100644 index 00000000..981662cf --- /dev/null +++ b/retired/CVE-2021-47062 @@ -0,0 +1,16 @@ +Description: KVM: SVM: Use online_vcpus, not created_vcpus, to iterate over vCPUs +References: +Notes: + carnil> Introduced in ad73109ae7ec ("KVM: SVM: Provide support to launch and run an + carnil> SEV-ES guest"). Vulnerable versions: 5.11-rc1. +Bugs: +upstream: released (5.13-rc1) [c36b16d29f3af5f32fc1b2a3401bf48f71cabee1] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: N/A "Vulnerable code not present" +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2021-47064 b/retired/CVE-2021-47064 new file mode 100644 index 00000000..81c601af --- /dev/null +++ b/retired/CVE-2021-47064 @@ -0,0 +1,16 @@ +Description: mt76: fix potential DMA mapping leak +References: +Notes: + carnil> Introduced in 27d5c528a7ca ("mt76: fix double DMA unmap of the first buffer on + carnil> 7615/7915"). Vulnerable versions: 5.10-rc1. +Bugs: +upstream: released (5.13-rc1) [b4403cee6400c5f679e9c4a82b91d61aa961eccf] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.37) [9fa26701cd1fc4d932d431971efc5746325bdfce] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.10.38-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2021-47065 b/retired/CVE-2021-47065 new file mode 100644 index 00000000..561d95c0 --- /dev/null +++ b/retired/CVE-2021-47065 @@ -0,0 +1,16 @@ +Description: rtw88: Fix array overrun in rtw_get_tx_power_params() +References: +Notes: + carnil> Introduced in fa6dfe6bff24 ("rtw88: resolve order of tx power setting + carnil> routines"). Vulnerable versions: 5.3-rc1. +Bugs: +upstream: released (5.13-rc1) [2ff25985ea9ccc6c9af2c77b0b49045adcc62e0e] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.37) [95fb153c6027924cda3422120169d1890737f3a0] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.10.38-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2021-47066 b/retired/CVE-2021-47066 new file mode 100644 index 00000000..f9518492 --- /dev/null +++ b/retired/CVE-2021-47066 @@ -0,0 +1,16 @@ +Description: async_xor: increase src_offs when dropping destination page +References: +Notes: + carnil> Introduced in 29bcff787a25 ("md/raid5: add new xor function to support + carnil> different page offset"). Vulnerable versions: 5.10-rc1. +Bugs: +upstream: released (5.13-rc1) [ceaf2966ab082bbc4d26516f97b3ca8a676e2af8] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.37) [cab2e8e5997b592fdb7d02cf2387b4b8e3057174] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.10.38-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2021-47067 b/retired/CVE-2021-47067 new file mode 100644 index 00000000..724bceae --- /dev/null +++ b/retired/CVE-2021-47067 @@ -0,0 +1,16 @@ +Description: soc/tegra: regulators: Fix locking up when voltage-spread is out of range +References: +Notes: + carnil> Introduced in 783807436f36 ("soc/tegra: regulators: Add regulators coupler for + carnil> Tegra30"). Vulnerable versions: 5.5-rc1. +Bugs: +upstream: released (5.13-rc1) [ef85bb582c41524e9e68dfdbde48e519dac4ab3d] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.37) [a1ad124c836816fac8bd5e461d36eaf33cee4e24] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.10.38-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2021-47068 b/retired/CVE-2021-47068 new file mode 100644 index 00000000..efc01dc2 --- /dev/null +++ b/retired/CVE-2021-47068 @@ -0,0 +1,17 @@ +Description: net/nfc: fix use-after-free llcp_sock_bind/connect +References: +Notes: + carnil> Introduced in c33b1cc62 ("nfc: fix refcount leak in llcp_sock_bind()"). + carnil> Vulnerable versions: 4.4.267 4.9.267 4.14.231 4.19.187 5.4.112 5.10.30 5.11.14 + carnil> 5.12-rc7. +Bugs: +upstream: released (5.13-rc1) [c61760e6940dd4039a7f5e84a6afc9cdbf4d82b6] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.37) [6b7021ed36dabf29e56842e3408781cd3b82ef6e] +4.19-upstream-stable: released (4.19.191) [48fba458fe54cc2a980a05c13e6c19b8b2cfb610] +sid: released (5.10.38-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: released (4.19.194-1) diff --git a/retired/CVE-2021-47069 b/retired/CVE-2021-47069 new file mode 100644 index 00000000..5e20cf08 --- /dev/null +++ b/retired/CVE-2021-47069 @@ -0,0 +1,18 @@ +Description: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry +References: +Notes: + carnil> Introduced in c5b2cbdbdac563 ("ipc/mqueue.c: update/document memory barriers") + carnil> 8116b54e7e23ef ("ipc/sem.c: document and update memory barriers") + carnil> 0d97a82ba830d8 ("ipc/msg.c: update and document memory barriers"). Vulnerable + carnil> versions: 5.6-rc1. +Bugs: +upstream: released (5.13-rc3) [a11ddb37bf367e6b5239b95ca759e5389bb46048] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.40) [4528c0c323085e645b8765913b4a7fd42cf49b65] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.10.40-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2021-47071 b/retired/CVE-2021-47071 new file mode 100644 index 00000000..ff3dbfe7 --- /dev/null +++ b/retired/CVE-2021-47071 @@ -0,0 +1,16 @@ +Description: uio_hv_generic: Fix a memory leak in error handling paths +References: +Notes: + carnil> Introduced in cdfa835c6e5e ("uio_hv_generic: defer opening vmbus until first + carnil> use"). Vulnerable versions: 4.20-rc1. +Bugs: +upstream: released (5.13-rc3) [3ee098f96b8b6c1a98f7f97915f8873164e6af9d] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.40) [d84b5e912212b05f6b5bde9f682046accfbe0354] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.10.40-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2021-47072 b/retired/CVE-2021-47072 new file mode 100644 index 00000000..b05ec7a6 --- /dev/null +++ b/retired/CVE-2021-47072 @@ -0,0 +1,16 @@ +Description: btrfs: fix removed dentries still existing after log is synced +References: +Notes: + carnil> Introduced in 64d6b281ba4db0 ("btrfs: remove unnecessary + carnil> check_parent_dirs_for_sync()"). Vulnerable versions: 5.12-rc1. +Bugs: +upstream: released (5.13-rc3) [54a40fc3a1da21b52dbf19f72fdc27a2ec740760] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: N/A "Vulnerable code not present" +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2021-47073 b/retired/CVE-2021-47073 new file mode 100644 index 00000000..82b98448 --- /dev/null +++ b/retired/CVE-2021-47073 @@ -0,0 +1,16 @@ +Description: platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios +References: +Notes: + carnil> Introduced in 1a258e670434 ("platform/x86: dell-smbios-wmi: Add new WMI + carnil> dispatcher driver"). Vulnerable versions: 4.15-rc1. +Bugs: +upstream: released (5.13-rc3) [3a53587423d25c87af4b4126a806a0575104b45e] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.40) [0cf036a0d325200e6c27b90908e51195bbc557b1] +4.19-upstream-stable: released (4.19.192) [75cfc833da4a2111106d4c134e93e0c7f41e35e7] +sid: released (5.10.40-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: released (4.19.194-1) diff --git a/retired/CVE-2021-47075 b/retired/CVE-2021-47075 new file mode 100644 index 00000000..2d31abef --- /dev/null +++ b/retired/CVE-2021-47075 @@ -0,0 +1,16 @@ +Description: nvmet: fix memory leak in nvmet_alloc_ctrl() +References: +Notes: + carnil> Introduced in 94a39d61f80f ("nvmet: make ctrl-id configurable"). Vulnerable + carnil> versions: 5.7-rc1. +Bugs: +upstream: released (5.13-rc3) [fec356a61aa3d3a66416b4321f1279e09e0f256f] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.40) [4720f29acb3fe67aa8aa71e6b675b079d193aaeb] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.10.40-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2021-47078 b/retired/CVE-2021-47078 new file mode 100644 index 00000000..f66a2904 --- /dev/null +++ b/retired/CVE-2021-47078 @@ -0,0 +1,15 @@ +Description: RDMA/rxe: Clear all QP fields if creation failed +References: +Notes: + carnil> Introduced in 8700e3e7c485 ("Soft RoCE driver"). Vulnerable versions: 4.8-rc1. +Bugs: +upstream: released (5.13-rc3) [67f29896fdc83298eed5a6576ff8f9873f709228] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.40) [2ee4d79c364914989c80de382c0b1a7259a7e4b3] +4.19-upstream-stable: released (4.19.192) [f3783c415bf6d2ead3d7aa2c38802bbe10723646] +sid: released (5.10.40-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: released (4.19.194-1) diff --git a/retired/CVE-2021-47079 b/retired/CVE-2021-47079 new file mode 100644 index 00000000..51978990 --- /dev/null +++ b/retired/CVE-2021-47079 @@ -0,0 +1,16 @@ +Description: platform/x86: ideapad-laptop: fix a NULL pointer dereference +References: +Notes: + carnil> Introduced in ff36b0d953dc4 ("platform/x86: ideapad-laptop: rework and create + carnil> new ACPI helpers"). Vulnerable versions: 5.12-rc1. +Bugs: +upstream: released (5.13-rc3) [ff67dbd554b2aaa22be933eced32610ff90209dd] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: N/A "Vulnerable code not present" +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2021-47080 b/retired/CVE-2021-47080 new file mode 100644 index 00000000..ea9ce187 --- /dev/null +++ b/retired/CVE-2021-47080 @@ -0,0 +1,16 @@ +Description: RDMA/core: Prevent divide-by-zero error triggered by the user +References: +Notes: + carnil> Introduced in 9f85cbe50aa0 ("RDMA/uverbs: Expose the new GID query API to user + carnil> space"). Vulnerable versions: 5.10-rc1. +Bugs: +upstream: released (5.13-rc3) [54d87913f147a983589923c7f651f97de9af5be1] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.40) [66ab7fcdac34b890017f04f391507ef5b2b89a13] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.10.40-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2021-47081 b/retired/CVE-2021-47081 new file mode 100644 index 00000000..ee49ee5b --- /dev/null +++ b/retired/CVE-2021-47081 @@ -0,0 +1,16 @@ +Description: habanalabs/gaudi: Fix a potential use after free in gaudi_memset_device_memory +References: +Notes: + carnil> Introduced in 423815bf02e25 ("habanalabs/gaudi: remove PCI access to SM + carnil> block"). Vulnerable versions: 5.12-rc1. +Bugs: +upstream: released (5.13-rc3) [115726c5d312b462c9d9931ea42becdfa838a076] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: N/A "Vulnerable code not present" +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" |