diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2021-06-07 22:44:23 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-06-07 22:44:23 +0200 |
commit | f02934ebe558d3c197c70ae79e83afecb27373b5 (patch) | |
tree | 30bf930185533151c00597102b87639b5723334e /retired | |
parent | 30576def76dc7c0306b5af9a204a79132f63255a (diff) |
Retire some CVEs
Diffstat (limited to 'retired')
-rw-r--r-- | retired/CVE-2021-0605 | 12 | ||||
-rw-r--r-- | retired/CVE-2021-0606 | 12 | ||||
-rw-r--r-- | retired/CVE-2021-32606 | 15 | ||||
-rw-r--r-- | retired/CVE-2021-33200 | 22 | ||||
-rw-r--r-- | retired/CVE-2021-3489 | 17 | ||||
-rw-r--r-- | retired/CVE-2021-3490 | 17 |
6 files changed, 95 insertions, 0 deletions
diff --git a/retired/CVE-2021-0605 b/retired/CVE-2021-0605 new file mode 100644 index 000000000..bdef8f6a1 --- /dev/null +++ b/retired/CVE-2021-0605 @@ -0,0 +1,12 @@ +Description: af_key: pfkey_dump needs parameter validation +References: + https://source.android.com/security/bulletin/pixel/2021-06-01 +Notes: +Bugs: +upstream: released (5.8) [37bd22420f856fcd976989f1d4f1f7ad28e1fcac] +5.10-upstream-stable: N/A "Fixed before branching point" +4.19-upstream-stable: released (4.19.148) [b59a23d596807a5aa88d8dd5655a66c6843729b3] +4.9-upstream-stable: released (4.9.238) [31c59173dc9553d6857129d2a8e102c4700b54c4] +sid: released (5.8.7-1) +4.19-buster-security: released (4.19.152-1) +4.9-stretch-security: released (4.9.240-1) diff --git a/retired/CVE-2021-0606 b/retired/CVE-2021-0606 new file mode 100644 index 000000000..dc82de774 --- /dev/null +++ b/retired/CVE-2021-0606 @@ -0,0 +1,12 @@ +Description: drm/syncobj: Fix drm_syncobj_handle_to_fd refcount leak +References: + https://source.android.com/security/bulletin/pixel/2021-06-01 +Notes: +Bugs: +upstream: N/A "Vulnerability specific to backport issue to the 4.14.y branch" +5.10-upstream-stable: N/A "Vulnerability specific to backport issue to the 4.14.y branch" +4.19-upstream-stable: N/A "Vulnerability specific to backport issue to the 4.14.y branch" +4.9-upstream-stable: N/A "Vulnerability specific to backport issue to the 4.14.y branch" +sid: N/A "Vulnerability specific to backport issue to the 4.14.y branch" +4.19-buster-security: N/A "Vulnerability specific to backport issue to the 4.14.y branch" +4.9-stretch-security: N/A "Vulnerability specific to backport issue to the 4.14.y branch" diff --git a/retired/CVE-2021-32606 b/retired/CVE-2021-32606 new file mode 100644 index 000000000..a968e92b9 --- /dev/null +++ b/retired/CVE-2021-32606 @@ -0,0 +1,15 @@ +Description: net/can/isotp: race condition leads to local privilege escalation +References: + https://www.openwall.com/lists/oss-security/2021/05/11/16 + https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=2b17c400aeb44daf041627722581ade527bb3c1d +Notes: + carnil> Introduced by 921ca574cd38 ("can: isotp: add SF_BROADCAST + carnil> support for functional addressing") in 5.11-rc1. +Bugs: +upstream: released (5.13-rc4) [2b17c400aeb44daf041627722581ade527bb3c1d] +5.10-upstream-stable: N/A "Vulnerable code introduced later" +4.19-upstream-stable: N/A "Vulnerable code introduced later" +4.9-upstream-stable: N/A "Vulnerable code introduced later" +sid: N/A "Vulnerable code introduced later" +4.19-buster-security: N/A "Vulnerable code introduced later" +4.9-stretch-security: N/A "Vulnerable code introduced later" diff --git a/retired/CVE-2021-33200 b/retired/CVE-2021-33200 new file mode 100644 index 000000000..5bad91b9d --- /dev/null +++ b/retired/CVE-2021-33200 @@ -0,0 +1,22 @@ +Description: enforcing incorrect limits for pointer arithmetic operations by BPF verifier can be abused to perform out-of-bounds reads and writes in kernel memory +References: + https://www.openwall.com/lists/oss-security/2021/05/27/1 + https://lore.kernel.org/stable/20210528103810.22025-1-ovidiu.panait@windriver.com/ +Notes: + carnil> Introduced by 7fedb63a8307 ("bpf: Tighten speculative pointer + carnil> arithmetic mask") in 5.12-rc8 (and backported to 5.11.17, + carnil> 5.10.33, 5.4.116). Note though that 7fedb63a8307 is part of the + carnil> fixes needed to address CVE-2021-29155 which introduces the + carnil> buggy computation. + carnil> Those commits were included in 4.19.193 with the fixes for + carnil> CVE-2021-29155 and so not introducing CVE-2021-33200 in any of + carnil> the released v4.19.y versions. Thus keeping the entry here as + carnil> "N/A". +Bugs: +upstream: released (5.13-rc4) [3d0220f6861d713213b015b582e9f21e5b28d2e0, bb01a1bba579b4b1c5566af24d95f1767859771e, a7036191277f9fa68d92f2071ddc38c09b1e5ee5] +5.10-upstream-stable: released (5.10.41) [4e2c7b297431457663a90d4186e666b61d5da86c, c87ef240a8bbbda5913fac1e84209d224c1aaf50, 27acfd11ba179b746f55077edf9750f8f7cb1cb6] +4.19-upstream-stable: N/A "Vulnerable code introduced later" +4.9-upstream-stable: N/A "Vulnerable code introduced later" +sid: released (5.10.40-1) [bugfix/all/bpf-wrap-aux-data-inside-bpf_sanitize_info-container.patch, bugfix/all/bpf-fix-mask-direction-swap-upon-off-reg-sign-change.patch, bugfix/all/bpf-no-need-to-simulate-speculative-domain-for-immediates.patch] +4.19-buster-security: N/A "Vulnerable code introduced later" +4.9-stretch-security: N/A "Vulnerable code introduced later" diff --git a/retired/CVE-2021-3489 b/retired/CVE-2021-3489 new file mode 100644 index 000000000..33849abc9 --- /dev/null +++ b/retired/CVE-2021-3489 @@ -0,0 +1,17 @@ +Description: eBPF RINGBUF map oversized allocation +References: + https://www.openwall.com/lists/oss-security/2021/05/11/10 + https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=4b81ccebaeee885ab1aa1438133f2991e3a2b6ea + https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=04ea3086c4d73da7009de1e84962a904139af219 + https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=98a34e93da83e50e197584c7c362668bf12c1d54 +Notes: + carnil> Introduced in 5.8-rc1 by 457f44363a88 ("bpf: Implement BPF ring + carnil> buffer and verifier support for it"). +Bugs: +upstream: released (5.13-rc4) [4b81ccebaeee885ab1aa1438133f2991e3a2b6ea] +5.10-upstream-stable: released (5.10.37) [1ca284f0867079a34f52a6f811747695828166c6] +4.19-upstream-stable: N/A "Vulnerable code introduced later" +4.9-upstream-stable: N/A "Vulnerable code introduced later" +sid: released (5.10.38-1) +4.19-buster-security: N/A "Vulnerable code introduced later" +4.9-stretch-security: N/A "Vulnerable code introduced later" diff --git a/retired/CVE-2021-3490 b/retired/CVE-2021-3490 new file mode 100644 index 000000000..6db4034d3 --- /dev/null +++ b/retired/CVE-2021-3490 @@ -0,0 +1,17 @@ +Description: eBPF bitwise ops ALU32 bounds tracking +References: + https://www.openwall.com/lists/oss-security/2021/05/11/11 + https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=049c4e13714ecbca567b4d5f6d563f05d431c80e +Notes: + carnil> Introduced by 3f50f132d840 ("bpf: Verifier, do explicit ALU32 + carnil> bounds tracking") in 5.7-rc1 respectively the XOR version + carnil> introduced in 2921c90d4718 ("bpf: Fix a verifier failure with + carnil> xor") in 5.10-rc1. +Bugs: +upstream: released (5.13-rc4) [049c4e13714ecbca567b4d5f6d563f05d431c80e] +5.10-upstream-stable: released (5.10.37) [282bfc8848eaa195d5e994bb700f2c7afb7eb3e6] +4.19-upstream-stable: N/A "Vulnerable code introduced later" +4.9-upstream-stable: N/A "Vulnerable code introduced later" +sid: released (5.10.38-1) +4.19-buster-security: N/A "Vulnerable code introduced later" +4.9-stretch-security: N/A "Vulnerable code introduced later" |