summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.editorconfig21
-rw-r--r--active/00boilerplate6
-rw-r--r--active/00example4
-rw-r--r--active/CVE-2013-74455
-rw-r--r--active/CVE-2017-06306
-rw-r--r--active/CVE-2018-11212
-rw-r--r--active/CVE-2018-129286
-rw-r--r--active/CVE-2018-179772
-rw-r--r--active/CVE-2019-152132
-rw-r--r--active/CVE-2019-157945
-rw-r--r--active/CVE-2019-160892
-rw-r--r--active/CVE-2019-193786
-rw-r--r--active/CVE-2019-1944924
-rw-r--r--active/CVE-2019-1981422
-rw-r--r--active/CVE-2019-2079423
-rw-r--r--active/CVE-2020-117256
-rw-r--r--active/CVE-2020-1236220
-rw-r--r--active/CVE-2020-1236322
-rw-r--r--active/CVE-2020-1236422
-rw-r--r--active/CVE-2020-143046
-rw-r--r--active/CVE-2020-1580217
-rw-r--r--active/CVE-2020-161202
-rw-r--r--active/CVE-2020-245042
-rw-r--r--active/CVE-2020-2614016
-rw-r--r--active/CVE-2020-261416
-rw-r--r--active/CVE-2020-2614216
-rw-r--r--active/CVE-2020-2614316
-rw-r--r--active/CVE-2020-261456
-rw-r--r--active/CVE-2020-265412
-rw-r--r--active/CVE-2020-2655515
-rw-r--r--active/CVE-2020-2655615
-rw-r--r--active/CVE-2020-2655715
-rw-r--r--active/CVE-2020-2655915
-rw-r--r--active/CVE-2020-2656015
-rw-r--r--active/CVE-2020-2782014
-rw-r--r--active/CVE-2020-278356
-rw-r--r--active/CVE-2020-355016
-rw-r--r--active/CVE-2020-3631012
-rw-r--r--active/CVE-2020-363856
-rw-r--r--active/CVE-2020-3669112
-rw-r--r--active/CVE-2020-3669417
-rw-r--r--active/CVE-2020-3677515
-rw-r--r--active/CVE-2020-3677617
-rw-r--r--active/CVE-2020-3678016
-rw-r--r--active/CVE-2020-3678216
-rw-r--r--active/CVE-2020-3678316
-rw-r--r--active/CVE-2020-3678416
-rw-r--r--active/CVE-2021-09294
-rw-r--r--active/CVE-2021-2031713
-rw-r--r--active/CVE-2021-3306119
-rw-r--r--active/CVE-2021-3363014
-rw-r--r--active/CVE-2021-34934
-rw-r--r--active/CVE-2021-36696
-rw-r--r--active/CVE-2021-375218
-rw-r--r--active/CVE-2021-375910
-rw-r--r--active/CVE-2021-382074
-rw-r--r--active/CVE-2021-384727
-rw-r--r--active/CVE-2021-386429
-rw-r--r--active/CVE-2021-389224
-rw-r--r--active/CVE-2021-402321
-rw-r--r--active/CVE-2021-403719
-rw-r--r--active/CVE-2021-420426
-rw-r--r--active/CVE-2021-4397514
-rw-r--r--active/CVE-2021-4397614
-rw-r--r--active/CVE-2021-4692516
-rw-r--r--active/CVE-2021-4692615
-rw-r--r--active/CVE-2021-4692815
-rw-r--r--active/CVE-2021-4694116
-rw-r--r--active/CVE-2021-4698116
-rw-r--r--active/CVE-2021-4698416
-rw-r--r--active/CVE-2021-4698717
-rw-r--r--active/CVE-2021-4701418
-rw-r--r--active/CVE-2021-4701516
-rw-r--r--active/CVE-2021-4702416
-rw-r--r--active/CVE-2021-4702818
-rw-r--r--active/CVE-2021-4703617
-rw-r--r--active/CVE-2021-4703716
-rw-r--r--active/CVE-2021-4704916
-rw-r--r--active/CVE-2021-4706017
-rw-r--r--active/CVE-2021-4706117
-rw-r--r--active/CVE-2021-4706316
-rw-r--r--active/CVE-2021-4707016
-rw-r--r--active/CVE-2021-4707416
-rw-r--r--active/CVE-2021-4707615
-rw-r--r--active/CVE-2021-4707716
-rw-r--r--active/CVE-2021-4708315
-rw-r--r--active/CVE-2021-4709418
-rw-r--r--active/CVE-2021-4710116
-rw-r--r--active/CVE-2021-4710516
-rw-r--r--active/CVE-2021-4711015
-rw-r--r--active/CVE-2021-4711215
-rw-r--r--active/CVE-2021-4711315
-rw-r--r--active/CVE-2021-4711615
-rw-r--r--active/CVE-2021-4711918
-rw-r--r--active/CVE-2021-4713116
-rw-r--r--active/CVE-2021-4714316
-rw-r--r--active/CVE-2021-4716316
-rw-r--r--active/CVE-2021-4716716
-rw-r--r--active/CVE-2021-4717820
-rw-r--r--active/CVE-2022-040020
-rw-r--r--active/CVE-2022-050033
-rw-r--r--active/CVE-2022-118429
-rw-r--r--active/CVE-2022-124720
-rw-r--r--active/CVE-2022-128026
-rw-r--r--active/CVE-2022-2767213
-rw-r--r--active/CVE-2022-296123
-rw-r--r--active/CVE-2022-306114
-rw-r--r--active/CVE-2022-310815
-rw-r--r--active/CVE-2022-311415
-rw-r--r--active/CVE-2022-311515
-rw-r--r--active/CVE-2022-316919
-rw-r--r--active/CVE-2022-323814
-rw-r--r--active/CVE-2022-330314
-rw-r--r--active/CVE-2022-334421
-rw-r--r--active/CVE-2022-352315
-rw-r--r--active/CVE-2022-356612
-rw-r--r--active/CVE-2022-356712
-rw-r--r--active/CVE-2022-3845717
-rw-r--r--active/CVE-2022-390320
-rw-r--r--active/CVE-2022-3918914
-rw-r--r--active/CVE-2022-4013317
-rw-r--r--active/CVE-2022-412917
-rw-r--r--active/CVE-2022-426915
-rw-r--r--active/CVE-2022-438214
-rw-r--r--active/CVE-2022-4394520
-rw-r--r--active/CVE-2022-4403415
-rw-r--r--active/CVE-2022-454314
-rw-r--r--active/CVE-2022-4751815
-rw-r--r--active/CVE-2022-4751915
-rw-r--r--active/CVE-2022-4752018
-rw-r--r--active/CVE-2022-4752115
-rw-r--r--active/CVE-2022-4862716
-rw-r--r--active/CVE-2022-4862815
-rw-r--r--active/CVE-2023-003013
-rw-r--r--active/CVE-2023-016019
-rw-r--r--active/CVE-2023-038618
-rw-r--r--active/CVE-2023-059715
-rw-r--r--active/CVE-2023-107516
-rw-r--r--active/CVE-2023-107619
-rw-r--r--active/CVE-2023-119226
-rw-r--r--active/CVE-2023-124914
-rw-r--r--active/CVE-2023-158214
-rw-r--r--active/CVE-2023-2058814
-rw-r--r--active/CVE-2023-2093813
-rw-r--r--active/CVE-2023-212414
-rw-r--r--active/CVE-2023-2126419
-rw-r--r--active/CVE-2023-217618
-rw-r--r--active/CVE-2023-217716
-rw-r--r--active/CVE-2023-2300515
-rw-r--r--active/CVE-2023-2303917
-rw-r--r--active/CVE-2023-2624214
-rw-r--r--active/CVE-2023-2846614
-rw-r--r--active/CVE-2023-2874614
-rw-r--r--active/CVE-2023-302218
-rw-r--r--active/CVE-2023-3108116
-rw-r--r--active/CVE-2023-3108218
-rw-r--r--active/CVE-2023-3108315
-rw-r--r--active/CVE-2023-3328813
-rw-r--r--active/CVE-2023-339714
-rw-r--r--active/CVE-2023-3582714
-rw-r--r--active/CVE-2023-364016
-rw-r--r--active/CVE-2023-3745319
-rw-r--r--active/CVE-2023-3745419
-rw-r--r--active/CVE-2023-386313
-rw-r--r--active/CVE-2023-3919115
-rw-r--r--active/CVE-2023-3919716
-rw-r--r--active/CVE-2023-3919815
-rw-r--r--active/CVE-2023-401017
-rw-r--r--active/CVE-2023-413315
-rw-r--r--active/CVE-2023-413416
-rw-r--r--active/CVE-2023-419418
-rw-r--r--active/CVE-2023-424424
-rw-r--r--active/CVE-2023-4683814
-rw-r--r--active/CVE-2023-4723314
-rw-r--r--active/CVE-2023-5177913
-rw-r--r--active/CVE-2023-5234013
-rw-r--r--active/CVE-2023-5242915
-rw-r--r--active/CVE-2023-5243416
-rw-r--r--active/CVE-2023-5243515
-rw-r--r--active/CVE-2023-5243612
-rw-r--r--active/CVE-2023-5243915
-rw-r--r--active/CVE-2023-5244312
-rw-r--r--active/CVE-2023-5244412
-rw-r--r--active/CVE-2023-5244512
-rw-r--r--active/CVE-2023-5244717
-rw-r--r--active/CVE-2023-5244912
-rw-r--r--active/CVE-2023-5245214
-rw-r--r--active/CVE-2023-5245814
-rw-r--r--active/CVE-2023-5246414
-rw-r--r--active/CVE-2023-5246916
-rw-r--r--active/CVE-2023-5247016
-rw-r--r--active/CVE-2023-5247417
-rw-r--r--active/CVE-2023-5247615
-rw-r--r--active/CVE-2023-5247915
-rw-r--r--active/CVE-2023-5248015
-rw-r--r--active/CVE-2023-5248115
-rw-r--r--active/CVE-2023-5248215
-rw-r--r--active/CVE-2023-5248415
-rw-r--r--active/CVE-2023-5248515
-rw-r--r--active/CVE-2023-5248615
-rw-r--r--active/CVE-2023-5248816
-rw-r--r--active/CVE-2023-5248916
-rw-r--r--active/CVE-2023-5249116
-rw-r--r--active/CVE-2023-5249216
-rw-r--r--active/CVE-2023-5249316
-rw-r--r--active/CVE-2023-5249416
-rw-r--r--active/CVE-2023-5249718
-rw-r--r--active/CVE-2023-5249815
-rw-r--r--active/CVE-2023-5250015
-rw-r--r--active/CVE-2023-5250115
-rw-r--r--active/CVE-2023-5250815
-rw-r--r--active/CVE-2023-5250916
-rw-r--r--active/CVE-2023-5251115
-rw-r--r--active/CVE-2023-5251516
-rw-r--r--active/CVE-2023-5251615
-rw-r--r--active/CVE-2023-5251715
-rw-r--r--active/CVE-2023-5252216
-rw-r--r--active/CVE-2023-5253017
-rw-r--r--active/CVE-2023-5253116
-rw-r--r--active/CVE-2023-5256115
-rw-r--r--active/CVE-2023-5256915
-rw-r--r--active/CVE-2023-5257217
-rw-r--r--active/CVE-2023-5258315
-rw-r--r--active/CVE-2023-5258415
-rw-r--r--active/CVE-2023-5258515
-rw-r--r--active/CVE-2023-5258615
-rw-r--r--active/CVE-2023-5258715
-rw-r--r--active/CVE-2023-5258815
-rw-r--r--active/CVE-2023-5258915
-rw-r--r--active/CVE-2023-5259015
-rw-r--r--active/CVE-2023-5259115
-rw-r--r--active/CVE-2023-5259315
-rw-r--r--active/CVE-2023-5259415
-rw-r--r--active/CVE-2023-5259515
-rw-r--r--active/CVE-2023-5259615
-rw-r--r--active/CVE-2023-5259715
-rw-r--r--active/CVE-2023-5259815
-rw-r--r--active/CVE-2023-5259915
-rw-r--r--active/CVE-2023-5260015
-rw-r--r--active/CVE-2023-5260115
-rw-r--r--active/CVE-2023-5260215
-rw-r--r--active/CVE-2023-5260315
-rw-r--r--active/CVE-2023-5260415
-rw-r--r--active/CVE-2023-5260615
-rw-r--r--active/CVE-2023-5260715
-rw-r--r--active/CVE-2023-5260816
-rw-r--r--active/CVE-2023-5260916
-rw-r--r--active/CVE-2023-5261016
-rw-r--r--active/CVE-2023-5261216
-rw-r--r--active/CVE-2023-5261416
-rw-r--r--active/CVE-2023-5261516
-rw-r--r--active/CVE-2023-5261616
-rw-r--r--active/CVE-2023-5261715
-rw-r--r--active/CVE-2023-5261815
-rw-r--r--active/CVE-2023-5261915
-rw-r--r--active/CVE-2023-5262015
-rw-r--r--active/CVE-2023-5262115
-rw-r--r--active/CVE-2023-5262215
-rw-r--r--active/CVE-2023-5262315
-rw-r--r--active/CVE-2023-5262415
-rw-r--r--active/CVE-2023-5262515
-rw-r--r--active/CVE-2023-5262716
-rw-r--r--active/CVE-2023-5262820
-rw-r--r--active/CVE-2023-603914
-rw-r--r--active/CVE-2023-604013
-rw-r--r--active/CVE-2023-612118
-rw-r--r--active/CVE-2023-623820
-rw-r--r--active/CVE-2023-624015
-rw-r--r--active/CVE-2023-627016
-rw-r--r--active/CVE-2023-635619
-rw-r--r--active/CVE-2023-653514
-rw-r--r--active/CVE-2023-653618
-rw-r--r--active/CVE-2023-661018
-rw-r--r--active/CVE-2023-691514
-rw-r--r--active/CVE-2023-704218
-rw-r--r--active/CVE-2024-034014
-rw-r--r--active/CVE-2024-056414
-rw-r--r--active/CVE-2024-056517
-rw-r--r--active/CVE-2024-060715
-rw-r--r--active/CVE-2024-084117
-rw-r--r--active/CVE-2024-108617
-rw-r--r--active/CVE-2024-115117
-rw-r--r--active/CVE-2024-2180313
-rw-r--r--active/CVE-2024-219316
-rw-r--r--active/CVE-2024-2209922
-rw-r--r--active/CVE-2024-2238613
-rw-r--r--active/CVE-2024-2319613
-rw-r--r--active/CVE-2024-2330719
-rw-r--r--active/CVE-2024-2384813
-rw-r--r--active/CVE-2024-2384917
-rw-r--r--active/CVE-2024-2385018
-rw-r--r--active/CVE-2024-2385116
-rw-r--r--active/CVE-2024-2485513
-rw-r--r--active/CVE-2024-2485713
-rw-r--r--active/CVE-2024-2485813
-rw-r--r--active/CVE-2024-2485913
-rw-r--r--active/CVE-2024-2486113
-rw-r--r--active/CVE-2024-2486413
-rw-r--r--active/CVE-2024-2573915
-rw-r--r--active/CVE-2024-2574013
-rw-r--r--active/CVE-2024-2574113
-rw-r--r--active/CVE-2024-2658116
-rw-r--r--active/CVE-2024-2658216
-rw-r--r--active/CVE-2024-2658316
-rw-r--r--active/CVE-2024-2658418
-rw-r--r--active/CVE-2024-2658516
-rw-r--r--active/CVE-2024-2658614
-rw-r--r--active/CVE-2024-2658916
-rw-r--r--active/CVE-2024-2659017
-rw-r--r--active/CVE-2024-2659316
-rw-r--r--active/CVE-2024-2659516
-rw-r--r--active/CVE-2024-2659616
-rw-r--r--active/CVE-2024-2659715
-rw-r--r--active/CVE-2024-2659814
-rw-r--r--active/CVE-2024-2660016
-rw-r--r--active/CVE-2024-2660116
-rw-r--r--active/CVE-2024-2660217
-rw-r--r--active/CVE-2024-2660316
-rw-r--r--active/CVE-2024-2660516
-rw-r--r--active/CVE-2024-2660616
-rw-r--r--active/CVE-2024-2660716
-rw-r--r--active/CVE-2024-2661016
-rw-r--r--active/CVE-2024-2661418
-rw-r--r--active/CVE-2024-2661516
-rw-r--r--active/CVE-2024-2661816
-rw-r--r--active/CVE-2024-2662117
-rw-r--r--active/CVE-2024-2662216
-rw-r--r--active/CVE-2024-2662516
-rw-r--r--active/CVE-2024-2662616
-rw-r--r--active/CVE-2024-2662716
-rw-r--r--active/CVE-2024-2662917
-rw-r--r--active/CVE-2024-2663317
-rw-r--r--active/CVE-2024-2663516
-rw-r--r--active/CVE-2024-2663616
-rw-r--r--active/CVE-2024-2663917
-rw-r--r--active/CVE-2024-2664016
-rw-r--r--active/CVE-2024-2664116
-rw-r--r--active/CVE-2024-2664216
-rw-r--r--active/CVE-2024-2664317
-rw-r--r--active/CVE-2024-2664415
-rw-r--r--active/CVE-2024-2664516
-rw-r--r--active/CVE-2024-2664615
-rw-r--r--active/CVE-2024-2664715
-rw-r--r--active/CVE-2024-2664815
-rw-r--r--active/CVE-2024-2665116
-rw-r--r--active/CVE-2024-2665216
-rw-r--r--dsa-texts/4.19.232-1387
-rw-r--r--dsa-texts/4.19.249-2304
-rw-r--r--dsa-texts/4.9.303-1233
-rw-r--r--dsa-texts/4.9.320-2285
-rw-r--r--dsa-texts/5.10.103-187
-rw-r--r--dsa-texts/5.10.113-1123
-rw-r--r--dsa-texts/5.10.120-172
-rw-r--r--dsa-texts/5.10.127-237
-rw-r--r--dsa-texts/5.10.136-166
-rw-r--r--dsa-texts/5.10.149-1104
-rw-r--r--dsa-texts/5.10.162-188
-rw-r--r--dsa-texts/5.10.179-128
-rw-r--r--dsa-texts/5.10.179-227
-rw-r--r--dsa-texts/5.10.179-336
-rw-r--r--dsa-texts/5.10.191-1207
-rw-r--r--dsa-texts/5.10.205-1119
-rw-r--r--dsa-texts/5.10.92-172
-rw-r--r--dsa-texts/5.10.92-268
-rw-r--r--dsa-texts/6.1.37-171
-rw-r--r--dsa-texts/6.1.52-1146
-rw-r--r--dsa-texts/6.1.69-153
-rw-r--r--eol_releases2
-rw-r--r--ignored/CVE-2018-12929 (renamed from active/CVE-2018-12929)14
-rw-r--r--ignored/CVE-2018-12930 (renamed from active/CVE-2018-12930)14
-rw-r--r--ignored/CVE-2018-12931 (renamed from active/CVE-2018-12931)14
-rw-r--r--ignored/CVE-2022-4184815
-rw-r--r--ignored/CVE-2022-4403216
-rw-r--r--ignored/CVE-2022-4403316
-rw-r--r--ignored/CVE-2022-4588416
-rw-r--r--ignored/CVE-2022-4588516
-rw-r--r--retired/CVE-2018-10322 (renamed from active/CVE-2018-10322)2
-rw-r--r--retired/CVE-2018-11085
-rw-r--r--retired/CVE-2018-13095 (renamed from active/CVE-2018-13095)2
-rw-r--r--retired/CVE-2018-2502016
-rw-r--r--retired/CVE-2019-19036 (renamed from active/CVE-2019-19036)2
-rw-r--r--retired/CVE-2019-19039 (renamed from active/CVE-2019-19039)2
-rw-r--r--retired/CVE-2019-19377 (renamed from active/CVE-2019-19377)2
-rw-r--r--retired/CVE-2019-20811 (renamed from active/CVE-2019-20811)0
-rw-r--r--retired/CVE-2019-2213 (renamed from active/CVE-2019-2213)2
-rw-r--r--retired/CVE-2019-2516017
-rw-r--r--retired/CVE-2019-2516216
-rw-r--r--retired/CVE-2019-9245 (renamed from active/CVE-2019-9245)0
-rw-r--r--retired/CVE-2019-9453 (renamed from active/CVE-2019-9453)0
-rw-r--r--retired/CVE-2019-kvm-guest-xcr0 (renamed from active/CVE-2019-kvm-guest-xcr0)2
-rw-r--r--retired/CVE-2020-0030 (renamed from active/CVE-2020-0030)0
-rw-r--r--retired/CVE-2020-0067 (renamed from active/CVE-2020-0067)0
-rw-r--r--retired/CVE-2020-1236224
-rw-r--r--retired/CVE-2020-16119 (renamed from active/CVE-2020-16119)2
-rw-r--r--retired/CVE-2020-2614023
-rw-r--r--retired/CVE-2020-2614220
-rw-r--r--retired/CVE-2020-2614320
-rw-r--r--retired/CVE-2020-2655617
-rw-r--r--retired/CVE-2020-2655716
-rw-r--r--retired/CVE-2020-2655916
-rw-r--r--retired/CVE-2020-2656016
-rw-r--r--retired/CVE-2020-2778411
-rw-r--r--retired/CVE-2020-29374 (renamed from active/CVE-2020-29374)9
-rw-r--r--retired/CVE-2020-36322 (renamed from active/CVE-2020-36322)6
-rw-r--r--retired/CVE-2020-3651618
-rw-r--r--retired/CVE-2020-3655711
-rw-r--r--retired/CVE-2020-3655811
-rw-r--r--retired/CVE-2020-3676612
-rw-r--r--retired/CVE-2020-3677716
-rw-r--r--retired/CVE-2020-3677816
-rw-r--r--retired/CVE-2020-3677916
-rw-r--r--retired/CVE-2020-3678116
-rw-r--r--retired/CVE-2020-3678516
-rw-r--r--retired/CVE-2020-3678616
-rw-r--r--retired/CVE-2020-3678717
-rw-r--r--retired/CVE-2020-3702 (renamed from active/CVE-2020-3702)2
-rw-r--r--retired/CVE-2021-070716
-rw-r--r--retired/CVE-2021-0920 (renamed from active/CVE-2021-0920)4
-rw-r--r--retired/CVE-2021-104813
-rw-r--r--retired/CVE-2021-20292 (renamed from active/CVE-2021-20292)2
-rw-r--r--retired/CVE-2021-2031717
-rw-r--r--retired/CVE-2021-203201
-rw-r--r--retired/CVE-2021-20321 (renamed from active/CVE-2021-20321)6
-rw-r--r--retired/CVE-2021-20322 (renamed from active/CVE-2021-20322)4
-rw-r--r--retired/CVE-2021-22543 (renamed from active/CVE-2021-22543)7
-rw-r--r--retired/CVE-2021-2260015
-rw-r--r--retired/CVE-2021-2640114
-rw-r--r--retired/CVE-2021-2871115
-rw-r--r--retired/CVE-2021-2871215
-rw-r--r--retired/CVE-2021-2871315
-rw-r--r--retired/CVE-2021-2871417
-rw-r--r--retired/CVE-2021-2871517
-rw-r--r--retired/CVE-2021-28950 (renamed from active/CVE-2021-28950)6
-rw-r--r--retired/CVE-2021-29264 (renamed from active/CVE-2021-29264)4
-rw-r--r--retired/CVE-2021-32078 (renamed from active/CVE-2021-32078)0
-rw-r--r--retired/CVE-2021-326062
-rw-r--r--retired/CVE-2021-33033 (renamed from active/CVE-2021-33033)4
-rw-r--r--retired/CVE-2021-3309817
-rw-r--r--retired/CVE-2021-3313517
-rw-r--r--retired/CVE-2021-33624 (renamed from active/CVE-2021-33624)7
-rw-r--r--retired/CVE-2021-3363112
-rw-r--r--retired/CVE-2021-3365514
-rw-r--r--retired/CVE-2021-3365611
-rw-r--r--retired/CVE-2021-34556 (renamed from active/CVE-2021-34556)5
-rw-r--r--retired/CVE-2021-34891
-rw-r--r--retired/CVE-2021-34981 (renamed from active/CVE-2021-34981)0
-rw-r--r--retired/CVE-2021-3506 (renamed from active/CVE-2021-3506)0
-rw-r--r--retired/CVE-2021-35477 (renamed from active/CVE-2021-35477)5
-rw-r--r--retired/CVE-2021-3600 (renamed from active/CVE-2021-3600)7
-rw-r--r--retired/CVE-2021-3612 (renamed from active/CVE-2021-3612)2
-rw-r--r--retired/CVE-2021-3640 (renamed from active/CVE-2021-3640)6
-rw-r--r--retired/CVE-2021-3653 (renamed from active/CVE-2021-3653)2
-rw-r--r--retired/CVE-2021-3655 (renamed from active/CVE-2021-3655)2
-rw-r--r--retired/CVE-2021-3679 (renamed from active/CVE-2021-3679)2
-rw-r--r--retired/CVE-2021-371418
-rw-r--r--retired/CVE-2021-37159 (renamed from active/CVE-2021-37159)2
-rw-r--r--retired/CVE-2021-3732 (renamed from active/CVE-2021-3732)2
-rw-r--r--retired/CVE-2021-3736 (renamed from active/CVE-2021-3736)0
-rw-r--r--retired/CVE-2021-3744 (renamed from active/CVE-2021-3744)4
-rw-r--r--retired/CVE-2021-375218
-rw-r--r--retired/CVE-2021-3753 (renamed from active/CVE-2021-3753)2
-rw-r--r--retired/CVE-2021-3760 (renamed from active/CVE-2021-3760)6
-rw-r--r--retired/CVE-2021-3764 (renamed from active/CVE-2021-3764)4
-rw-r--r--retired/CVE-2021-3772 (renamed from active/CVE-2021-3772)20
-rw-r--r--retired/CVE-2021-38160 (renamed from active/CVE-2021-38160)2
-rw-r--r--retired/CVE-2021-38198 (renamed from active/CVE-2021-38198)6
-rw-r--r--retired/CVE-2021-38199 (renamed from active/CVE-2021-38199)4
-rw-r--r--retired/CVE-2021-38204 (renamed from active/CVE-2021-38204)2
-rw-r--r--retired/CVE-2021-38205 (renamed from active/CVE-2021-38205)2
-rw-r--r--retired/CVE-2021-38300 (renamed from active/CVE-2021-38300)2
-rw-r--r--retired/CVE-2021-389420
-rw-r--r--retired/CVE-2021-392312
-rw-r--r--retired/CVE-2021-3963315
-rw-r--r--retired/CVE-2021-3963413
-rw-r--r--retired/CVE-2021-3963619
-rw-r--r--retired/CVE-2021-3964813
-rw-r--r--retired/CVE-2021-3965613
-rw-r--r--retired/CVE-2021-3965713
-rw-r--r--retired/CVE-2021-3968514
-rw-r--r--retired/CVE-2021-3968613
-rw-r--r--retired/CVE-2021-3969813
-rw-r--r--retired/CVE-2021-3971115
-rw-r--r--retired/CVE-2021-3971322
-rw-r--r--retired/CVE-2021-3971416
-rw-r--r--retired/CVE-2021-3980225
-rw-r--r--retired/CVE-2021-4001 (renamed from active/CVE-2021-4001)4
-rw-r--r--retired/CVE-2021-4002 (renamed from active/CVE-2021-4002)12
-rw-r--r--retired/CVE-2021-402815
-rw-r--r--retired/CVE-2021-403217
-rw-r--r--retired/CVE-2021-40490 (renamed from active/CVE-2021-40490)2
-rw-r--r--retired/CVE-2021-408315
-rw-r--r--retired/CVE-2021-409016
-rw-r--r--retired/CVE-2021-409315
-rw-r--r--retired/CVE-2021-409519
-rw-r--r--retired/CVE-2021-410732
-rw-r--r--retired/CVE-2021-413517
-rw-r--r--retired/CVE-2021-414819
-rw-r--r--retired/CVE-2021-414917
-rw-r--r--retired/CVE-2021-415017
-rw-r--r--retired/CVE-2021-415415
-rw-r--r--retired/CVE-2021-415515
-rw-r--r--retired/CVE-2021-415714
-rw-r--r--retired/CVE-2021-415917
-rw-r--r--retired/CVE-2021-41864 (renamed from active/CVE-2021-41864)6
-rw-r--r--retired/CVE-2021-419716
-rw-r--r--retired/CVE-2021-42008 (renamed from active/CVE-2021-42008)2
-rw-r--r--retired/CVE-2021-420214
-rw-r--r--retired/CVE-2021-420317
-rw-r--r--retired/CVE-2021-421817
-rw-r--r--retired/CVE-2021-42327 (renamed from active/CVE-2021-42327)2
-rw-r--r--retired/CVE-2021-42739 (renamed from active/CVE-2021-42739)8
-rw-r--r--retired/CVE-2021-43056 (renamed from active/CVE-2021-43056)2
-rw-r--r--retired/CVE-2021-43057 (renamed from active/CVE-2021-43057)0
-rw-r--r--retired/CVE-2021-43267 (renamed from active/CVE-2021-43267)3
-rw-r--r--retired/CVE-2021-43389 (renamed from active/CVE-2021-43389)6
-rw-r--r--retired/CVE-2021-4397515
-rw-r--r--retired/CVE-2021-4397615
-rw-r--r--retired/CVE-2021-4473314
-rw-r--r--retired/CVE-2021-4487918
-rw-r--r--retired/CVE-2021-4509514
-rw-r--r--retired/CVE-2021-4510015
-rw-r--r--retired/CVE-2021-4540217
-rw-r--r--retired/CVE-2021-4546916
-rw-r--r--retired/CVE-2021-4548015
-rw-r--r--retired/CVE-2021-4548513
-rw-r--r--retired/CVE-2021-4548613
-rw-r--r--retired/CVE-2021-4586815
-rw-r--r--retired/CVE-2021-4628316
-rw-r--r--retired/CVE-2021-4690416
-rw-r--r--retired/CVE-2021-4690517
-rw-r--r--retired/CVE-2021-4690615
-rw-r--r--retired/CVE-2021-4690816
-rw-r--r--retired/CVE-2021-4690916
-rw-r--r--retired/CVE-2021-4691016
-rw-r--r--retired/CVE-2021-4691116
-rw-r--r--retired/CVE-2021-4691217
-rw-r--r--retired/CVE-2021-4691316
-rw-r--r--retired/CVE-2021-4691416
-rw-r--r--retired/CVE-2021-4691518
-rw-r--r--retired/CVE-2021-4691616
-rw-r--r--retired/CVE-2021-4691716
-rw-r--r--retired/CVE-2021-4691816
-rw-r--r--retired/CVE-2021-4691916
-rw-r--r--retired/CVE-2021-4692016
-rw-r--r--retired/CVE-2021-4692116
-rw-r--r--retired/CVE-2021-4692216
-rw-r--r--retired/CVE-2021-4692316
-rw-r--r--retired/CVE-2021-4692416
-rw-r--r--retired/CVE-2021-4692716
-rw-r--r--retired/CVE-2021-4692916
-rw-r--r--retired/CVE-2021-4693016
-rw-r--r--retired/CVE-2021-4693116
-rw-r--r--retired/CVE-2021-4693216
-rw-r--r--retired/CVE-2021-4693316
-rw-r--r--retired/CVE-2021-4693416
-rw-r--r--retired/CVE-2021-4693516
-rw-r--r--retired/CVE-2021-4693616
-rw-r--r--retired/CVE-2021-4693716
-rw-r--r--retired/CVE-2021-4693816
-rw-r--r--retired/CVE-2021-4693919
-rw-r--r--retired/CVE-2021-4694016
-rw-r--r--retired/CVE-2021-4694216
-rw-r--r--retired/CVE-2021-4694316
-rw-r--r--retired/CVE-2021-4694416
-rw-r--r--retired/CVE-2021-4694516
-rw-r--r--retired/CVE-2021-4694716
-rw-r--r--retired/CVE-2021-4694816
-rw-r--r--retired/CVE-2021-4694916
-rw-r--r--retired/CVE-2021-4695016
-rw-r--r--retired/CVE-2021-4695116
-rw-r--r--retired/CVE-2021-4695216
-rw-r--r--retired/CVE-2021-4695316
-rw-r--r--retired/CVE-2021-4695416
-rw-r--r--retired/CVE-2021-4695517
-rw-r--r--retired/CVE-2021-4695616
-rw-r--r--retired/CVE-2021-4695716
-rw-r--r--retired/CVE-2021-4695816
-rw-r--r--retired/CVE-2021-4695917
-rw-r--r--retired/CVE-2021-4696016
-rw-r--r--retired/CVE-2021-4696117
-rw-r--r--retired/CVE-2021-4696216
-rw-r--r--retired/CVE-2021-4696316
-rw-r--r--retired/CVE-2021-4696416
-rw-r--r--retired/CVE-2021-4696516
-rw-r--r--retired/CVE-2021-4696616
-rw-r--r--retired/CVE-2021-4696716
-rw-r--r--retired/CVE-2021-4696816
-rw-r--r--retired/CVE-2021-4696916
-rw-r--r--retired/CVE-2021-4697016
-rw-r--r--retired/CVE-2021-4697116
-rw-r--r--retired/CVE-2021-4697216
-rw-r--r--retired/CVE-2021-4697316
-rw-r--r--retired/CVE-2021-4697416
-rw-r--r--retired/CVE-2021-4697616
-rw-r--r--retired/CVE-2021-4697716
-rw-r--r--retired/CVE-2021-4697816
-rw-r--r--retired/CVE-2021-4697916
-rw-r--r--retired/CVE-2021-4698018
-rw-r--r--retired/CVE-2021-4698216
-rw-r--r--retired/CVE-2021-4698316
-rw-r--r--retired/CVE-2021-4698516
-rw-r--r--retired/CVE-2021-4698616
-rw-r--r--retired/CVE-2021-4698816
-rw-r--r--retired/CVE-2021-4698916
-rw-r--r--retired/CVE-2021-4699016
-rw-r--r--retired/CVE-2021-4699116
-rw-r--r--retired/CVE-2021-4699216
-rw-r--r--retired/CVE-2021-4699316
-rw-r--r--retired/CVE-2021-4699416
-rw-r--r--retired/CVE-2021-4699516
-rw-r--r--retired/CVE-2021-4699616
-rw-r--r--retired/CVE-2021-4699720
-rw-r--r--retired/CVE-2021-4699816
-rw-r--r--retired/CVE-2021-4699916
-rw-r--r--retired/CVE-2021-4700016
-rw-r--r--retired/CVE-2021-4700116
-rw-r--r--retired/CVE-2021-4700216
-rw-r--r--retired/CVE-2021-4700316
-rw-r--r--retired/CVE-2021-4700417
-rw-r--r--retired/CVE-2021-4700516
-rw-r--r--retired/CVE-2021-4700616
-rw-r--r--retired/CVE-2021-4700716
-rw-r--r--retired/CVE-2021-4700818
-rw-r--r--retired/CVE-2021-4700916
-rw-r--r--retired/CVE-2021-4701016
-rw-r--r--retired/CVE-2021-4701116
-rw-r--r--retired/CVE-2021-4701216
-rw-r--r--retired/CVE-2021-4701316
-rw-r--r--retired/CVE-2021-4701617
-rw-r--r--retired/CVE-2021-4701716
-rw-r--r--retired/CVE-2021-4701816
-rw-r--r--retired/CVE-2021-4701916
-rw-r--r--retired/CVE-2021-4702016
-rw-r--r--retired/CVE-2021-4702116
-rw-r--r--retired/CVE-2021-4702216
-rw-r--r--retired/CVE-2021-4702316
-rw-r--r--retired/CVE-2021-4702516
-rw-r--r--retired/CVE-2021-4702616
-rw-r--r--retired/CVE-2021-4702716
-rw-r--r--retired/CVE-2021-4702916
-rw-r--r--retired/CVE-2021-4703016
-rw-r--r--retired/CVE-2021-4703116
-rw-r--r--retired/CVE-2021-4703216
-rw-r--r--retired/CVE-2021-4703316
-rw-r--r--retired/CVE-2021-4703416
-rw-r--r--retired/CVE-2021-4703516
-rw-r--r--retired/CVE-2021-4703816
-rw-r--r--retired/CVE-2021-4703916
-rw-r--r--retired/CVE-2021-4704016
-rw-r--r--retired/CVE-2021-4704116
-rw-r--r--retired/CVE-2021-4704216
-rw-r--r--retired/CVE-2021-4704316
-rw-r--r--retired/CVE-2021-4704416
-rw-r--r--retired/CVE-2021-4704516
-rw-r--r--retired/CVE-2021-4704616
-rw-r--r--retired/CVE-2021-4704716
-rw-r--r--retired/CVE-2021-4704816
-rw-r--r--retired/CVE-2021-4705016
-rw-r--r--retired/CVE-2021-4705116
-rw-r--r--retired/CVE-2021-4705216
-rw-r--r--retired/CVE-2021-4705316
-rw-r--r--retired/CVE-2021-4705416
-rw-r--r--retired/CVE-2021-4705517
-rw-r--r--retired/CVE-2021-4705616
-rw-r--r--retired/CVE-2021-4705716
-rw-r--r--retired/CVE-2021-4705816
-rw-r--r--retired/CVE-2021-4705916
-rw-r--r--retired/CVE-2021-4706216
-rw-r--r--retired/CVE-2021-4706416
-rw-r--r--retired/CVE-2021-4706516
-rw-r--r--retired/CVE-2021-4706616
-rw-r--r--retired/CVE-2021-4706716
-rw-r--r--retired/CVE-2021-4706817
-rw-r--r--retired/CVE-2021-4706918
-rw-r--r--retired/CVE-2021-4707116
-rw-r--r--retired/CVE-2021-4707216
-rw-r--r--retired/CVE-2021-4707316
-rw-r--r--retired/CVE-2021-4707516
-rw-r--r--retired/CVE-2021-4707815
-rw-r--r--retired/CVE-2021-4707916
-rw-r--r--retired/CVE-2021-4708016
-rw-r--r--retired/CVE-2021-4708116
-rw-r--r--retired/CVE-2021-4708215
-rw-r--r--retired/CVE-2021-4708615
-rw-r--r--retired/CVE-2021-4708716
-rw-r--r--retired/CVE-2021-4708816
-rw-r--r--retired/CVE-2021-4708916
-rw-r--r--retired/CVE-2021-4709016
-rw-r--r--retired/CVE-2021-4709116
-rw-r--r--retired/CVE-2021-4709216
-rw-r--r--retired/CVE-2021-4709316
-rw-r--r--retired/CVE-2021-4709516
-rw-r--r--retired/CVE-2021-4709616
-rw-r--r--retired/CVE-2021-4709716
-rw-r--r--retired/CVE-2021-4709816
-rw-r--r--retired/CVE-2021-4709916
-rw-r--r--retired/CVE-2021-4710016
-rw-r--r--retired/CVE-2021-4710216
-rw-r--r--retired/CVE-2021-4710316
-rw-r--r--retired/CVE-2021-4710417
-rw-r--r--retired/CVE-2021-4710616
-rw-r--r--retired/CVE-2021-4710718
-rw-r--r--retired/CVE-2021-4710817
-rw-r--r--retired/CVE-2021-4710916
-rw-r--r--retired/CVE-2021-4711116
-rw-r--r--retired/CVE-2021-4711415
-rw-r--r--retired/CVE-2021-4711715
-rw-r--r--retired/CVE-2021-4711816
-rw-r--r--retired/CVE-2021-4712016
-rw-r--r--retired/CVE-2021-4712116
-rw-r--r--retired/CVE-2021-4712216
-rw-r--r--retired/CVE-2021-4712316
-rw-r--r--retired/CVE-2021-4712416
-rw-r--r--retired/CVE-2021-4712516
-rw-r--r--retired/CVE-2021-4712618
-rw-r--r--retired/CVE-2021-4712716
-rw-r--r--retired/CVE-2021-4712816
-rw-r--r--retired/CVE-2021-4712916
-rw-r--r--retired/CVE-2021-4713016
-rw-r--r--retired/CVE-2021-4713216
-rw-r--r--retired/CVE-2021-4713316
-rw-r--r--retired/CVE-2021-4713416
-rw-r--r--retired/CVE-2021-4713516
-rw-r--r--retired/CVE-2021-4713618
-rw-r--r--retired/CVE-2021-4713716
-rw-r--r--retired/CVE-2021-4713816
-rw-r--r--retired/CVE-2021-4713916
-rw-r--r--retired/CVE-2021-4714016
-rw-r--r--retired/CVE-2021-4714116
-rw-r--r--retired/CVE-2021-4714215
-rw-r--r--retired/CVE-2021-4714415
-rw-r--r--retired/CVE-2021-4714515
-rw-r--r--retired/CVE-2021-4714616
-rw-r--r--retired/CVE-2021-4714716
-rw-r--r--retired/CVE-2021-4714816
-rw-r--r--retired/CVE-2021-4714915
-rw-r--r--retired/CVE-2021-4715016
-rw-r--r--retired/CVE-2021-4715116
-rw-r--r--retired/CVE-2021-4715216
-rw-r--r--retired/CVE-2021-4715316
-rw-r--r--retired/CVE-2021-4715818
-rw-r--r--retired/CVE-2021-4715916
-rw-r--r--retired/CVE-2021-4716016
-rw-r--r--retired/CVE-2021-4716116
-rw-r--r--retired/CVE-2021-4716216
-rw-r--r--retired/CVE-2021-4716416
-rw-r--r--retired/CVE-2021-4716516
-rw-r--r--retired/CVE-2021-4716616
-rw-r--r--retired/CVE-2021-4716816
-rw-r--r--retired/CVE-2021-4716915
-rw-r--r--retired/CVE-2021-4717015
-rw-r--r--retired/CVE-2021-4717117
-rw-r--r--retired/CVE-2021-4717216
-rw-r--r--retired/CVE-2021-4717316
-rw-r--r--retired/CVE-2021-4717416
-rw-r--r--retired/CVE-2021-4717516
-rw-r--r--retired/CVE-2021-4717616
-rw-r--r--retired/CVE-2021-4717716
-rw-r--r--retired/CVE-2021-4717917
-rw-r--r--retired/CVE-2021-4718016
-rw-r--r--retired/CVE-2022-000115
-rw-r--r--retired/CVE-2022-000217
-rw-r--r--retired/CVE-2022-016816
-rw-r--r--retired/CVE-2022-017117
-rw-r--r--retired/CVE-2022-018519
-rw-r--r--retired/CVE-2022-026413
-rw-r--r--retired/CVE-2022-028614
-rw-r--r--retired/CVE-2022-032215
-rw-r--r--retired/CVE-2022-033014
-rw-r--r--retired/CVE-2022-038215
-rw-r--r--retired/CVE-2022-043317
-rw-r--r--retired/CVE-2022-043516
-rw-r--r--retired/CVE-2022-048015
-rw-r--r--retired/CVE-2022-048716
-rw-r--r--retired/CVE-2022-049217
-rw-r--r--retired/CVE-2022-049414
-rw-r--r--retired/CVE-2022-051617
-rw-r--r--retired/CVE-2022-061713
-rw-r--r--retired/CVE-2022-064418
-rw-r--r--retired/CVE-2022-064615
-rw-r--r--retired/CVE-2022-074222
-rw-r--r--retired/CVE-2022-081219
-rw-r--r--retired/CVE-2022-084717
-rw-r--r--retired/CVE-2022-085019
-rw-r--r--retired/CVE-2022-085426
-rw-r--r--retired/CVE-2022-099515
-rw-r--r--retired/CVE-2022-099820
-rw-r--r--retired/CVE-2022-101114
-rw-r--r--retired/CVE-2022-101223
-rw-r--r--retired/CVE-2022-101527
-rw-r--r--retired/CVE-2022-101617
-rw-r--r--retired/CVE-2022-104317
-rw-r--r--retired/CVE-2022-104818
-rw-r--r--retired/CVE-2022-105515
-rw-r--r--retired/CVE-2022-111615
-rw-r--r--retired/CVE-2022-115816
-rw-r--r--retired/CVE-2022-119513
-rw-r--r--retired/CVE-2022-119819
-rw-r--r--retired/CVE-2022-119914
-rw-r--r--retired/CVE-2022-120416
-rw-r--r--retired/CVE-2022-120519
-rw-r--r--retired/CVE-2022-126319
-rw-r--r--retired/CVE-2022-135314
-rw-r--r--retired/CVE-2022-141913
-rw-r--r--retired/CVE-2022-146228
-rw-r--r--retired/CVE-2022-150815
-rw-r--r--retired/CVE-2022-151613
-rw-r--r--retired/CVE-2022-165115
-rw-r--r--retired/CVE-2022-165214
-rw-r--r--retired/CVE-2022-167115
-rw-r--r--retired/CVE-2022-167818
-rw-r--r--retired/CVE-2022-167919
-rw-r--r--retired/CVE-2022-172918
-rw-r--r--retired/CVE-2022-173417
-rw-r--r--retired/CVE-2022-178620
-rw-r--r--retired/CVE-2022-178918
-rw-r--r--retired/CVE-2022-185216
-rw-r--r--retired/CVE-2022-188220
-rw-r--r--retired/CVE-2022-194315
-rw-r--r--retired/CVE-2022-197315
-rw-r--r--retired/CVE-2022-197413
-rw-r--r--retired/CVE-2022-197513
-rw-r--r--retired/CVE-2022-197617
-rw-r--r--retired/CVE-2022-199817
-rw-r--r--retired/CVE-2022-2000813
-rw-r--r--retired/CVE-2022-2013213
-rw-r--r--retired/CVE-2022-2014113
-rw-r--r--retired/CVE-2022-2014816
-rw-r--r--retired/CVE-2022-2015313
-rw-r--r--retired/CVE-2022-2015415
-rw-r--r--retired/CVE-2022-2015824
-rw-r--r--retired/CVE-2022-2016621
-rw-r--r--retired/CVE-2022-2036812
-rw-r--r--retired/CVE-2022-2036912
-rw-r--r--retired/CVE-2022-2040917
-rw-r--r--retired/CVE-2022-2042112
-rw-r--r--retired/CVE-2022-2042212
-rw-r--r--retired/CVE-2022-2042313
-rw-r--r--retired/CVE-2022-2056613
-rw-r--r--retired/CVE-2022-2056712
-rw-r--r--retired/CVE-2022-2056816
-rw-r--r--retired/CVE-2022-2057213
-rw-r--r--retired/CVE-2022-207821
-rw-r--r--retired/CVE-2022-2112320
-rw-r--r--retired/CVE-2022-2112520
-rw-r--r--retired/CVE-2022-2116620
-rw-r--r--retired/CVE-2022-2138510
-rw-r--r--retired/CVE-2022-2149919
-rw-r--r--retired/CVE-2022-2150516
-rw-r--r--retired/CVE-2022-215321
-rw-r--r--retired/CVE-2022-219614
-rw-r--r--retired/CVE-2022-2294219
-rw-r--r--retired/CVE-2022-2303614
-rw-r--r--retired/CVE-2022-2303714
-rw-r--r--retired/CVE-2022-2303814
-rw-r--r--retired/CVE-2022-2303914
-rw-r--r--retired/CVE-2022-2304014
-rw-r--r--retired/CVE-2022-2304114
-rw-r--r--retired/CVE-2022-2304214
-rw-r--r--retired/CVE-2022-230821
-rw-r--r--retired/CVE-2022-231812
-rw-r--r--retired/CVE-2022-2322221
-rw-r--r--retired/CVE-2022-232715
-rw-r--r--retired/CVE-2022-238011
-rw-r--r--retired/CVE-2022-2396018
-rw-r--r--retired/CVE-2022-2412218
-rw-r--r--retired/CVE-2022-2444813
-rw-r--r--retired/CVE-2022-2495813
-rw-r--r--retired/CVE-2022-2495915
-rw-r--r--retired/CVE-2022-250311
-rw-r--r--retired/CVE-2022-2525813
-rw-r--r--retired/CVE-2022-2526516
-rw-r--r--retired/CVE-2022-2537514
-rw-r--r--retired/CVE-2022-2563618
-rw-r--r--retired/CVE-2022-258514
-rw-r--r--retired/CVE-2022-258616
-rw-r--r--retired/CVE-2022-258815
-rw-r--r--retired/CVE-2022-259022
-rw-r--r--retired/CVE-2022-260214
-rw-r--r--retired/CVE-2022-2636512
-rw-r--r--retired/CVE-2022-2637313
-rw-r--r--retired/CVE-2022-263911
-rw-r--r--retired/CVE-2022-2649017
-rw-r--r--retired/CVE-2022-266317
-rw-r--r--retired/CVE-2022-2687816
-rw-r--r--retired/CVE-2022-2696612
-rw-r--r--retired/CVE-2022-2722312
-rw-r--r--retired/CVE-2022-2766615
-rw-r--r--retired/CVE-2022-278514
-rw-r--r--retired/CVE-2022-2795015
-rw-r--r--retired/CVE-2022-2835613
-rw-r--r--retired/CVE-2022-2838815
-rw-r--r--retired/CVE-2022-2838915
-rw-r--r--retired/CVE-2022-2839015
-rw-r--r--retired/CVE-2022-287319
-rw-r--r--retired/CVE-2022-2879616
-rw-r--r--retired/CVE-2022-2889313
-rw-r--r--retired/CVE-2022-290517
-rw-r--r--retired/CVE-2022-2915615
-rw-r--r--retired/CVE-2022-293811
-rw-r--r--retired/CVE-2022-2958115
-rw-r--r--retired/CVE-2022-2958216
-rw-r--r--retired/CVE-2022-295916
-rw-r--r--retired/CVE-2022-296413
-rw-r--r--retired/CVE-2022-297713
-rw-r--r--retired/CVE-2022-297811
-rw-r--r--retired/CVE-2022-2990028
-rw-r--r--retired/CVE-2022-2990125
-rw-r--r--retired/CVE-2022-299112
-rw-r--r--retired/CVE-2022-2996815
-rw-r--r--retired/CVE-2022-302813
-rw-r--r--retired/CVE-2022-3059413
-rw-r--r--retired/CVE-2022-307713
-rw-r--r--retired/CVE-2022-307813
-rw-r--r--retired/CVE-2022-310315
-rw-r--r--retired/CVE-2022-310416
-rw-r--r--retired/CVE-2022-310513
-rw-r--r--retired/CVE-2022-310613
-rw-r--r--retired/CVE-2022-310711
-rw-r--r--retired/CVE-2022-311016
-rw-r--r--retired/CVE-2022-311111
-rw-r--r--retired/CVE-2022-311213
-rw-r--r--retired/CVE-2022-311315
-rw-r--r--retired/CVE-2022-317013
-rw-r--r--retired/CVE-2022-317616
-rw-r--r--retired/CVE-2022-320211
-rw-r--r--retired/CVE-2022-3225017
-rw-r--r--retired/CVE-2022-3229613
-rw-r--r--retired/CVE-2022-323911
-rw-r--r--retired/CVE-2022-3298117
-rw-r--r--retired/CVE-2022-3374012
-rw-r--r--retired/CVE-2022-3374112
-rw-r--r--retired/CVE-2022-3374212
-rw-r--r--retired/CVE-2022-3374314
-rw-r--r--retired/CVE-2022-3374412
-rw-r--r--retired/CVE-2022-3398114
-rw-r--r--retired/CVE-2022-342418
-rw-r--r--retired/CVE-2022-343514
-rw-r--r--retired/CVE-2022-3449414
-rw-r--r--retired/CVE-2022-3449514
-rw-r--r--retired/CVE-2022-3491818
-rw-r--r--retired/CVE-2022-352113
-rw-r--r--retired/CVE-2022-352411
-rw-r--r--retired/CVE-2022-352610
-rw-r--r--retired/CVE-2022-354111
-rw-r--r--retired/CVE-2022-354312
-rw-r--r--retired/CVE-2022-354410
-rw-r--r--retired/CVE-2022-354511
-rw-r--r--retired/CVE-2022-356411
-rw-r--r--retired/CVE-2022-356511
-rw-r--r--retired/CVE-2022-357711
-rw-r--r--retired/CVE-2022-358612
-rw-r--r--retired/CVE-2022-359411
-rw-r--r--retired/CVE-2022-359513
-rw-r--r--retired/CVE-2022-3612318
-rw-r--r--retired/CVE-2022-361913
-rw-r--r--retired/CVE-2022-362110
-rw-r--r--retired/CVE-2022-362312
-rw-r--r--retired/CVE-2022-362412
-rw-r--r--retired/CVE-2022-362512
-rw-r--r--retired/CVE-2022-362815
-rw-r--r--retired/CVE-2022-3628012
-rw-r--r--retired/CVE-2022-362910
-rw-r--r--retired/CVE-2022-363012
-rw-r--r--retired/CVE-2022-363312
-rw-r--r--retired/CVE-2022-363510
-rw-r--r--retired/CVE-2022-363614
-rw-r--r--retired/CVE-2022-364014
-rw-r--r--retired/CVE-2022-364313
-rw-r--r--retired/CVE-2022-364610
-rw-r--r--retired/CVE-2022-364910
-rw-r--r--retired/CVE-2022-3687911
-rw-r--r--retired/CVE-2022-3694614
-rw-r--r--retired/CVE-2022-370713
-rw-r--r--retired/CVE-2022-391012
-rw-r--r--retired/CVE-2022-3918817
-rw-r--r--retired/CVE-2022-3919013
-rw-r--r--retired/CVE-2022-397715
-rw-r--r--retired/CVE-2022-3984211
-rw-r--r--retired/CVE-2022-4030711
-rw-r--r--retired/CVE-2022-4047614
-rw-r--r--retired/CVE-2022-4076812
-rw-r--r--retired/CVE-2022-409514
-rw-r--r--retired/CVE-2022-4098215
-rw-r--r--retired/CVE-2022-4121813
-rw-r--r--retired/CVE-2022-4122211
-rw-r--r--retired/CVE-2022-412715
-rw-r--r--retired/CVE-2022-412812
-rw-r--r--retired/CVE-2022-413918
-rw-r--r--retired/CVE-2022-4167416
-rw-r--r--retired/CVE-2022-4184911
-rw-r--r--retired/CVE-2022-4185011
-rw-r--r--retired/CVE-2022-4185811
-rw-r--r--retired/CVE-2022-4232812
-rw-r--r--retired/CVE-2022-4232912
-rw-r--r--retired/CVE-2022-4243215
-rw-r--r--retired/CVE-2022-4270312
-rw-r--r--retired/CVE-2022-4271916
-rw-r--r--retired/CVE-2022-4272016
-rw-r--r--retired/CVE-2022-4272116
-rw-r--r--retired/CVE-2022-4272216
-rw-r--r--retired/CVE-2022-4289513
-rw-r--r--retired/CVE-2022-4289615
-rw-r--r--retired/CVE-2022-4375010
-rw-r--r--retired/CVE-2022-437811
-rw-r--r--retired/CVE-2022-437915
-rw-r--r--retired/CVE-2022-4586913
-rw-r--r--retired/CVE-2022-4588616
-rw-r--r--retired/CVE-2022-4588716
-rw-r--r--retired/CVE-2022-4588816
-rw-r--r--retired/CVE-2022-4591915
-rw-r--r--retired/CVE-2022-4593412
-rw-r--r--retired/CVE-2022-466213
-rw-r--r--retired/CVE-2022-469615
-rw-r--r--retired/CVE-2022-474412
-rw-r--r--retired/CVE-2022-4792911
-rw-r--r--retired/CVE-2022-4793811
-rw-r--r--retired/CVE-2022-4793911
-rw-r--r--retired/CVE-2022-4794010
-rw-r--r--retired/CVE-2022-4794111
-rw-r--r--retired/CVE-2022-4794211
-rw-r--r--retired/CVE-2022-4794310
-rw-r--r--retired/CVE-2022-4794611
-rw-r--r--retired/CVE-2022-484215
-rw-r--r--retired/CVE-2022-4842311
-rw-r--r--retired/CVE-2022-4842411
-rw-r--r--retired/CVE-2022-4842513
-rw-r--r--retired/CVE-2022-4850214
-rw-r--r--retired/CVE-2022-4861912
-rw-r--r--retired/CVE-2022-4862614
-rw-r--r--retired/CVE-2022-4862916
-rw-r--r--retired/CVE-2022-4863017
-rw-r--r--retired/CVE-2023-004513
-rw-r--r--retired/CVE-2023-012217
-rw-r--r--retired/CVE-2023-017916
-rw-r--r--retired/CVE-2023-021012
-rw-r--r--retired/CVE-2023-024016
-rw-r--r--retired/CVE-2023-026613
-rw-r--r--retired/CVE-2023-039411
-rw-r--r--retired/CVE-2023-045813
-rw-r--r--retired/CVE-2023-045913
-rw-r--r--retired/CVE-2023-046117
-rw-r--r--retired/CVE-2023-046816
-rw-r--r--retired/CVE-2023-046911
-rw-r--r--retired/CVE-2023-059014
-rw-r--r--retired/CVE-2023-061526
-rw-r--r--retired/CVE-2023-103214
-rw-r--r--retired/CVE-2023-107314
-rw-r--r--retired/CVE-2023-107414
-rw-r--r--retired/CVE-2023-107715
-rw-r--r--retired/CVE-2023-107812
-rw-r--r--retired/CVE-2023-107912
-rw-r--r--retired/CVE-2023-109512
-rw-r--r--retired/CVE-2023-111812
-rw-r--r--retired/CVE-2023-119313
-rw-r--r--retired/CVE-2023-119413
-rw-r--r--retired/CVE-2023-119515
-rw-r--r--retired/CVE-2023-120616
-rw-r--r--retired/CVE-2023-125212
-rw-r--r--retired/CVE-2023-128117
-rw-r--r--retired/CVE-2023-129514
-rw-r--r--retired/CVE-2023-138014
-rw-r--r--retired/CVE-2023-138213
-rw-r--r--retired/CVE-2023-139012
-rw-r--r--retired/CVE-2023-151313
-rw-r--r--retired/CVE-2023-158314
-rw-r--r--retired/CVE-2023-161119
-rw-r--r--retired/CVE-2023-163713
-rw-r--r--retired/CVE-2023-165214
-rw-r--r--retired/CVE-2023-167012
-rw-r--r--retired/CVE-2023-182913
-rw-r--r--retired/CVE-2023-183813
-rw-r--r--retired/CVE-2023-185513
-rw-r--r--retired/CVE-2023-185913
-rw-r--r--retired/CVE-2023-187218
-rw-r--r--retired/CVE-2023-198915
-rw-r--r--retired/CVE-2023-199015
-rw-r--r--retired/CVE-2023-199813
-rw-r--r--retired/CVE-2023-200215
-rw-r--r--retired/CVE-2023-200615
-rw-r--r--retired/CVE-2023-200717
-rw-r--r--retired/CVE-2023-200814
-rw-r--r--retired/CVE-2023-201914
-rw-r--r--retired/CVE-2023-2056918
-rw-r--r--retired/CVE-2023-2059320
-rw-r--r--retired/CVE-2023-2092819
-rw-r--r--retired/CVE-2023-2110216
-rw-r--r--retired/CVE-2023-2110614
-rw-r--r--retired/CVE-2023-2125517
-rw-r--r--retired/CVE-2023-2140019
-rw-r--r--retired/CVE-2023-215623
-rw-r--r--retired/CVE-2023-216213
-rw-r--r--retired/CVE-2023-216315
-rw-r--r--retired/CVE-2023-216614
-rw-r--r--retired/CVE-2023-219411
-rw-r--r--retired/CVE-2023-223514
-rw-r--r--retired/CVE-2023-223614
-rw-r--r--retired/CVE-2023-226913
-rw-r--r--retired/CVE-2023-2299514
-rw-r--r--retired/CVE-2023-2299613
-rw-r--r--retired/CVE-2023-2299711
-rw-r--r--retired/CVE-2023-2299814
-rw-r--r--retired/CVE-2023-2299914
-rw-r--r--retired/CVE-2023-2300017
-rw-r--r--retired/CVE-2023-2300113
-rw-r--r--retired/CVE-2023-2300211
-rw-r--r--retired/CVE-2023-2300314
-rw-r--r--retired/CVE-2023-2300414
-rw-r--r--retired/CVE-2023-2300614
-rw-r--r--retired/CVE-2023-2345413
-rw-r--r--retired/CVE-2023-2345513
-rw-r--r--retired/CVE-2023-2355912
-rw-r--r--retired/CVE-2023-2358615
-rw-r--r--retired/CVE-2023-243018
-rw-r--r--retired/CVE-2023-2501217
-rw-r--r--retired/CVE-2023-251317
-rw-r--r--retired/CVE-2023-2577518
-rw-r--r--retired/CVE-2023-259814
-rw-r--r--retired/CVE-2023-2654413
-rw-r--r--retired/CVE-2023-2654511
-rw-r--r--retired/CVE-2023-2660516
-rw-r--r--retired/CVE-2023-2660613
-rw-r--r--retired/CVE-2023-2660713
-rw-r--r--retired/CVE-2023-2832717
-rw-r--r--retired/CVE-2023-2832814
-rw-r--r--retired/CVE-2023-2841023
-rw-r--r--retired/CVE-2023-2846426
-rw-r--r--retired/CVE-2023-286013
-rw-r--r--retired/CVE-2023-2877213
-rw-r--r--retired/CVE-2023-2886616
-rw-r--r--retired/CVE-2023-289817
-rw-r--r--retired/CVE-2023-298513
-rw-r--r--retired/CVE-2023-300614
-rw-r--r--retired/CVE-2023-3045611
-rw-r--r--retired/CVE-2023-3077212
-rw-r--r--retired/CVE-2023-309013
-rw-r--r--retired/CVE-2023-310612
-rw-r--r--retired/CVE-2023-310817
-rw-r--r--retired/CVE-2023-3108415
-rw-r--r--retired/CVE-2023-3108517
-rw-r--r--retired/CVE-2023-311114
-rw-r--r--retired/CVE-2023-3124819
-rw-r--r--retired/CVE-2023-314113
-rw-r--r--retired/CVE-2023-3143612
-rw-r--r--retired/CVE-2023-315912
-rw-r--r--retired/CVE-2023-316112
-rw-r--r--retired/CVE-2023-321216
-rw-r--r--retired/CVE-2023-322012
-rw-r--r--retired/CVE-2023-3223314
-rw-r--r--retired/CVE-2023-3224714
-rw-r--r--retired/CVE-2023-3224814
-rw-r--r--retired/CVE-2023-3225014
-rw-r--r--retired/CVE-2023-3225216
-rw-r--r--retired/CVE-2023-3225414
-rw-r--r--retired/CVE-2023-3225716
-rw-r--r--retired/CVE-2023-3225814
-rw-r--r--retired/CVE-2023-3226911
-rw-r--r--retired/CVE-2023-326814
-rw-r--r--retired/CVE-2023-326915
-rw-r--r--retired/CVE-2023-331218
-rw-r--r--retired/CVE-2023-331716
-rw-r--r--retired/CVE-2023-3320314
-rw-r--r--retired/CVE-2023-3325018
-rw-r--r--retired/CVE-2023-333815
-rw-r--r--retired/CVE-2023-335514
-rw-r--r--retired/CVE-2023-335715
-rw-r--r--retired/CVE-2023-335813
-rw-r--r--retired/CVE-2023-335915
-rw-r--r--retired/CVE-2023-338914
-rw-r--r--retired/CVE-2023-339015
-rw-r--r--retired/CVE-2023-3395115
-rw-r--r--retired/CVE-2023-3395215
-rw-r--r--retired/CVE-2023-3425614
-rw-r--r--retired/CVE-2023-3431914
-rw-r--r--retired/CVE-2023-3432414
-rw-r--r--retired/CVE-2023-343916
-rw-r--r--retired/CVE-2023-3500119
-rw-r--r--retired/CVE-2023-356714
-rw-r--r--retired/CVE-2023-3578813
-rw-r--r--retired/CVE-2023-3582314
-rw-r--r--retired/CVE-2023-3582414
-rw-r--r--retired/CVE-2023-3582616
-rw-r--r--retired/CVE-2023-3582814
-rw-r--r--retired/CVE-2023-3582916
-rw-r--r--retired/CVE-2023-360913
-rw-r--r--retired/CVE-2023-361014
-rw-r--r--retired/CVE-2023-361114
-rw-r--r--retired/CVE-2023-377219
-rw-r--r--retired/CVE-2023-377318
-rw-r--r--retired/CVE-2023-377615
-rw-r--r--retired/CVE-2023-377715
-rw-r--r--retired/CVE-2023-381213
-rw-r--r--retired/CVE-2023-3840914
-rw-r--r--retired/CVE-2023-3842612
-rw-r--r--retired/CVE-2023-3842712
-rw-r--r--retired/CVE-2023-3842812
-rw-r--r--retired/CVE-2023-3842912
-rw-r--r--retired/CVE-2023-3843012
-rw-r--r--retired/CVE-2023-3843112
-rw-r--r--retired/CVE-2023-3843212
-rw-r--r--retired/CVE-2023-386514
-rw-r--r--retired/CVE-2023-386614
-rw-r--r--retired/CVE-2023-386714
-rw-r--r--retired/CVE-2023-3918914
-rw-r--r--retired/CVE-2023-3919216
-rw-r--r--retired/CVE-2023-3919314
-rw-r--r--retired/CVE-2023-3919413
-rw-r--r--retired/CVE-2023-400417
-rw-r--r--retired/CVE-2023-401517
-rw-r--r--retired/CVE-2023-4028313
-rw-r--r--retired/CVE-2023-4079114
-rw-r--r--retired/CVE-2023-413213
-rw-r--r--retired/CVE-2023-414716
-rw-r--r--retired/CVE-2023-415518
-rw-r--r--retired/CVE-2023-420616
-rw-r--r--retired/CVE-2023-420716
-rw-r--r--retired/CVE-2023-420816
-rw-r--r--retired/CVE-2023-427315
-rw-r--r--retired/CVE-2023-4275215
-rw-r--r--retired/CVE-2023-4275317
-rw-r--r--retired/CVE-2023-4275417
-rw-r--r--retired/CVE-2023-4275514
-rw-r--r--retired/CVE-2023-4275618
-rw-r--r--retired/CVE-2023-438513
-rw-r--r--retired/CVE-2023-438713
-rw-r--r--retired/CVE-2023-438916
-rw-r--r--retired/CVE-2023-439417
-rw-r--r--retired/CVE-2023-4446616
-rw-r--r--retired/CVE-2023-445913
-rw-r--r--retired/CVE-2023-456917
-rw-r--r--retired/CVE-2023-4586212
-rw-r--r--retired/CVE-2023-4586312
-rw-r--r--retired/CVE-2023-4587112
-rw-r--r--retired/CVE-2023-4589819
-rw-r--r--retired/CVE-2023-461117
-rw-r--r--retired/CVE-2023-462217
-rw-r--r--retired/CVE-2023-462314
-rw-r--r--retired/CVE-2023-4634313
-rw-r--r--retired/CVE-2023-4681313
-rw-r--r--retired/CVE-2023-4686216
-rw-r--r--retired/CVE-2023-473217
-rw-r--r--retired/CVE-2023-492116
-rw-r--r--retired/CVE-2023-5043116
-rw-r--r--retired/CVE-2023-509014
-rw-r--r--retired/CVE-2023-5104212
-rw-r--r--retired/CVE-2023-5104312
-rw-r--r--retired/CVE-2023-515816
-rw-r--r--retired/CVE-2023-517814
-rw-r--r--retired/CVE-2023-5178012
-rw-r--r--retired/CVE-2023-5178112
-rw-r--r--retired/CVE-2023-5178212
-rw-r--r--retired/CVE-2023-519716
-rw-r--r--retired/CVE-2023-5243317
-rw-r--r--retired/CVE-2023-5243815
-rw-r--r--retired/CVE-2023-5244013
-rw-r--r--retired/CVE-2023-5244113
-rw-r--r--retired/CVE-2023-5244213
-rw-r--r--retired/CVE-2023-5244613
-rw-r--r--retired/CVE-2023-5244814
-rw-r--r--retired/CVE-2023-5245014
-rw-r--r--retired/CVE-2023-5245112
-rw-r--r--retired/CVE-2023-5245316
-rw-r--r--retired/CVE-2023-5245416
-rw-r--r--retired/CVE-2023-5245516
-rw-r--r--retired/CVE-2023-5245616
-rw-r--r--retired/CVE-2023-5245717
-rw-r--r--retired/CVE-2023-5245916
-rw-r--r--retired/CVE-2023-5246016
-rw-r--r--retired/CVE-2023-5246116
-rw-r--r--retired/CVE-2023-5246216
-rw-r--r--retired/CVE-2023-5246316
-rw-r--r--retired/CVE-2023-5246516
-rw-r--r--retired/CVE-2023-5246716
-rw-r--r--retired/CVE-2023-5246816
-rw-r--r--retired/CVE-2023-5247116
-rw-r--r--retired/CVE-2023-5247216
-rw-r--r--retired/CVE-2023-5247316
-rw-r--r--retired/CVE-2023-5247515
-rw-r--r--retired/CVE-2023-5247715
-rw-r--r--retired/CVE-2023-5247815
-rw-r--r--retired/CVE-2023-5248316
-rw-r--r--retired/CVE-2023-5248716
-rw-r--r--retired/CVE-2023-5249016
-rw-r--r--retired/CVE-2023-5249516
-rw-r--r--retired/CVE-2023-5249916
-rw-r--r--retired/CVE-2023-5250216
-rw-r--r--retired/CVE-2023-5250316
-rw-r--r--retired/CVE-2023-5250416
-rw-r--r--retired/CVE-2023-5250516
-rw-r--r--retired/CVE-2023-5250617
-rw-r--r--retired/CVE-2023-5250716
-rw-r--r--retired/CVE-2023-5251016
-rw-r--r--retired/CVE-2023-5251216
-rw-r--r--retired/CVE-2023-5251316
-rw-r--r--retired/CVE-2023-5251816
-rw-r--r--retired/CVE-2023-5251916
-rw-r--r--retired/CVE-2023-5252016
-rw-r--r--retired/CVE-2023-5252316
-rw-r--r--retired/CVE-2023-5252417
-rw-r--r--retired/CVE-2023-5252517
-rw-r--r--retired/CVE-2023-5252616
-rw-r--r--retired/CVE-2023-5252716
-rw-r--r--retired/CVE-2023-5252817
-rw-r--r--retired/CVE-2023-5252916
-rw-r--r--retired/CVE-2023-5253216
-rw-r--r--retired/CVE-2023-5255916
-rw-r--r--retired/CVE-2023-5256016
-rw-r--r--retired/CVE-2023-5256217
-rw-r--r--retired/CVE-2023-5256316
-rw-r--r--retired/CVE-2023-5256417
-rw-r--r--retired/CVE-2023-5256516
-rw-r--r--retired/CVE-2023-5256616
-rw-r--r--retired/CVE-2023-5256717
-rw-r--r--retired/CVE-2023-5256816
-rw-r--r--retired/CVE-2023-5257016
-rw-r--r--retired/CVE-2023-5257116
-rw-r--r--retired/CVE-2023-5257316
-rw-r--r--retired/CVE-2023-5257416
-rw-r--r--retired/CVE-2023-5257516
-rw-r--r--retired/CVE-2023-5257616
-rw-r--r--retired/CVE-2023-5257717
-rw-r--r--retired/CVE-2023-5257816
-rw-r--r--retired/CVE-2023-5258016
-rw-r--r--retired/CVE-2023-5258117
-rw-r--r--retired/CVE-2023-5258216
-rw-r--r--retired/CVE-2023-5261116
-rw-r--r--retired/CVE-2023-5261316
-rw-r--r--retired/CVE-2023-5262616
-rw-r--r--retired/CVE-2023-534516
-rw-r--r--retired/CVE-2023-563317
-rw-r--r--retired/CVE-2023-571714
-rw-r--r--retired/CVE-2023-597215
-rw-r--r--retired/CVE-2023-611118
-rw-r--r--retired/CVE-2023-617615
-rw-r--r--retired/CVE-2023-620015
-rw-r--r--retired/CVE-2023-653119
-rw-r--r--retired/CVE-2023-654617
-rw-r--r--retired/CVE-2023-656017
-rw-r--r--retired/CVE-2023-660617
-rw-r--r--retired/CVE-2023-662216
-rw-r--r--retired/CVE-2023-667916
-rw-r--r--retired/CVE-2023-681717
-rw-r--r--retired/CVE-2023-693114
-rw-r--r--retired/CVE-2023-693214
-rw-r--r--retired/CVE-2023-719214
-rw-r--r--retired/CVE-2024-019319
-rw-r--r--retired/CVE-2024-044320
-rw-r--r--retired/CVE-2024-056216
-rw-r--r--retired/CVE-2024-058216
-rw-r--r--retired/CVE-2024-063913
-rw-r--r--retired/CVE-2024-064115
-rw-r--r--retired/CVE-2024-064616
-rw-r--r--retired/CVE-2024-077513
-rw-r--r--retired/CVE-2024-108516
-rw-r--r--retired/CVE-2024-131216
-rw-r--r--retired/CVE-2024-2270512
-rw-r--r--retired/CVE-2024-2486015
-rw-r--r--retired/CVE-2024-2574412
-rw-r--r--retired/CVE-2024-2658714
-rw-r--r--retired/CVE-2024-2658814
-rw-r--r--retired/CVE-2024-2659114
-rw-r--r--retired/CVE-2024-2659215
-rw-r--r--retired/CVE-2024-2659414
-rw-r--r--retired/CVE-2024-2659916
-rw-r--r--retired/CVE-2024-2660416
-rw-r--r--retired/CVE-2024-2660816
-rw-r--r--retired/CVE-2024-2661116
-rw-r--r--retired/CVE-2024-2661216
-rw-r--r--retired/CVE-2024-2661617
-rw-r--r--retired/CVE-2024-2661716
-rw-r--r--retired/CVE-2024-2661916
-rw-r--r--retired/CVE-2024-2662016
-rw-r--r--retired/CVE-2024-2662316
-rw-r--r--retired/CVE-2024-2663016
-rw-r--r--retired/CVE-2024-2663116
-rw-r--r--retired/CVE-2024-2663216
-rw-r--r--retired/CVE-2024-2663416
-rw-r--r--retired/CVE-2024-2663716
-rw-r--r--retired/CVE-2024-2663816
-rw-r--r--retired/CVE-2024-2664916
-rw-r--r--retired/CVE-2024-2665016
-rwxr-xr-xscripts/filter-active.py2
-rw-r--r--scripts/issue.py63
1383 files changed, 22162 insertions, 464 deletions
diff --git a/.editorconfig b/.editorconfig
new file mode 100644
index 00000000..c2dbcc40
--- /dev/null
+++ b/.editorconfig
@@ -0,0 +1,21 @@
+# Copyright © 2024 Salvatore Bonaccorso <carnil@debian.org>
+#
+# This file is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 2 of the License, or
+# (at your option) any later version.
+#
+# This file is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this file. If not, see <https://www.gnu.org/licenses/>.
+
+root = true
+
+[*]
+trim_trailing_whitespace = true
+indent_style = space
+indent_size = 1
diff --git a/active/00boilerplate b/active/00boilerplate
index 5209a3f7..7f25e3bb 100644
--- a/active/00boilerplate
+++ b/active/00boilerplate
@@ -3,10 +3,12 @@ References:
Notes:
Bugs:
upstream:
+6.7-upstream-stable:
+6.6-upstream-stable:
+6.1-upstream-stable:
5.10-upstream-stable:
4.19-upstream-stable:
-4.9-upstream-stable:
sid:
+6.1-bookworm-security:
5.10-bullseye-security:
4.19-buster-security:
-4.9-stretch-security:
diff --git a/active/00example b/active/00example
index 3de3119b..52ea1e18 100644
--- a/active/00example
+++ b/active/00example
@@ -27,11 +27,11 @@ Bugs: 123456, 123457
## status maybe followed by a version string in ()'s, and/or a patchname in []'s
## Prerequisite patches maybe listed in [] as well, even though they may not be
## directly part of the fix.
-upstream: released (2.6.12, 2.4.29-rc3), pending (2.6.11.3)
+upstream: released (2.6.12)
5.10-upstream-stable: N/A "Fixed before branch point"
sid: pending (2.6.12-9)
2.6.8-sarge-security: released (2.6.8-16sarge1) [patchname.patch, prerequisite.dpatch, prerequisite2.dpatch]
2.4.27-sarge-security: needed
2.4.27: N/A
2.4.18-woody-security: ignored
-2.6.18-etch-security: ignored (2.6.18.dfsg.1-13etch5) "ABI CHANGE"
+2.6.18-etch-security: ignored "ABI CHANGE"
diff --git a/active/CVE-2013-7445 b/active/CVE-2013-7445
index deffc363..6bf3bb2a 100644
--- a/active/CVE-2013-7445
+++ b/active/CVE-2013-7445
@@ -3,13 +3,16 @@ References:
Notes:
Bugs:
https://bugzilla.kernel.org/show_bug.cgi?id=60533
+ https://bugs.debian.org/1000886
upstream: needed
+6.1-upstream-stable: needed
5.10-upstream-stable: needed
4.19-upstream-stable: needed
-4.9-upstream-stable: needed
+4.9-upstream-stable: ignored "EOL"
3.16-upstream-stable: ignored "Fix is likely to be too big and risky to backport"
3.2-upstream-stable: ignored "Fix is likely to be too big and risky to backport"
sid: needed
+6.1-bookworm-security: needed
5.10-bullseye-security: needed
4.19-buster-security: ignored "Fix is likely to be too big and risky to backport"
4.9-stretch-security: ignored "Fix is likely to be too big and risky to backport"
diff --git a/active/CVE-2017-0630 b/active/CVE-2017-0630
index c0932a80..92419380 100644
--- a/active/CVE-2017-0630
+++ b/active/CVE-2017-0630
@@ -6,12 +6,14 @@ Notes:
carnil> https://lore.kernel.org/lkml/20180725210717.3b807191@vmware.local.home/
Bugs:
upstream: needed
+6.1-upstream-stable: needed
5.10-upstream-stable: needed
4.19-upstream-stable: needed
-4.9-upstream-stable: needed
+4.9-upstream-stable: ignored "EOL"
3.16-upstream-stable: ignored "EOL"
sid: needed
+6.1-bookworm-security: needed
5.10-bullseye-security: needed
4.19-buster-security: needed
-4.9-stretch-security: needed
+4.9-stretch-security: ignored "EOL"
3.16-jessie-security: ignored "EOL"
diff --git a/active/CVE-2018-1121 b/active/CVE-2018-1121
index 5b7bda03..e4341f70 100644
--- a/active/CVE-2018-1121
+++ b/active/CVE-2018-1121
@@ -8,12 +8,14 @@ Notes:
carnil> situation.
Bugs:
upstream: needed
+6.1-upstream-stable: needed
5.10-upstream-stable: needed
4.19-upstream-stable: needed
4.9-upstream-stable: ignored "Fix is likely not be possible without major side effects"
3.16-upstream-stable: ignored "Fix is likely not be possible without major side effects"
3.2-upstream-stable: ignored "EOL"
sid: ignored "Fix is likely not be possible without major side effects"
+6.1-bookworm-security: ignored "Fix is likely not be possible without major side effects"
5.10-bullseye-security: ignored "Fix is likely not be possible without major side effects"
4.19-buster-security: ignored "Fix is likely not be possible without major side effects"
4.9-stretch-security: ignored "Fix is likely not be possible without major side effects"
diff --git a/active/CVE-2018-12928 b/active/CVE-2018-12928
index e177c1ac..ce69f43a 100644
--- a/active/CVE-2018-12928
+++ b/active/CVE-2018-12928
@@ -10,12 +10,14 @@ Notes:
bwh> other tools that do similar probing.
Bugs:
upstream: needed
+6.1-upstream-stable: needed
5.10-upstream-stable: needed
4.19-upstream-stable: needed
-4.9-upstream-stable: needed
+4.9-upstream-stable: ignored "EOL"
3.16-upstream-stable: ignored "EOL"
sid: needed
+6.1-bookworm-security: needed
5.10-bullseye-security: needed
4.19-buster-security: needed
-4.9-stretch-security: needed
+4.9-stretch-security: ignored "EOL"
3.16-jessie-security: ignored "EOL"
diff --git a/active/CVE-2018-17977 b/active/CVE-2018-17977
index 049e303e..1b12051c 100644
--- a/active/CVE-2018-17977
+++ b/active/CVE-2018-17977
@@ -8,11 +8,13 @@ Notes:
carnil> CAP_NET_ADMIN or similar.
Bugs:
upstream: needed
+6.1-upstream-stable: needed
5.10-upstream-stable: needed
4.19-upstream-stable: needed
4.9-upstream-stable:
3.16-upstream-stable: ignored "EOL"
sid: needed
+6.1-bookworm-security: needed
5.10-bullseye-security: needed
4.19-buster-security: needed
4.9-stretch-security:
diff --git a/active/CVE-2019-15213 b/active/CVE-2019-15213
index 3dd7a686..8118e2e3 100644
--- a/active/CVE-2019-15213
+++ b/active/CVE-2019-15213
@@ -18,11 +18,13 @@ Notes:
bwh> memleak on sequence of probes".
Bugs:
upstream: needed
+6.1-upstream-stable: needed
5.10-upstream-stable: needed
4.19-upstream-stable: needed
4.9-upstream-stable: N/A "Vulnerability introduced later"
3.16-upstream-stable: N/A "Vulnerability introduced later"
sid: needed
+6.1-bookworm-security: needed
5.10-bullseye-security: needed
4.19-buster-security: needed
4.9-stretch-security: N/A "Vulnerability introduced later"
diff --git a/active/CVE-2019-15794 b/active/CVE-2019-15794
index 40d6a157..3511777d 100644
--- a/active/CVE-2019-15794
+++ b/active/CVE-2019-15794
@@ -5,13 +5,16 @@ References:
https://usn.ubuntu.com/usn/usn-4209-1
https://bugs.launchpad.net/bugs/1850994
Notes:
+ bwh> We no longer carry the aufs support patch.
Bugs:
upstream: N/A "introduced by aufs support patch"
+6.1-upstream-stable: N/A "introduced by aufs support patch"
5.10-upstream-stable: N/A "introduced by aufs support patch"
4.19-upstream-stable: N/A "introduced by aufs support patch"
4.9-upstream-stable: N/A "introduced by aufs support patch"
3.16-upstream-stable: N/A "introduced by aufs support patch"
-sid: needed
+sid: released (5.16.7-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
5.10-bullseye-security: needed
4.19-buster-security: needed
4.9-stretch-security: N/A "overlayfs passes through mmap"
diff --git a/active/CVE-2019-16089 b/active/CVE-2019-16089
index c9ad70f9..564d2a4b 100644
--- a/active/CVE-2019-16089
+++ b/active/CVE-2019-16089
@@ -7,11 +7,13 @@ Notes:
bwh> command". Probably not exploitable in most configurations.
Bugs:
upstream: needed
+6.1-upstream-stable: needed
5.10-upstream-stable: needed
4.19-upstream-stable: needed
4.9-upstream-stable: N/A "Vulnerable code not present"
3.16-upstream-stable: N/A "Vulnerable code not present"
sid: needed
+6.1-bookworm-security: needed
5.10-bullseye-security: needed
4.19-buster-security: needed
4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2019-19378 b/active/CVE-2019-19378
index 1626133c..f1525d54 100644
--- a/active/CVE-2019-19378
+++ b/active/CVE-2019-19378
@@ -6,12 +6,14 @@ Notes:
bwh> and RAID6".
Bugs:
upstream: needed
+6.1-upstream-stable: needed
5.10-upstream-stable: needed
4.19-upstream-stable: needed
-4.9-upstream-stable: needed
+4.9-upstream-stable: ignored "EOL"
3.16-upstream-stable: ignored "EOL"
sid: needed
+6.1-bookworm-security: needed
5.10-bullseye-security: needed
4.19-buster-security: needed
-4.9-stretch-security: needed
+4.9-stretch-security: ignored "EOL"
3.16-jessie-security: ignored "EOL"
diff --git a/active/CVE-2019-19449 b/active/CVE-2019-19449
index 996f1d0e..ee32f3dc 100644
--- a/active/CVE-2019-19449
+++ b/active/CVE-2019-19449
@@ -1,15 +1,21 @@
-Description:
+Description: f2fs: Heap out-of-bounds read in init_min_max_mtime()
References:
https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19449
Notes:
+ bwh> The loop in init_min_max_mtime() has not changed between
+ bwh> 4.9 and 5.17-rc4, and there don't appear to be any checks
+ bwh> that main_segments is exactly divisible by segs_per_sec,
+ bwh> so all branches are affected.
Bugs:
-upstream:
-5.10-upstream-stable:
-4.19-upstream-stable:
-4.9-upstream-stable:
+upstream: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+4.9-upstream-stable: ignored "EOL"
3.16-upstream-stable: ignored "EOL"
-sid:
-5.10-bullseye-security:
-4.19-buster-security:
-4.9-stretch-security:
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
+4.9-stretch-security: ignored "f2fs is not supportable"
3.16-jessie-security: ignored "EOL"
diff --git a/active/CVE-2019-19814 b/active/CVE-2019-19814
index c7209ed8..8586a7ce 100644
--- a/active/CVE-2019-19814
+++ b/active/CVE-2019-19814
@@ -1,15 +1,19 @@
-Description:
+Description: f2fs: Heap out-of-bounds write in __remove_dirty_segment()
References:
https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19814
Notes:
+ bwh> __remove_dirty_segment() needs to range-check the variable t
+ bwh> in the same way __locate_dirty_segment() does.
Bugs:
-upstream:
-5.10-upstream-stable:
-4.19-upstream-stable:
-4.9-upstream-stable:
+upstream: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+4.9-upstream-stable: ignored "EOL"
3.16-upstream-stable: ignored "EOL"
-sid:
-5.10-bullseye-security:
-4.19-buster-security:
-4.9-stretch-security:
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
+4.9-stretch-security: ignored "f2fs is not supportable"
3.16-jessie-security: ignored "EOL"
diff --git a/active/CVE-2019-20794 b/active/CVE-2019-20794
index 738843d4..7bfe5897 100644
--- a/active/CVE-2019-20794
+++ b/active/CVE-2019-20794
@@ -1,17 +1,22 @@
-Description:
+Description: fuse: FUSE daemon can make itself unkillable with request loops
References:
https://github.com/sargun/fuse-example
https://sourceforge.net/p/fuse/mailman/message/36598753/
https://lore.kernel.org/lkml/1e796f9e008fb78fb96358ff74f39bd4865a7c88.1604926010.git.gladkov.alexey@gmail.com/
Notes:
+ bwh> The proposed fix notes that the daemon can be killed off through
+ bwh> the fusectl filesystem, but the kill command or service shutdown
+ bwh> won't work.
Bugs:
-upstream:
-5.10-upstream-stable:
-4.19-upstream-stable:
-4.9-upstream-stable:
+upstream: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+4.9-upstream-stable: ignored "EOL"
3.16-upstream-stable: ignored "EOL"
-sid:
-5.10-bullseye-security:
-4.19-buster-security:
-4.9-stretch-security:
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
+4.9-stretch-security: ignored "EOL"
3.16-jessie-security: ignored "EOL"
diff --git a/active/CVE-2020-11725 b/active/CVE-2020-11725
index afdc8df8..17fce19a 100644
--- a/active/CVE-2020-11725
+++ b/active/CVE-2020-11725
@@ -8,12 +8,14 @@ Notes:
carnil> has been disputed to be correct by Takashi Iwai.
Bugs:
upstream: needed
+6.1-upstream-stable: needed
5.10-upstream-stable: needed
4.19-upstream-stable: needed
-4.9-upstream-stable: needed
+4.9-upstream-stable: ignored "EOL"
3.16-upstream-stable: ignored "EOL"
sid: needed
+6.1-bookworm-security: needed
5.10-bullseye-security: needed
4.19-buster-security: needed
-4.9-stretch-security: needed
+4.9-stretch-security: ignored "EOL"
3.16-jessie-security: ignored "EOL"
diff --git a/active/CVE-2020-12362 b/active/CVE-2020-12362
deleted file mode 100644
index 10202ab2..00000000
--- a/active/CVE-2020-12362
+++ /dev/null
@@ -1,20 +0,0 @@
-Description:
-References:
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html
-Notes:
- carnil> Claimed to affect versions before Linux kernel version 5.5.
- carnil> Not adding fixed versions as wanting to try to pinpoint the
- carnil> respective needed commits for correct tracking.
- carnil> Per Intel, this was fixed by a firmware update. v49.0.1 of the
- carnil> firmware is required. The new firmware requires a kernel patch
- carnil> https://git.kernel.org/linus/c784e5249e773689e38d2bc1749f08b986621a26
- carnil> So might not be treaded as Linux issue itself.
-Bugs:
-upstream:
-5.10-upstream-stable:
-4.19-upstream-stable:
-4.9-upstream-stable:
-sid:
-5.10-bullseye-security:
-4.19-buster-security:
-4.9-stretch-security:
diff --git a/active/CVE-2020-12363 b/active/CVE-2020-12363
index 10202ab2..cda01f7e 100644
--- a/active/CVE-2020-12363
+++ b/active/CVE-2020-12363
@@ -1,4 +1,4 @@
-Description:
+Description: i915: Bad input validation in GuC firmware leading to DoS
References:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html
Notes:
@@ -9,12 +9,16 @@ Notes:
carnil> firmware is required. The new firmware requires a kernel patch
carnil> https://git.kernel.org/linus/c784e5249e773689e38d2bc1749f08b986621a26
carnil> So might not be treaded as Linux issue itself.
+ bwh> Let's treat it as both firmware and kernel, similar to CPU issues
+ bwh> that need both microcode and kernel changes.
Bugs:
-upstream:
-5.10-upstream-stable:
-4.19-upstream-stable:
-4.9-upstream-stable:
-sid:
-5.10-bullseye-security:
-4.19-buster-security:
-4.9-stretch-security:
+upstream: released (5.11-rc1) [c784e5249e773689e38d2bc1749f08b986621a26]
+6.1-upstream-stable: N/A "Fixed before branch point"
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+4.9-upstream-stable: ignored "EOL"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: needed
+4.19-buster-security: needed
+4.9-stretch-security: ignored "EOL"
diff --git a/active/CVE-2020-12364 b/active/CVE-2020-12364
index 10202ab2..ada7c438 100644
--- a/active/CVE-2020-12364
+++ b/active/CVE-2020-12364
@@ -1,4 +1,4 @@
-Description:
+Description: i915: Null pointer deref in GuC firmware leading to DoS
References:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html
Notes:
@@ -9,12 +9,16 @@ Notes:
carnil> firmware is required. The new firmware requires a kernel patch
carnil> https://git.kernel.org/linus/c784e5249e773689e38d2bc1749f08b986621a26
carnil> So might not be treaded as Linux issue itself.
+ bwh> Let's treat it as both firmware and kernel, similar to CPU issues
+ bwh> that need both microcode and kernel changes.
Bugs:
-upstream:
-5.10-upstream-stable:
-4.19-upstream-stable:
-4.9-upstream-stable:
-sid:
-5.10-bullseye-security:
-4.19-buster-security:
-4.9-stretch-security:
+upstream: released (5.11-rc1) [c784e5249e773689e38d2bc1749f08b986621a26]
+6.1-upstream-stable: N/A "Fixed before branch point"
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+4.9-upstream-stable: ignored "EOL"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: needed
+4.19-buster-security: needed
+4.9-stretch-security: ignored "EOL"
diff --git a/active/CVE-2020-14304 b/active/CVE-2020-14304
index a9968be0..c33f8284 100644
--- a/active/CVE-2020-14304
+++ b/active/CVE-2020-14304
@@ -6,12 +6,14 @@ Notes:
Bugs:
https://bugs.debian.org/960702
upstream: needed
+6.1-upstream-stable: needed
5.10-upstream-stable: needed
4.19-upstream-stable: needed
-4.9-upstream-stable: needed
+4.9-upstream-stable: ignored "EOL"
3.16-upstream-stable: ignored "EOL"
sid: needed
+6.1-bookworm-security: needed
5.10-bullseye-security: needed
4.19-buster-security: needed
-4.9-stretch-security: needed
+4.9-stretch-security: ignored "EOL"
3.16-jessie-security: ignored "EOL"
diff --git a/active/CVE-2020-15802 b/active/CVE-2020-15802
deleted file mode 100644
index 79f8d99f..00000000
--- a/active/CVE-2020-15802
+++ /dev/null
@@ -1,17 +0,0 @@
-Description: BLURtooth: "Dual mode" hardware using CTKD are vulnerable to key overwrite
-References:
- https://bugzilla.redhat.com/show_bug.cgi?id=1878021
- https://securityaffairs.co/wordpress/108096/hacking/blurtooth-bluetooth-attack.html
- https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/
- https://www.kb.cert.org/vuls/id/589825/
- https://bugzilla.suse.com/show_bug.cgi?id=1176442
-Notes:
-Bugs:
-upstream:
-5.10-upstream-stable:
-4.19-upstream-stable:
-4.9-upstream-stable:
-sid:
-5.10-bullseye-security:
-4.19-buster-security:
-4.9-stretch-security:
diff --git a/active/CVE-2020-16120 b/active/CVE-2020-16120
index ecdcf75d..8434b579 100644
--- a/active/CVE-2020-16120
+++ b/active/CVE-2020-16120
@@ -16,10 +16,12 @@ Notes:
bwh> run-time configuration knobs to enable these.
Bugs:
upstream: released (5.8-rc1) [48bd024b8a40d73ad6b086de2615738da0c7004f, 56230d956739b9cb1cbde439d76227d77979a04d, 05acefb4872dae89e772729efb194af754c877e8]
+6.1-upstream-stable: N/A "Fixed before branch point"
5.10-upstream-stable: N/A "Fixed before branch point"
4.19-upstream-stable: N/A "Vulnerable configuration not possible"
4.9-upstream-stable: N/A "Vulnerable configuration not possible"
sid: released (5.8.7-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
5.10-bullseye-security: N/A "Fixed before branching point"
4.19-buster-security: needed
4.9-stretch-security: N/A "Vulnerable configuration not possible"
diff --git a/active/CVE-2020-24504 b/active/CVE-2020-24504
index 2274a302..0b21ca84 100644
--- a/active/CVE-2020-24504
+++ b/active/CVE-2020-24504
@@ -7,10 +7,12 @@ Notes:
carnil> VSI replay framework") in 4.20-rc1
Bugs:
upstream: released (5.12-rc1) [b126bd6bcd6710aa984104e979a5c930f44561b4]
+6.1-upstream-stable: N/A "Fixed before branch point"
5.10-upstream-stable: needed
4.19-upstream-stable: N/A "Vulnerable code not present"
4.9-upstream-stable: N/A "Vulnerable code not present"
sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
5.10-bullseye-security: needed
4.19-buster-security: N/A "Vulnerable code not present"
4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2020-26140 b/active/CVE-2020-26140
deleted file mode 100644
index db146255..00000000
--- a/active/CVE-2020-26140
+++ /dev/null
@@ -1,16 +0,0 @@
-Description: Accepting plaintext data frames in protected networks
-References:
- https://papers.mathyvanhoef.com/usenix2021.pdf
- https://www.fragattacks.com/
- https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
-Notes:
- carnil> Needs to be checked if this really has a fix in Linux.
-Bugs:
-upstream:
-5.10-upstream-stable:
-4.19-upstream-stable:
-4.9-upstream-stable:
-sid:
-5.10-bullseye-security:
-4.19-buster-security:
-4.9-stretch-security:
diff --git a/active/CVE-2020-26141 b/active/CVE-2020-26141
index f23ca662..afb158cd 100644
--- a/active/CVE-2020-26141
+++ b/active/CVE-2020-26141
@@ -11,10 +11,12 @@ Notes:
bwh> Realtek drivers for Linux might be affected.
Bugs:
upstream: released (5.13-rc4) [0dc267b13f3a7e8424a898815dd357211b737330]
+6.1-upstream-stable: N/A "Fixed before branch point"
5.10-upstream-stable: released (5.10.42) [6643b21aee1c3cac10da9dfb0fa17aacc431fa91]
4.19-upstream-stable: needed
-4.9-upstream-stable: needed
+4.9-upstream-stable: ignored "EOL"
sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
5.10-bullseye-security: N/A "Fixed before branching point"
4.19-buster-security: needed
-4.9-stretch-security: needed
+4.9-stretch-security: ignored "EOL"
diff --git a/active/CVE-2020-26142 b/active/CVE-2020-26142
deleted file mode 100644
index ab163436..00000000
--- a/active/CVE-2020-26142
+++ /dev/null
@@ -1,16 +0,0 @@
-Description: Processing fragmented frames as full frames
-References:
- https://papers.mathyvanhoef.com/usenix2021.pdf
- https://www.fragattacks.com/
- https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
-Notes:
- carnil> Needs to be checked if this really has a fix in Linux.
-Bugs:
-upstream:
-5.10-upstream-stable:
-4.19-upstream-stable:
-4.9-upstream-stable:
-sid:
-5.10-bullseye-security:
-4.19-buster-security:
-4.9-stretch-security:
diff --git a/active/CVE-2020-26143 b/active/CVE-2020-26143
deleted file mode 100644
index 7ab980e2..00000000
--- a/active/CVE-2020-26143
+++ /dev/null
@@ -1,16 +0,0 @@
-Description: Accepting fragmented plaintext frames in protected networks
-References:
- https://papers.mathyvanhoef.com/usenix2021.pdf
- https://www.fragattacks.com/
- https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
-Notes:
- carnil> Needs to be checked if this really has a fix in Linux.
-Bugs:
-upstream:
-5.10-upstream-stable:
-4.19-upstream-stable:
-4.9-upstream-stable:
-sid:
-5.10-bullseye-security:
-4.19-buster-security:
-4.9-stretch-security:
diff --git a/active/CVE-2020-26145 b/active/CVE-2020-26145
index a1035cfe..c22f388c 100644
--- a/active/CVE-2020-26145
+++ b/active/CVE-2020-26145
@@ -10,10 +10,12 @@ Notes:
bwh> 581c25f82ff4 "ath10k: unify rx undecapping", but might be even older.
Bugs:
upstream: released (5.13-rc4) [65c415a144ad8132b6a6d97d4a1919ffc728e2d1, 40e7462dad6f3d06efdb17d26539e61ab6e34db1]
+6.1-upstream-stable: N/A "Fixed before branch point"
5.10-upstream-stable: released (5.10.42) [b1b3dcd653772f93b69be50263a0ca50d7c9e77f, 425cee63609137fa0c8f84f59f0dd0e94f296efe]
4.19-upstream-stable: needed
-4.9-upstream-stable: needed
+4.9-upstream-stable: ignored "EOL"
sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
5.10-bullseye-security: N/A "Fixed before branching point"
4.19-buster-security: needed
-4.9-stretch-security: needed
+4.9-stretch-security: ignored "EOL"
diff --git a/active/CVE-2020-26541 b/active/CVE-2020-26541
index 562bd3a1..d694eb78 100644
--- a/active/CVE-2020-26541
+++ b/active/CVE-2020-26541
@@ -10,10 +10,12 @@ Notes:
carnil> enable the facility.
Bugs:
upstream: released (5.13-rc1) [56c5812623f95313f6a46fbf0beee7fa17c68bbf]
+6.1-upstream-stable: N/A "Fixed before branch point"
5.10-upstream-stable: released (5.10.47) [45109066f686597116467a53eaf4330450702a96]
4.19-upstream-stable: N/A "Secure Boot key import not supported"
4.9-upstream-stable: N/A "Secure Boot key import not supported"
sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
5.10-bullseye-security: released (5.10.70-1)
4.19-buster-security: needed
4.9-stretch-security: N/A "Secure Boot key import not supported"
diff --git a/active/CVE-2020-26555 b/active/CVE-2020-26555
deleted file mode 100644
index 5b14e35a..00000000
--- a/active/CVE-2020-26555
+++ /dev/null
@@ -1,15 +0,0 @@
-Description: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack
-References:
- https://kb.cert.org/vuls/id/799380
- https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/impersonation-pin-pairing/
- https://bugzilla.redhat.com/show_bug.cgi?id=1918601
-Notes:
-Bugs:
-upstream:
-5.10-upstream-stable:
-4.19-upstream-stable:
-4.9-upstream-stable:
-sid:
-5.10-bullseye-security:
-4.19-buster-security:
-4.9-stretch-security:
diff --git a/active/CVE-2020-26556 b/active/CVE-2020-26556
deleted file mode 100644
index ed76999e..00000000
--- a/active/CVE-2020-26556
+++ /dev/null
@@ -1,15 +0,0 @@
-Description: malleable commitment Bluetooth Mesh Provisioning
-References:
- https://kb.cert.org/vuls/id/799380
- https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/malleable/
- https://bugzilla.redhat.com/show_bug.cgi?id=1960012
-Notes:
-Bugs:
-upstream:
-5.10-upstream-stable:
-4.19-upstream-stable:
-4.9-upstream-stable:
-sid:
-5.10-bullseye-security:
-4.19-buster-security:
-4.9-stretch-security:
diff --git a/active/CVE-2020-26557 b/active/CVE-2020-26557
deleted file mode 100644
index 25a55842..00000000
--- a/active/CVE-2020-26557
+++ /dev/null
@@ -1,15 +0,0 @@
-Description: predictable Authvalue in Bluetooth Mesh Provisioning Leads to MITM
-References:
- https://kb.cert.org/vuls/id/799380
- https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/predicatable-authvalue/
- https://bugzilla.redhat.com/show_bug.cgi?id=1960009
-Notes:
-Bugs:
-upstream:
-5.10-upstream-stable:
-4.19-upstream-stable:
-4.9-upstream-stable:
-sid:
-5.10-bullseye-security:
-4.19-buster-security:
-4.9-stretch-security:
diff --git a/active/CVE-2020-26559 b/active/CVE-2020-26559
deleted file mode 100644
index 4fea3011..00000000
--- a/active/CVE-2020-26559
+++ /dev/null
@@ -1,15 +0,0 @@
-Description: Authvalue leak in Bluetooth Mesh Provisioning
-References:
- https://kb.cert.org/vuls/id/799380
- https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/authvalue-leak/
- https://bugzilla.redhat.com/show_bug.cgi?id=1960011
-Notes:
-Bugs:
-upstream:
-5.10-upstream-stable:
-4.19-upstream-stable:
-4.9-upstream-stable:
-sid:
-5.10-bullseye-security:
-4.19-buster-security:
-4.9-stretch-security:
diff --git a/active/CVE-2020-26560 b/active/CVE-2020-26560
deleted file mode 100644
index 3785e0fb..00000000
--- a/active/CVE-2020-26560
+++ /dev/null
@@ -1,15 +0,0 @@
-Description: impersonation attack in Bluetooth Mesh Provisioning
-References:
- https://kb.cert.org/vuls/id/799380
- https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/impersonation-mesh/
- https://bugzilla.redhat.com/show_bug.cgi?id=1959994
-Notes:
-Bugs:
-upstream:
-5.10-upstream-stable:
-4.19-upstream-stable:
-4.9-upstream-stable:
-sid:
-5.10-bullseye-security:
-4.19-buster-security:
-4.9-stretch-security:
diff --git a/active/CVE-2020-27820 b/active/CVE-2020-27820
index ff27602d..85ca1947 100644
--- a/active/CVE-2020-27820
+++ b/active/CVE-2020-27820
@@ -5,15 +5,15 @@ References:
https://lore.kernel.org/dri-devel/20201103194912.184413-4-jcline@redhat.com/
https://bugzilla.redhat.com/show_bug.cgi?id=1901726
Notes:
- bwh> I don't see how this is a security issue, though it seems like a
- bwh> worthwhile fix anyway.
carnil> Fixed as well in 5.15.5 for the 5.15.y series.
Bugs:
upstream: released (5.16-rc1) [aff2299e0d81b26304ccc6a1ec0170e437f38efc, abae9164a421bc4a41a3769f01ebcd1f9d955e0e, f55aaf63bde0d0336c3823bb3713bd4a464abbcf]
+6.1-upstream-stable: N/A "Fixed before branch point"
5.10-upstream-stable: released (5.10.82) [c81c90fbf5775ed1b907230eaaa766fa0e1b7cfa, 9221aff33edb627ea52a51379862f46e63e7c0c9, 82de15ca6b5574fc0e2f54daa1de00b5b2dcf32f]
-4.19-upstream-stable:
-4.9-upstream-stable:
+4.19-upstream-stable: needed
+4.9-upstream-stable: ignored "EOL"
sid: released (5.15.5-1)
-5.10-bullseye-security: needed
-4.19-buster-security:
-4.9-stretch-security:
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: needed
+4.9-stretch-security: ignored "EOL"
diff --git a/active/CVE-2020-27835 b/active/CVE-2020-27835
index 7057197d..8bb036f9 100644
--- a/active/CVE-2020-27835
+++ b/active/CVE-2020-27835
@@ -5,10 +5,12 @@ Notes:
carnil> Fixed as well in 5.9.12.
Bugs:
upstream: released (5.10-rc6) [3d2a9d642512c21a12d19b9250e7a835dcb41a79]
+6.1-upstream-stable: N/A "Fixed before branch point"
5.10-upstream-stable: N/A "Fixed before branch point"
4.19-upstream-stable: needed
-4.9-upstream-stable: needed
+4.9-upstream-stable: ignored "EOL"
sid: released (5.9.15-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
5.10-bullseye-security: N/A "Fixed before branching point"
4.19-buster-security: needed
-4.9-stretch-security: needed
+4.9-stretch-security: ignored "EOL"
diff --git a/active/CVE-2020-35501 b/active/CVE-2020-35501
index cdc97445..88799b6d 100644
--- a/active/CVE-2020-35501
+++ b/active/CVE-2020-35501
@@ -5,10 +5,12 @@ References:
Notes:
Bugs:
upstream: needed
+6.1-upstream-stable: needed
5.10-upstream-stable: needed
4.19-upstream-stable: needed
-4.9-upstream-stable: needed
+4.9-upstream-stable: ignored "EOL"
sid: needed
+6.1-bookworm-security: needed
5.10-bullseye-security: needed
4.19-buster-security: needed
-4.9-stretch-security: needed
+4.9-stretch-security: ignored "EOL"
diff --git a/active/CVE-2020-36310 b/active/CVE-2020-36310
index f61db03c..5372d216 100644
--- a/active/CVE-2020-36310
+++ b/active/CVE-2020-36310
@@ -4,12 +4,16 @@ References:
Notes:
bwh> Appears to have been introduced in 4.17 by commit 00b10fe1046c
bwh> "KVM: X86: Restart the guest when insn_len is zero and SEV is enabled".
+ bwh> Initially supposed to be fixed by e72436bc3a52 "KVM: SVM: avoid
+ bwh> infinite loop on NPF from bad address", but that was flawed.
Bugs:
-upstream: released (5.8-rc1) [e72436bc3a5206f95bb384e741154166ddb3202e]
-5.10-upstream-stable: N/A "Fixed before branching point"
+upstream: released (5.17-rc2) [55467fcd55b89c622e62b4afe60ac0eb2fae91f2]
+6.1-upstream-stable: N/A "Fixed before branch point"
+5.10-upstream-stable: released (5.10.102) [9dcedbe943be8c93722c1ed68b59001b28b0d889]
4.19-upstream-stable: needed
4.9-upstream-stable: N/A "Vulnerability introduced later"
-sid: released (5.8.7-1)
-5.10-bullseye-security: N/A "Fixed before branching point"
+sid: released (5.16.7-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.103-1)
4.19-buster-security: needed
4.9-stretch-security: N/A "Vulnerability introduced later"
diff --git a/active/CVE-2020-36385 b/active/CVE-2020-36385
index 1d1f016c..9f51e5ad 100644
--- a/active/CVE-2020-36385
+++ b/active/CVE-2020-36385
@@ -5,10 +5,12 @@ References:
Notes:
Bugs:
upstream: released (5.10-rc1) [f5449e74802c1112dea984aec8af7a33c4516af1]
+6.1-upstream-stable: N/A "Fixed before branch point"
5.10-upstream-stable: N/A "Fixed before branching point"
4.19-upstream-stable: needed
-4.9-upstream-stable: needed
+4.9-upstream-stable: ignored "EOL"
sid: released (5.10.4-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
5.10-bullseye-security: N/A "Fixed before branching point"
4.19-buster-security: needed
-4.9-stretch-security: needed
+4.9-stretch-security: ignored "EOL"
diff --git a/active/CVE-2020-36691 b/active/CVE-2020-36691
new file mode 100644
index 00000000..d91e1c99
--- /dev/null
+++ b/active/CVE-2020-36691
@@ -0,0 +1,12 @@
+Description: netlink: limit recursion depth in policy validation
+References:
+Notes:
+Bugs:
+upstream: released (5.8-rc1) [7690aa1cdf7c4565ad6b013b324c28b685505e24]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Fixed before branching point"
+4.19-upstream-stable: needed
+sid: released (5.8.7-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: needed
diff --git a/active/CVE-2020-36694 b/active/CVE-2020-36694
new file mode 100644
index 00000000..8885daa7
--- /dev/null
+++ b/active/CVE-2020-36694
@@ -0,0 +1,17 @@
+Description: KASAN: use-after-free Read in dump_schedule
+References:
+ https://syzkaller.appspot.com/bug?id=0c4fd9c6aa04ec116d01e915d3b186f71a212cb2
+Notes:
+ carnil> Originally fixed with cc00bcaa5899 ("netfilter: x_tables:
+ carnil> Switch synchronization to RCU") in 5.10 but the patch was
+ carnil> reverted with d3d40f237480 ("Revert "netfilter: x_tables:
+ carnil> Switch synchronization to RCU"") in 5.12-rc5.
+Bugs:
+upstream: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable:
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security:
diff --git a/active/CVE-2020-36775 b/active/CVE-2020-36775
new file mode 100644
index 00000000..035111ad
--- /dev/null
+++ b/active/CVE-2020-36775
@@ -0,0 +1,15 @@
+Description: f2fs: fix to avoid potential deadlock
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.7-rc1) [df77fbd8c5b222c680444801ffd20e8bbc90a56e]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Fixed before branching point"
+4.19-upstream-stable: needed
+sid: released (5.6.7-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: needed
diff --git a/active/CVE-2020-36776 b/active/CVE-2020-36776
new file mode 100644
index 00000000..605c0af2
--- /dev/null
+++ b/active/CVE-2020-36776
@@ -0,0 +1,17 @@
+Description: thermal/drivers/cpufreq_cooling: Fix slab OOB issue
+References:
+Notes:
+ carnil> Introduced in 371a3bc79c11b ("thermal/drivers/cpufreq_cooling: Fix wrong
+ carnil> frequency converted from power"). Vulnerable versions: 4.14.189 4.19.134 5.4.53
+ carnil> 5.7.8 5.8-rc4.
+Bugs:
+upstream: released (5.13-rc1) [34ab17cc6c2c1ac93d7e5d53bb972df9a968f085]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.36) [c24a20912eef00587416628149c438e885eb1304]
+4.19-upstream-stable: needed
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: needed
diff --git a/active/CVE-2020-36780 b/active/CVE-2020-36780
new file mode 100644
index 00000000..75de7417
--- /dev/null
+++ b/active/CVE-2020-36780
@@ -0,0 +1,16 @@
+Description: i2c: sprd: fix reference leak when pm_runtime_get_sync fails
+References:
+Notes:
+ carnil> Introduced in 8b9ec0719834 ("i2c: Add Spreadtrum I2C controller driver").
+ carnil> Vulnerable versions: 4.14-rc1.
+Bugs:
+upstream: released (5.13-rc1) [3a4f326463117cee3adcb72999ca34a9aaafda93]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [e547640cee7981fd751d2c9cde3a61bdb678b755]
+4.19-upstream-stable: needed
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: needed
diff --git a/active/CVE-2020-36782 b/active/CVE-2020-36782
new file mode 100644
index 00000000..b41c96a3
--- /dev/null
+++ b/active/CVE-2020-36782
@@ -0,0 +1,16 @@
+Description: i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails
+References:
+Notes:
+ carnil> Introduced in 13d6eb20fc79 ("i2c: imx-lpi2c: add runtime pm support").
+ carnil> Vulnerable versions: 4.16-rc1.
+Bugs:
+upstream: released (5.13-rc1) [278e5bbdb9a94fa063c0f9bcde2479d0b8042462]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [cc49d206414240483bb93ffa3d80243e6a776916]
+4.19-upstream-stable: needed
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: needed
diff --git a/active/CVE-2020-36783 b/active/CVE-2020-36783
new file mode 100644
index 00000000..50f67467
--- /dev/null
+++ b/active/CVE-2020-36783
@@ -0,0 +1,16 @@
+Description: i2c: img-scb: fix reference leak when pm_runtime_get_sync fails
+References:
+Notes:
+ carnil> Introduced in 93222bd9b966 ("i2c: img-scb: Add runtime PM"). Vulnerable
+ carnil> versions: 4.15-rc1.
+Bugs:
+upstream: released (5.13-rc1) [223125e37af8a641ea4a09747a6a52172fc4b903]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [e80ae8bde41266d3b8bf012460b6593851766006]
+4.19-upstream-stable: needed
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: needed
diff --git a/active/CVE-2020-36784 b/active/CVE-2020-36784
new file mode 100644
index 00000000..07e7ac9a
--- /dev/null
+++ b/active/CVE-2020-36784
@@ -0,0 +1,16 @@
+Description: i2c: cadence: fix reference leak when pm_runtime_get_sync fails
+References:
+Notes:
+ carnil> Introduced in 7fa32329ca03 ("i2c: cadence: Move to sensible power management").
+ carnil> Vulnerable versions: 4.5-rc1.
+Bugs:
+upstream: released (5.13-rc1) [23ceb8462dc6f4b4decdb5536a7e5fc477cdf0b6]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [30410519328c94367e561fd878e5f0d3a0303585]
+4.19-upstream-stable: needed
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: needed
diff --git a/active/CVE-2021-0929 b/active/CVE-2021-0929
index ea760d83..64662742 100644
--- a/active/CVE-2021-0929
+++ b/active/CVE-2021-0929
@@ -9,10 +9,12 @@ Notes:
carnil> The ION driver is not built in Debian (CONFIG_ION not enabled).
Bugs:
upstream: released (5.6-rc1) [3e9e0c5c764704218c0960ffdb139de075afaadf]
+6.1-upstream-stable: N/A "Fixed before branch point"
5.10-upstream-stable: N/A "Fixed before branching point"
4.19-upstream-stable: needed
-4.9-upstream-stable: needed
+4.9-upstream-stable: ignored "EOL"
sid: released (5.6.7-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
5.10-bullseye-security: ignored "ION driver not enabled"
4.19-buster-security: ignored "ION driver not enabled"
4.9-stretch-security: ignored "ION driver not enabled"
diff --git a/active/CVE-2021-20317 b/active/CVE-2021-20317
deleted file mode 100644
index c41877da..00000000
--- a/active/CVE-2021-20317
+++ /dev/null
@@ -1,13 +0,0 @@
-Description: lib/timerqueue: Rely on rbtree semantics for next timer
-References:
- https://bugzilla.redhat.com/show_bug.cgi?id=2005258
-Notes:
-Bugs:
-upstream: released (5.4-rc1) [511885d7061eda3eb1faf3f57dcc936ff75863f1]
-5.10-upstream-stable: N/A "Fixed before branching point"
-4.19-upstream-stable: released (4.19.210) [b9a1ac8e7c03fd09992352c7fb1a61cbbb9ad52b]
-4.9-upstream-stable:
-sid: released (5.4.6-1)
-5.10-bullseye-security: N/A "Fixed before branching point"
-4.19-buster-security: needed
-4.9-stretch-security:
diff --git a/active/CVE-2021-33061 b/active/CVE-2021-33061
new file mode 100644
index 00000000..ad329456
--- /dev/null
+++ b/active/CVE-2021-33061
@@ -0,0 +1,19 @@
+Description: ixgbe: add improvement for MDD response functionality
+References:
+ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00571.html
+Notes:
+ bwh> This appears to have been introduced in 2.6.34 by commit
+ bwh> 1cdd1ec87843 "ixgbe: Add SR-IOV features to main module", or else
+ bwh> in 3.2 by commit 83c61fa97a7d "ixgbe: Add protection from VF
+ bwh> invalid target DMA". Either way, all branches are affected.
+Bugs:
+upstream: released (5.18-rc1) [008ca35f6e87be1d60b6af3d1ae247c6d5c2531d]
+6.1-upstream-stable: N/A "Fixed before branch point"
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+4.9-upstream-stable: ignored "EOL"
+sid: released (5.18.2-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: needed
+4.19-buster-security: needed
+4.9-stretch-security: ignored "EOL"
diff --git a/active/CVE-2021-33630 b/active/CVE-2021-33630
new file mode 100644
index 00000000..ac557941
--- /dev/null
+++ b/active/CVE-2021-33630
@@ -0,0 +1,14 @@
+Description: net/sched: cbs: Fix not adding cbs instance to list
+References:
+Notes:
+ carnil> Commit fixes e0a7683d30e9 ("net/sched: cbs: fix port_rate
+ carnil> miscalculation") in 5.2-rc1 (and backported to 4.19.99)
+Bugs:
+upstream: released (5.4-rc1) [3e8b9bfa110896f95d602d8c98d5f9d67e41d78c]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Fixed before branching point"
+4.19-upstream-stable: released (4.19.307)
+sid: released (5.3.7-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: pending (4.19.309-1)
diff --git a/active/CVE-2021-3493 b/active/CVE-2021-3493
index 920ef556..662e748b 100644
--- a/active/CVE-2021-3493
+++ b/active/CVE-2021-3493
@@ -10,10 +10,12 @@ Notes:
carnil> warning).
Bugs:
upstream: released (5.11-rc1) [7c03e2cda4a584cadc398e8f6641ca9988a39d52]
+6.1-upstream-stable: N/A "Fixed before branch point"
5.10-upstream-stable: needed
-4.19-upstream-stable: needed
+4.19-upstream-stable: N/A "Unprivileged users cannot mount overlayfs"
4.9-upstream-stable: N/A "Unprivileged users cannot mount overlayfs"
sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
5.10-bullseye-security: N/A "Fixed before branching point"
4.19-buster-security: needed
4.9-stretch-security: N/A "Unprivileged users cannot mount overlayfs"
diff --git a/active/CVE-2021-3669 b/active/CVE-2021-3669
index 59f54c70..1aa7b319 100644
--- a/active/CVE-2021-3669
+++ b/active/CVE-2021-3669
@@ -11,10 +11,12 @@ Notes:
carnil> https://bugzilla.redhat.com/show_bug.cgi?id=1986473#c10
Bugs:
upstream: released (5.15-rc1) [20401d1058f3f841f35a594ac2fc1293710e55b9]
+6.1-upstream-stable: N/A "Fixed before branch point"
5.10-upstream-stable: needed
4.19-upstream-stable: needed
-4.9-upstream-stable: needed
+4.9-upstream-stable: ignored "EOL"
sid: released (5.15.3-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
5.10-bullseye-security: needed
4.19-buster-security: needed
-4.9-stretch-security: needed
+4.9-stretch-security: ignored "EOL"
diff --git a/active/CVE-2021-3752 b/active/CVE-2021-3752
deleted file mode 100644
index e05e3e7f..00000000
--- a/active/CVE-2021-3752
+++ /dev/null
@@ -1,18 +0,0 @@
-Description: UAF in bluetooth
-References:
- https://www.openwall.com/lists/oss-security/2021/09/15/4
- https://bugzilla.suse.com/show_bug.cgi?id=1190023
- https://lore.kernel.org/lkml/20210714031733.1395549-1-bobo.shaobowang@huawei.com/
-Notes:
- carnil> With the presence of 3af70b39fa2d ("Bluetooth: check for zapped
- carnil> sk before connecting") in 5.13-rc1 (and 5.10.38, 4.19.191) this
- carnil> bug is not easy to trigger itself.
-Bugs:
-upstream:
-5.10-upstream-stable:
-4.19-upstream-stable:
-4.9-upstream-stable:
-sid:
-5.10-bullseye-security:
-4.19-buster-security:
-4.9-stretch-security:
diff --git a/active/CVE-2021-3759 b/active/CVE-2021-3759
index bf4ee9c9..db365fe7 100644
--- a/active/CVE-2021-3759
+++ b/active/CVE-2021-3759
@@ -5,10 +5,12 @@ References:
Notes:
Bugs:
upstream: released (5.15-rc1) [18319498fdd4cdf8c1c2c48cd432863b1f915d6f]
-5.10-upstream-stable: needed
+6.1-upstream-stable: N/A "Fixed before branch point"
+5.10-upstream-stable: released (5.10.154) [836686e1a01d7e2fda6a5a18252243ff30a6e196]
4.19-upstream-stable: needed
-4.9-upstream-stable: needed
+4.9-upstream-stable: ignored "EOL"
sid: released (5.15.3-1)
-5.10-bullseye-security: needed
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.158-1)
4.19-buster-security: needed
-4.9-stretch-security: needed
+4.9-stretch-security: ignored "EOL"
diff --git a/active/CVE-2021-38207 b/active/CVE-2021-38207
index 597f60dd..b3ac1964 100644
--- a/active/CVE-2021-38207
+++ b/active/CVE-2021-38207
@@ -4,10 +4,12 @@ Notes:
bwh> Driver is only usable on microblaze and 32-bit powerpc
Bugs:
upstream: released (5.13-rc7) [c364df2489b8ef2f5e3159b1dff1ff1fdb16040d]
+6.1-upstream-stable: N/A "Fixed before branch point"
5.10-upstream-stable: released (5.10.46) [cfe403f209b11fad123a882100f0822a52a7630f]
4.19-upstream-stable: needed
-4.9-upstream-stable: needed
+4.9-upstream-stable: ignored "EOL"
sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
5.10-bullseye-security: N/A "Fixed before branching point"
4.19-buster-security: ignored "Not applicable to any release architecture"
4.9-stretch-security: ignored "Not applicable to any release architecture"
diff --git a/active/CVE-2021-3847 b/active/CVE-2021-3847
index efa4f591..8f94510f 100644
--- a/active/CVE-2021-3847
+++ b/active/CVE-2021-3847
@@ -1,14 +1,23 @@
-Description: low-privileged user privileges escalation
+Description: ovl: Copy-up from nosuid lower to suid upper could allow priv-esc
References:
https://bugzilla.redhat.com/show_bug.cgi?id=2009704
https://www.openwall.com/lists/oss-security/2021/10/14/3
+ https://www.openwall.com/lists/oss-security/2021/10/20/1
Notes:
+ bwh> Only likely to be exploitable after commit 459c7c565ac3
+ bwh> "ovl: unprivieged mounts" in 5.11-rc1, or if the
+ bwh> Debian-specific module parameter permit_mounts_in_userns
+ bwh> is enabled.
+ carnil> According to the followups, is considered a misconfiguration of
+ carnil> the mount, and not a kernel bug. Should we retire the CVE?
Bugs:
-upstream:
-5.10-upstream-stable:
-4.19-upstream-stable:
-4.9-upstream-stable:
-sid:
-5.10-bullseye-security:
-4.19-buster-security:
-4.9-stretch-security:
+upstream: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+4.9-upstream-stable: ignored "EOL"
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
+4.9-stretch-security: ignored "EOL"
diff --git a/active/CVE-2021-3864 b/active/CVE-2021-3864
new file mode 100644
index 00000000..1ffc8bf2
--- /dev/null
+++ b/active/CVE-2021-3864
@@ -0,0 +1,29 @@
+Description: setuid program that exec's can coredump in dir not writable by caller; priv-esc possible
+References:
+ https://www.openwall.com/lists/oss-security/2021/10/20/2
+ https://bugzilla.redhat.com/show_bug.cgi?id=2015046
+ https://lore.kernel.org/all/20211221021744.864115-1-longman@redhat.com
+ https://lore.kernel.org/lkml/20211228170910.623156-1-wander@redhat.com
+ https://lore.kernel.org/all/20211226150310.GA992@1wt.eu/
+Notes:
+ bwh> The PoC exploits logrotate's lax parsing of configuration files
+ bwh> to inject commands via the coredump, but I think generally we
+ bwh> should assume that bypassing write-protection in any way can
+ bwh> lead to privilege escalation.
+ bwh> sudo is an important part of the PoC and should disable core-
+ bwh> dumps by default.
+ bwh> It's less clear what should be done in the kernel; possibly
+ bwh> some resource limits should be reset on exec of a setuid
+ bwh> program - see
+ bwh> https://lore.kernel.org/linux-api/87fso91n0v.fsf_-_@email.froward.int.ebiederm.org/
+Bugs:
+upstream: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+4.9-upstream-stable: ignored "EOL"
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
+4.9-stretch-security: ignored "EOL"
diff --git a/active/CVE-2021-3892 b/active/CVE-2021-3892
deleted file mode 100644
index 1867d5d2..00000000
--- a/active/CVE-2021-3892
+++ /dev/null
@@ -1,24 +0,0 @@
-Description: memory leak in fib6_rule_suppress could result in DoS
-References:
- https://bugzilla.redhat.com/show_bug.cgi?id=2014623
- https://bugzilla.redhat.com/show_bug.cgi?id=2008123
- https://bugzilla.suse.com/show_bug.cgi?id=1192261
-Notes:
- carnil> At time of writing only limited information provided by Red
- carnil> Hat: "The kernel leaks memory when firewalld IPv6_rpfilter is
- carnil> enabled and a suppress_prefix rule is present in the IPv6
- carnil> routing rules (used by certain tools such as wg-quick). In such
- carnil> scenarios, every incoming packet will leak an allocation in
- carnil> ip6_dst_cache slab cache." The SUSE bugzilla entry indicates
- carnil> this as to be related to ca7a03c41753 ("ipv6: do not free rt if
- carnil> FIB_LOOKUP_NOREF is set on suppress rule") which makes it
- carnil> potentially a duplicate of CVE-2019-18198.
-Bugs:
-upstream:
-5.10-upstream-stable:
-4.19-upstream-stable:
-4.9-upstream-stable:
-sid:
-5.10-bullseye-security:
-4.19-buster-security:
-4.9-stretch-security:
diff --git a/active/CVE-2021-4023 b/active/CVE-2021-4023
new file mode 100644
index 00000000..4649a41a
--- /dev/null
+++ b/active/CVE-2021-4023
@@ -0,0 +1,21 @@
+Description: io-wq: fix cancellation on create-worker failure
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2026484
+ https://git.kernel.dk/cgit/linux-block/commit/?h=io_uring-5.15&id=713b9825a4c47897f66ad69409581e7734a8728e
+ https://lkml.org/lkml/2021/9/8/64
+Notes:
+ bwh> It's unclear to me whether this was introduced in 5.15-rc1 by commit
+ bwh> 3146cba99aa2 "io-wq: make worker creation resilient against signals"
+ bwh> or whether the issue already existed and both commits were needed to
+ bwh> fix it.
+Bugs:
+upstream: released (5.15-rc1) [713b9825a4c47897f66ad69409581e7734a8728e]
+6.1-upstream-stable: N/A "Fixed before branch point"
+5.10-upstream-stable:
+4.19-upstream-stable: N/A "Vulnerable code introduced later"
+4.9-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (5.15.3-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security:
+4.19-buster-security: N/A "Vulnerable code introduced later"
+4.9-stretch-security: N/A "Vulnerable code introduced later"
diff --git a/active/CVE-2021-4037 b/active/CVE-2021-4037
new file mode 100644
index 00000000..0671dfc7
--- /dev/null
+++ b/active/CVE-2021-4037
@@ -0,0 +1,19 @@
+Description: xfs: fix up non-directory creation in SGID directories
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2027239
+Notes:
+ carnil> Fixes for CVE-2018-13405 did not cover XFS. Said to be fixed in
+ carnil> 5.11-rc1 but need to isolate the fix. The reference to 5.11-rc1
+ carnil> in the Red Hat bugzilla though seems wrong. The fix landed in
+ carnil> 5.12-rc1.
+Bugs:
+upstream: released (5.12-rc1) [01ea173e103edd5ec41acec65b9261b87e123fc2]
+6.1-upstream-stable: N/A "Fixed before branch point"
+5.10-upstream-stable: released (5.10.146) [e811a534ec2f7f6c0d27532c0915715427b7cab1]
+4.19-upstream-stable: needed
+4.9-upstream-stable: ignored "EOL"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: needed
+4.9-stretch-security: ignored "EOL"
diff --git a/active/CVE-2021-4204 b/active/CVE-2021-4204
new file mode 100644
index 00000000..56706928
--- /dev/null
+++ b/active/CVE-2021-4204
@@ -0,0 +1,26 @@
+Description: eBPF Improper Input Validation Vulnerability
+References:
+ https://www.openwall.com/lists/oss-security/2022/01/11/4
+ https://www.openwall.com/lists/oss-security/2022/06/04/2
+ https://github.com/tr3ee/CVE-2021-4204
+Notes:
+ carnil> Similar issue with CVE-2021-34866.
+ carnil> To be checked, fixed as well with the refactoring in
+ carnil> c25b2ae13603 ("bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX
+ carnil> | PTR_MAYBE_NULL")?
+ carnil> Introduced after 457f44363a88 ("bpf: Implement BPF ring buffer
+ carnil> and verifier support for it") in 5.8-rc1.
+ carnil> Fixed as well in 5.15.17 for 5.15.y.
+ carnil> The main fix seems to be 64620e0a1e71 ("bpf: Fix out of bounds
+ carnil> access for ringbuf helpers") but has pre-requisite work done.
+Bugs:
+upstream: released (5.17-rc1) [be80a1d3f9dbe5aee79a325964f7037fe2d92f30, d400a6cf1c8a57cdf10f35220ead3284320d85ff, 6788ab23508bddb0a9d88e104284922cb2c22b77, 64620e0a1e712a778095bd35cbb277dc2259281f, a672b2e36a648afb04ad3bda93b6bda947a479a5, 722e4db3ae0d52b2e3801280afbe19cf2d188e91, 37c8d4807d1b8b521b30310dce97f6695dc2c2c6]
+6.1-upstream-stable: N/A "Fixed before branch point"
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code introduced later"
+4.9-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (5.17.3-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code introduced later"
+4.9-stretch-security: N/A "Vulnerable code introduced later"
diff --git a/active/CVE-2021-43975 b/active/CVE-2021-43975
deleted file mode 100644
index 68e83097..00000000
--- a/active/CVE-2021-43975
+++ /dev/null
@@ -1,14 +0,0 @@
-Description: atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait
-References:
- https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=b922f622592af76b57cbc566eaeccda0b31a3496
- https://lore.kernel.org/netdev/163698540868.13805.17800408021782408762.git-patchwork-notify@kernel.org/T/
-Notes:
-Bugs:
-upstream: released (5.16-rc2) [b922f622592af76b57cbc566eaeccda0b31a3496]
-5.10-upstream-stable: needed
-4.19-upstream-stable: needed
-4.9-upstream-stable: needed
-sid: needed
-5.10-bullseye-security: needed
-4.19-buster-security: needed
-4.9-stretch-security: needed
diff --git a/active/CVE-2021-43976 b/active/CVE-2021-43976
deleted file mode 100644
index cd708e8e..00000000
--- a/active/CVE-2021-43976
+++ /dev/null
@@ -1,14 +0,0 @@
-Description: mwifiex_usb: Fix skb_over_panic in mwifiex_usb_recv
-References:
- https://patchwork.kernel.org/project/linux-wireless/patch/YX4CqjfRcTa6bVL+@Zekuns-MBP-16.fios-router.home/
- https://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next.git/commit/?id=04d80663f67ccef893061b49ec8a42ff7045ae84
-Notes:
-Bugs:
-upstream: needed
-5.10-upstream-stable: needed
-4.19-upstream-stable: needed
-4.9-upstream-stable: needed
-sid: needed
-5.10-bullseye-security: needed
-4.19-buster-security: needed
-4.9-stretch-security: needed
diff --git a/active/CVE-2021-46925 b/active/CVE-2021-46925
new file mode 100644
index 00000000..3a564841
--- /dev/null
+++ b/active/CVE-2021-46925
@@ -0,0 +1,16 @@
+Description: net/smc: fix kernel panic caused by race of smc_sock
+References:
+Notes:
+ carnil> Introduced in 5f08318f617b ("smc: connection data control (CDC)"). Vulnerable
+ carnil> versions: 4.11-rc1.
+Bugs:
+upstream: released (5.16-rc8) [349d43127dac00c15231e8ffbcaabd70f7b0e544]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.90) [e8a5988a85c719ce7205cb00dcf0716dcf611332]
+4.19-upstream-stable: needed
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2021-46926 b/active/CVE-2021-46926
new file mode 100644
index 00000000..faf9d98e
--- /dev/null
+++ b/active/CVE-2021-46926
@@ -0,0 +1,15 @@
+Description: ALSA: hda: intel-sdw-acpi: harden detection of controller
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.16-rc7) [385f287f9853da402d94278e59f594501c1d1dad]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2021-46928 b/active/CVE-2021-46928
new file mode 100644
index 00000000..bcac7223
--- /dev/null
+++ b/active/CVE-2021-46928
@@ -0,0 +1,15 @@
+Description: parisc: Clear stale IIR value on instruction access rights trap
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.16-rc7) [484730e5862f6b872dca13840bed40fd7c60fa26]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.90) [d01e9ce1af6116f812491d3d3873d204f10ae0b8]
+4.19-upstream-stable: needed
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2021-46941 b/active/CVE-2021-46941
new file mode 100644
index 00000000..dfe5ef2a
--- /dev/null
+++ b/active/CVE-2021-46941
@@ -0,0 +1,16 @@
+Description: usb: dwc3: core: Do core softreset when switch mode
+References:
+Notes:
+ carnil> Introduced in 41ce1456e1db ("usb: dwc3: core: make dwc3_set_mode() work
+ carnil> properly"). Vulnerable versions: 4.12-rc1.
+Bugs:
+upstream: released (5.13-rc1) [f88359e1588b85cf0e8209ab7d6620085f3441d9]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.36) [fce7bbcd07d59ac30dba8ce225316b3b4c1c7b50]
+4.19-upstream-stable: needed
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: needed
diff --git a/active/CVE-2021-46981 b/active/CVE-2021-46981
new file mode 100644
index 00000000..5cb89dea
--- /dev/null
+++ b/active/CVE-2021-46981
@@ -0,0 +1,16 @@
+Description: nbd: Fix NULL pointer in flush_workqueue
+References:
+Notes:
+ carnil> Introduced in e9e006f5fcf2 ("nbd: fix max number of supported devs").
+ carnil> Vulnerable versions: 4.14.149 4.14.161 4.19.79 4.19.92 5.3.6 5.4-rc1 5.4.7.
+Bugs:
+upstream: released (5.13-rc2) [79ebe9110fa458d58f1fceb078e2068d7ad37390]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [cde4b55cfb24522dcbba80bbdb0c082303e76c43]
+4.19-upstream-stable: needed
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: needed
diff --git a/active/CVE-2021-46984 b/active/CVE-2021-46984
new file mode 100644
index 00000000..8028dc9a
--- /dev/null
+++ b/active/CVE-2021-46984
@@ -0,0 +1,16 @@
+Description: kyber: fix out of bounds access when preempted
+References:
+Notes:
+ carnil> Introduced in a6088845c2bf ("block: kyber: make kyber more friendly with
+ carnil> merging"). Vulnerable versions: 4.18-rc1.
+Bugs:
+upstream: released (5.13-rc2) [efed9a3337e341bd0989161b97453b52567bc59d]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [54dbe2d2c1fcabf650c7a8b747601da355cd7f9f]
+4.19-upstream-stable: needed
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: needed
diff --git a/active/CVE-2021-46987 b/active/CVE-2021-46987
new file mode 100644
index 00000000..f547bb57
--- /dev/null
+++ b/active/CVE-2021-46987
@@ -0,0 +1,17 @@
+Description: btrfs: fix deadlock when cloning inline extents and using qgroups
+References:
+Notes:
+ carnil> Introduced in " tag for the later commit to ease stable
+ carnil> c53e9653605dbf ("btrfs: qgroup: try to flush qgroup space when we get
+ carnil> -EDQUOT"). Vulnerable versions: 5.4.141 5.9-rc1.
+Bugs:
+upstream: released (5.13-rc2) [f9baa501b4fd6962257853d46ddffbc21f27e344]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47014 b/active/CVE-2021-47014
new file mode 100644
index 00000000..24338754
--- /dev/null
+++ b/active/CVE-2021-47014
@@ -0,0 +1,18 @@
+Description: net/sched: act_ct: fix wild memory access when clearing fragments
+References:
+Notes:
+ carnil> Introduced in ae372cb1750f ("net/sched: act_ct: fix restore the qdisc_skb_cb
+ carnil> after defrag")
+ carnil> 7baf2429a1a9 ("net/sched: cls_flower add CT_FLAGS_INVALID flag support").
+ carnil> Vulnerable versions: 5.7.12 5.8-rc7 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc1) [f77bd544a6bbe69aa50d9ed09f13494cf36ff806]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47015 b/active/CVE-2021-47015
new file mode 100644
index 00000000..883612f6
--- /dev/null
+++ b/active/CVE-2021-47015
@@ -0,0 +1,16 @@
+Description: bnxt_en: Fix RX consumer index logic in the error path.
+References:
+Notes:
+ carnil> Introduced in a1b0e4e684e9 ("bnxt_en: Improve RX consumer index validity
+ carnil> check."). Vulnerable versions: 4.9.169 4.14.112 4.19.35 5.0.8 5.1-rc5.
+Bugs:
+upstream: released (5.13-rc1) [bbd6f0a948139970f4a615dff189d9a503681a39]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [4fcaad2b7dac3f16704f8118c7e481024ddbd3ed]
+4.19-upstream-stable: needed
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: needed
diff --git a/active/CVE-2021-47024 b/active/CVE-2021-47024
new file mode 100644
index 00000000..bbd1a776
--- /dev/null
+++ b/active/CVE-2021-47024
@@ -0,0 +1,16 @@
+Description: vsock/virtio: free queued packets when closing socket
+References:
+Notes:
+ carnil> Introduced in ac03046ece2b ("vsock/virtio: free packets during the socket
+ carnil> release"). Vulnerable versions: 4.9.179 4.14.122 4.19.46 5.0.19 5.1.5 5.2-rc2.
+Bugs:
+upstream: released (5.13-rc1) [8432b8114957235f42e070a16118a7f750de9d39]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [b605673b523fe33abeafb2136759bcbc9c1e6ebf]
+4.19-upstream-stable: needed
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: needed
diff --git a/active/CVE-2021-47028 b/active/CVE-2021-47028
new file mode 100644
index 00000000..8aacdc75
--- /dev/null
+++ b/active/CVE-2021-47028
@@ -0,0 +1,18 @@
+Description: mt76: mt7915: fix txrate reporting
+References:
+Notes:
+ carnil> Introduced in e57b7901469f ("mt76: add mac80211 driver for MT7915 PCIe-based
+ carnil> chipsets")
+ carnil> e4c5ead632ff ("mt76: mt7915: rename mt7915_mcu_get_rate_info to
+ carnil> mt7915_mcu_get_tx_rate"). Vulnerable versions: 5.8-rc1 5.11-rc1.
+Bugs:
+upstream: released (5.13-rc1) [f43b941fd61003659a3f0e039595e5e525917aa8]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47036 b/active/CVE-2021-47036
new file mode 100644
index 00000000..0b9264a9
--- /dev/null
+++ b/active/CVE-2021-47036
@@ -0,0 +1,17 @@
+Description: udp: skip L4 aggregation for UDP tunnel packets
+References:
+Notes:
+ carnil> Introduced in 9fd1ff5d2ac7 ("udp: Support UDP fraglist GRO/GSO.")
+ carnil> 36707061d6ba ("udp: allow forwarding of plain (non-fraglisted) UDP GRO
+ carnil> packets"). Vulnerable versions: 5.6-rc1 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc1) [18f25dc399901426dff61e676ba603ff52c666f7]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47037 b/active/CVE-2021-47037
new file mode 100644
index 00000000..7cfefef0
--- /dev/null
+++ b/active/CVE-2021-47037
@@ -0,0 +1,16 @@
+Description: ASoC: q6afe-clocks: fix reprobing of the driver
+References:
+Notes:
+ carnil> Introduced in 520a1c396d19 ("ASoC: q6afe-clocks: add q6afe clock controller").
+ carnil> Vulnerable versions: 5.10-rc3.
+Bugs:
+upstream: released (5.13-rc4) [96fadf7e8ff49fdb74754801228942b67c3eeebd]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47049 b/active/CVE-2021-47049
new file mode 100644
index 00000000..bb2a135c
--- /dev/null
+++ b/active/CVE-2021-47049
@@ -0,0 +1,16 @@
+Description: Drivers: hv: vmbus: Use after free in __vmbus_open()
+References:
+Notes:
+ carnil> Introduced in 6f3d791f3006 ("Drivers: hv: vmbus: Fix rescind handling issues").
+ carnil> Vulnerable versions: 4.13.9 4.14-rc1.
+Bugs:
+upstream: released (5.13-rc1) [3e9bf43f7f7a46f21ec071cb47be92d0874c48da]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [d5c7b42c9f56ca46b286daa537d181bd7f69214f]
+4.19-upstream-stable: needed
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: needed
diff --git a/active/CVE-2021-47060 b/active/CVE-2021-47060
new file mode 100644
index 00000000..0b96471d
--- /dev/null
+++ b/active/CVE-2021-47060
@@ -0,0 +1,17 @@
+Description: KVM: Stop looking for coalesced MMIO zones if the bus is destroyed
+References:
+Notes:
+ carnil> Introduced in f65886606c2d ("KVM: fix memory leak in
+ carnil> kvm_io_bus_unregister_dev()"). Vulnerable versions: 4.4.238 4.9.238 4.14.200
+ carnil> 4.19.148 5.4.66 5.8.10 5.9-rc5.
+Bugs:
+upstream: released (5.13-rc1) [5d3c4c79384af06e3c8e25b7770b6247496b4417]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [2a20592baff59c5351c5200ec667e1a2aa22af85]
+4.19-upstream-stable: needed
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: needed
diff --git a/active/CVE-2021-47061 b/active/CVE-2021-47061
new file mode 100644
index 00000000..4a466282
--- /dev/null
+++ b/active/CVE-2021-47061
@@ -0,0 +1,17 @@
+Description: KVM: Destroy I/O bus devices on unregister failure _after_ sync'ing SRCU
+References:
+Notes:
+ carnil> Introduced in f65886606c2d ("KVM: fix memory leak in
+ carnil> kvm_io_bus_unregister_dev()"). Vulnerable versions: 4.4.238 4.9.238 4.14.200
+ carnil> 4.19.148 5.4.66 5.8.10 5.9-rc5.
+Bugs:
+upstream: released (5.13-rc1) [2ee3757424be7c1cd1d0bbfa6db29a7edd82a250]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [03c6cccedd3913006744faa252a4da5145299343]
+4.19-upstream-stable: needed
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: needed
diff --git a/active/CVE-2021-47063 b/active/CVE-2021-47063
new file mode 100644
index 00000000..278033b5
--- /dev/null
+++ b/active/CVE-2021-47063
@@ -0,0 +1,16 @@
+Description: drm: bridge/panel: Cleanup connector on bridge detach
+References:
+Notes:
+ carnil> Introduced in 13dfc0540a57 ("drm/bridge: Refactor out the panel wrapper from
+ carnil> the lvds-encoder bridge."). Vulnerable versions: 4.13-rc1.
+Bugs:
+upstream: released (5.13-rc1) [4d906839d321c2efbf3fed4bc31ffd9ff55b75c0]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [ce450934a00cf896e648fde08d0bd1426653d7a2]
+4.19-upstream-stable: needed
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: needed
diff --git a/active/CVE-2021-47070 b/active/CVE-2021-47070
new file mode 100644
index 00000000..f981d4f8
--- /dev/null
+++ b/active/CVE-2021-47070
@@ -0,0 +1,16 @@
+Description: uio_hv_generic: Fix another memory leak in error handling paths
+References:
+Notes:
+ carnil> Introduced in cdfa835c6e5e ("uio_hv_generic: defer opening vmbus until first
+ carnil> use"). Vulnerable versions: 4.20-rc1.
+Bugs:
+upstream: released (5.13-rc3) [0b0226be3a52dadd965644bc52a807961c2c26df]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47074 b/active/CVE-2021-47074
new file mode 100644
index 00000000..1d27421f
--- /dev/null
+++ b/active/CVE-2021-47074
@@ -0,0 +1,16 @@
+Description: nvme-loop: fix memory leak in nvme_loop_create_ctrl()
+References:
+Notes:
+ carnil> Introduced in 3a85a5de29ea ("nvme-loop: add a NVMe loopback host driver").
+ carnil> Vulnerable versions: 4.8-rc1.
+Bugs:
+upstream: released (5.13-rc3) [03504e3b54cc8118cc26c064e60a0b00c2308708]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.40) [9c980795ccd77e8abec33dd6fe28dfe1c4083e65]
+4.19-upstream-stable: needed
+sid: released (5.10.40-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: needed
diff --git a/active/CVE-2021-47076 b/active/CVE-2021-47076
new file mode 100644
index 00000000..e499ec49
--- /dev/null
+++ b/active/CVE-2021-47076
@@ -0,0 +1,15 @@
+Description: RDMA/rxe: Return CQE error if invalid lkey was supplied
+References:
+Notes:
+ carnil> Introduced in 8700e3e7c485 ("Soft RoCE driver"). Vulnerable versions: 4.8-rc1.
+Bugs:
+upstream: released (5.13-rc3) [dc07628bd2bbc1da768e265192c28ebd301f509d]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2021-47077 b/active/CVE-2021-47077
new file mode 100644
index 00000000..b09f72e6
--- /dev/null
+++ b/active/CVE-2021-47077
@@ -0,0 +1,16 @@
+Description: scsi: qedf: Add pointer checks in qedf_update_link_speed()
+References:
+Notes:
+ carnil> Introduced in 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE
+ carnil> driver framework."). Vulnerable versions: 4.11-rc1.
+Bugs:
+upstream: released (5.13-rc3) [73578af92a0fae6609b955fcc9113e50e413c80f]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.40) [a6362a737572f66051deb7637f3f77ddf7a4402f]
+4.19-upstream-stable: needed
+sid: released (5.10.40-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: needed
diff --git a/active/CVE-2021-47083 b/active/CVE-2021-47083
new file mode 100644
index 00000000..1eed9ded
--- /dev/null
+++ b/active/CVE-2021-47083
@@ -0,0 +1,15 @@
+Description: pinctrl: mediatek: fix global-out-of-bounds issue
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.16-rc7) [2d5446da5acecf9c67db1c9d55ae2c3e5de01f8d]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.89) [441d3873664d170982922c5d2fc01fa89d9439ed]
+4.19-upstream-stable: needed
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2021-47094 b/active/CVE-2021-47094
new file mode 100644
index 00000000..e29d23b2
--- /dev/null
+++ b/active/CVE-2021-47094
@@ -0,0 +1,18 @@
+Description: KVM: x86/mmu: Don't advance iterator after restart due to yielding
+References:
+Notes:
+ carnil> Introduced in faaf05b00aec ("kvm: x86/mmu: Support zapping SPTEs in the TDP
+ carnil> MMU")
+ carnil> 1af4a96025b3 ("KVM: x86/mmu: Yield in TDU MMU iter even if no SPTES changed").
+ carnil> Vulnerable versions: 5.10-rc1 5.10.30 5.11.14 5.12-rc1.
+Bugs:
+upstream: released (5.16-rc7) [3a0f64de479cae75effb630a2e0a237ca0d0623c]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47101 b/active/CVE-2021-47101
new file mode 100644
index 00000000..f5cefaa8
--- /dev/null
+++ b/active/CVE-2021-47101
@@ -0,0 +1,16 @@
+Description: asix: fix uninit-value in asix_mdio_read()
+References:
+Notes:
+ carnil> Introduced in d9fe64e51114 ("net: asix: Add in_pm parameter"). Vulnerable
+ carnil> versions: 4.9-rc1.
+Bugs:
+upstream: released (5.16-rc7) [8035b1a2a37a29d8c717ef84fca8fe7278bc9f03]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2021-47105 b/active/CVE-2021-47105
new file mode 100644
index 00000000..286255cd
--- /dev/null
+++ b/active/CVE-2021-47105
@@ -0,0 +1,16 @@
+Description: ice: xsk: return xsk buffers back to pool when cleaning the ring
+References:
+Notes:
+ carnil> Introduced in 2d4238f55697 ("ice: Add support for AF_XDP"). Vulnerable
+ carnil> versions: 5.5-rc1.
+Bugs:
+upstream: released (5.16-rc7) [afe8a3ba85ec2a6b6849367e25c06a2f8e0ddd05]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47110 b/active/CVE-2021-47110
new file mode 100644
index 00000000..50bfadd1
--- /dev/null
+++ b/active/CVE-2021-47110
@@ -0,0 +1,15 @@
+Description: x86/kvm: Disable kvmclock on all CPUs on shutdown
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.13-rc2) [c02027b5742b5aa804ef08a4a9db433295533046]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [3b0becf8b1ecf642a9edaf4c9628ffc641e490d6]
+4.19-upstream-stable: needed
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: needed
diff --git a/active/CVE-2021-47112 b/active/CVE-2021-47112
new file mode 100644
index 00000000..ddfb141c
--- /dev/null
+++ b/active/CVE-2021-47112
@@ -0,0 +1,15 @@
+Description: x86/kvm: Teardown PV features on boot CPU as well
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.13-rc2) [8b79feffeca28c5459458fe78676b081e87c93a4]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [38b858da1c58ad46519a257764e059e663b59ff2]
+4.19-upstream-stable: needed
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: needed
diff --git a/active/CVE-2021-47113 b/active/CVE-2021-47113
new file mode 100644
index 00000000..d5bccfcb
--- /dev/null
+++ b/active/CVE-2021-47113
@@ -0,0 +1,15 @@
+Description: btrfs: abort in rename_exchange if we fail to insert the second ref
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.13-rc5) [dc09ef3562726cd520c8338c1640872a60187af5]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [0df50d47d17401f9f140dfbe752a65e5d72f9932]
+4.19-upstream-stable: needed
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: needed
diff --git a/active/CVE-2021-47116 b/active/CVE-2021-47116
new file mode 100644
index 00000000..a86673f5
--- /dev/null
+++ b/active/CVE-2021-47116
@@ -0,0 +1,15 @@
+Description: ext4: fix memory leak in ext4_mb_init_backend on error path.
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.13-rc5) [a8867f4e3809050571c98de7a2d465aff5e4daf5]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [2050c6e5b161e5e25ce3c420fef58b24fa388a49]
+4.19-upstream-stable: needed
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: needed
diff --git a/active/CVE-2021-47119 b/active/CVE-2021-47119
new file mode 100644
index 00000000..7095baff
--- /dev/null
+++ b/active/CVE-2021-47119
@@ -0,0 +1,18 @@
+Description: ext4: fix memory leak in ext4_fill_super
+References:
+Notes:
+ carnil> Introduced in ce40733ce93d ("ext4: Check for return value from
+ carnil> sb_set_blocksize")
+ carnil> ac27a0ec112a ("ext4: initial copy of files from ext3"). Vulnerable versions:
+ carnil> 2.6.19-rc2 2.6.25-rc1.
+Bugs:
+upstream: released (5.13-rc5) [afd09b617db3786b6ef3dc43e28fe728cfea84df]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [01d349a481f0591230300a9171330136f9159bcd]
+4.19-upstream-stable: needed
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: needed
diff --git a/active/CVE-2021-47131 b/active/CVE-2021-47131
new file mode 100644
index 00000000..15370f22
--- /dev/null
+++ b/active/CVE-2021-47131
@@ -0,0 +1,16 @@
+Description: net/tls: Fix use-after-free after the TLS device goes down and up
+References:
+Notes:
+ carnil> Introduced in e8f69799810c ("net/tls: Add generic NIC offload infrastructure").
+ carnil> Vulnerable versions: 4.18-rc1.
+Bugs:
+upstream: released (5.13-rc5) [c55dcdd435aa6c6ad6ccac0a4c636d010ee367a4]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [f1d4184f128dede82a59a841658ed40d4e6d3aa2]
+4.19-upstream-stable: needed
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: needed
diff --git a/active/CVE-2021-47143 b/active/CVE-2021-47143
new file mode 100644
index 00000000..c4627432
--- /dev/null
+++ b/active/CVE-2021-47143
@@ -0,0 +1,16 @@
+Description: net/smc: remove device from smcd_dev_list after failed device_add()
+References:
+Notes:
+ carnil> Introduced in c6ba7c9ba43d ("net/smc: add base infrastructure for SMC-D and
+ carnil> ISM"). Vulnerable versions: 4.19-rc1.
+Bugs:
+upstream: released (5.13-rc4) [444d7be9532dcfda8e0385226c862fd7e986f607]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [8b2cdc004d21a7255f219706dca64411108f7897]
+4.19-upstream-stable: needed
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2021-47163 b/active/CVE-2021-47163
new file mode 100644
index 00000000..47c51c9a
--- /dev/null
+++ b/active/CVE-2021-47163
@@ -0,0 +1,16 @@
+Description: tipc: wait and exit until all work queues are done
+References:
+Notes:
+ carnil> Introduced in d0f91938bede ("tipc: add ip/udp media type"). Vulnerable
+ carnil> versions: 4.1-rc1.
+Bugs:
+upstream: released (5.13-rc4) [04c26faa51d1e2fe71cf13c45791f5174c37f986]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [5195ec5e365a2a9331bfeb585b613a6e94f98dba]
+4.19-upstream-stable: needed
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2021-47167 b/active/CVE-2021-47167
new file mode 100644
index 00000000..0ed3fc82
--- /dev/null
+++ b/active/CVE-2021-47167
@@ -0,0 +1,16 @@
+Description: NFS: Fix an Oopsable condition in __nfs_pageio_add_request()
+References:
+Notes:
+ carnil> Introduced in a7d42ddb3099 ("nfs: add mirroring support to pgio layer").
+ carnil> Vulnerable versions: 4.0-rc1 4.1.52 4.4.124 4.9.90.
+Bugs:
+upstream: released (5.13-rc4) [56517ab958b7c11030e626250c00b9b1a24b41eb]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [ee21cd3aa8548e0cbc8c67a80b62113aedd2d101]
+4.19-upstream-stable: needed
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2021-47178 b/active/CVE-2021-47178
new file mode 100644
index 00000000..3a0a73ff
--- /dev/null
+++ b/active/CVE-2021-47178
@@ -0,0 +1,20 @@
+Description: scsi: target: core: Avoid smp_processor_id() in preemptible code
+References:
+Notes:
+ carnil> Introduced in 1526d9f10c61 ("scsi: target: Make state_list per CPU").
+ carnil> Vulnerable versions: 5.10.180 5.11-rc1.
+ carnil> Technically N/A for sid branch as no released version in unstable
+ carnil> was ever affected. But the issue was backported in the 5.10.y series.
+ carnil> As wokraround for the security-tracker import mark the unstable
+ carnil> 5.14.6-1 as the fixed one.
+Bugs:
+upstream: released (5.13-rc4) [70ca3c57ff914113f681e657634f7fbfa68e1ad1]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2022-0400 b/active/CVE-2022-0400
new file mode 100644
index 00000000..adc5c1d3
--- /dev/null
+++ b/active/CVE-2022-0400
@@ -0,0 +1,20 @@
+Description: Out of bounds read in the smc protocol stack
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2044575
+ https://bugzilla.redhat.com/show_bug.cgi?id=2040604
+ https://bugzilla.suse.com/show_bug.cgi?id=1195329
+Notes:
+ bwh> The smc protocol was added in 4.11.
+ carnil> SUSE folks suspect this is actually a non-issue, see
+ carnil> https://bugzilla.suse.com/show_bug.cgi?id=1195329#c7
+Bugs:
+upstream:
+6.1-upstream-stable:
+5.10-upstream-stable:
+4.19-upstream-stable:
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid:
+6.1-bookworm-security:
+5.10-bullseye-security:
+4.19-buster-security:
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2022-0500 b/active/CVE-2022-0500
new file mode 100644
index 00000000..e0dc9885
--- /dev/null
+++ b/active/CVE-2022-0500
@@ -0,0 +1,33 @@
+Description:
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2044578
+ https://access.redhat.com/security/cve/CVE-2022-0500
+Notes:
+ carnil> As of 2022-02-21 the RH bugzilla entry does not contain enough
+ carnil> information to determine which commit(s) in 5.17-rc1 are meant
+ carnil> to address the issue.
+ carnil> Fixed as well in 5.16.11 for 5.16.y.
+ carnil> Additionally we need to clarify the scope of CVE-2022-0500. The
+ carnil> list of commits cover as well
+ carnil> c25b2ae136039ffa820c26138ed4a5e5f3ab3841 which for older
+ carnil> version addressed "bpf: Fix out of bounds access from invalid
+ carnil> *_or_null type verification".
+ carnil> https://bugzilla.redhat.com/show_bug.cgi?id=2044578#c13 is
+ carnil> unaswered yet (as of 2022-02-23).
+ carnil> https://lore.kernel.org/stable/20220216225209.2196865-1-haoluo@google.com/
+ carnil> The fix for the specific CVE is patch 7/9 "bpf: Make
+ carnil> per_cpu_ptr return rdonly PTR_TO_MEM".
+ bwh> Commit 34d3a78c681 references several commits from 5.10 as
+ bwh> being fixed, so branches based on 5.10 are affected and older
+ bwh> branches are probably not.
+Bugs:
+upstream: released (5.17-rc1) [d639b9d13a39cf15639cbe6e8b2c43eb60148a73, 48946bd6a5d695c50b34546864b79c1f910a33c1, 3c4807322660d4290ac9062c034aed6b87243861, c25b2ae136039ffa820c26138ed4a5e5f3ab3841, 20b2aff4bc15bda809f994761d5719827d66c0b4, cf9f2f8d62eca810afbd1ee6cc0800202b000e57, 34d3a78c681e8e7844b43d1a2f4671a04249c821]
+6.1-upstream-stable: N/A "Fixed before branch point"
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.16.10-1) [bugfix/all/bpf-introduce-composable-reg-ret-and-arg-types.patch, bugfix/all/bpf-replace-arg_xxx_or_null-with-arg_xxx-ptr_maybe_null.patch, bugfix/all/bpf-replace-ret_xxx_or_null-with-ret_xxx-ptr_maybe_null.patch, bugfix/all/bpf-replace-ptr_to_xxx_or_null-with-ptr_to_xxx-ptr_maybe_null.patch, bugfix/all/bpf-introduce-mem_rdonly-flag.patch, bugfix/all/bpf-convert-ptr_to_mem_or_null-to-composable-types.patch, bugfix/all/bpf-make-per_cpu_ptr-return-rdonly-ptr_to_mem.patch]
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2022-1184 b/active/CVE-2022-1184
new file mode 100644
index 00000000..9e298aae
--- /dev/null
+++ b/active/CVE-2022-1184
@@ -0,0 +1,29 @@
+Description: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2070205
+ https://lore.kernel.org/linux-ext4/20220428180355.15209-1-jack@suse.cz/T/#t
+ https://bugzilla.suse.com/show_bug.cgi?id=1198577
+Notes:
+ carnil> Fixed as well in 5.17.14 for 5.17.y, 5.18.3 for 5.18.y.
+ carnil> Ben, pelase double check if you agree on the triage. It is
+ carnil> based on the additional information provided in the SUSE
+ carnil> bugzilla.
+ carnil> Turns out that 46c116b920eb ("ext4: verify dir block before
+ carnil> splitting it") and 3ba733f879c2 ("ext4: avoid cycles in
+ carnil> directory h-tree") are not the upstream fixes, but according to
+ carnil> Lukas Czerner the following is needed:
+ carnil> 65f8ea4cd57d ("ext4: check if directory block is within
+ carnil> i_size") to fix the CVE and additional as defensive measure
+ carnil> b8a04fe77ef1 ("ext4: make sure ext4_append() always allocates
+ carnil> new block").
+ carnil> Fixed as well in 5.18.18 for 5.18.y and in 5.19.2 for 5.19.y.
+ carnil> Second commit in 6.0.3 for 6.0.y.
+Bugs:
+upstream: released (6.0-rc1) [65f8ea4cd57dbd46ea13b41dc8bac03176b04233], released (6.1-rc1) [61a1d87a324ad5e3ed27c6699dfc93218fcf3201]
+6.1-upstream-stable: N/A "Fixed before branch point"
+5.10-upstream-stable: released (5.10.137) [1571c4613059fce2a02508bb8206af75e24c0d58], released (5.10.150) [483831ad0440f62c10d1707c97ce824bd82d98ae]
+4.19-upstream-stable: needed
+sid: released (5.19.6-1), released (6.0.3-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.140-1), released (5.10.148-1) [bugfix/all/ext4-fix-check-for-block-being-out-of-directory-size.patch]
+4.19-buster-security: needed
diff --git a/active/CVE-2022-1247 b/active/CVE-2022-1247
new file mode 100644
index 00000000..3655c33e
--- /dev/null
+++ b/active/CVE-2022-1247
@@ -0,0 +1,20 @@
+Description: rose: Race condition leads to use-after-free
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2066799
+ https://bugzilla.suse.com/show_bug.cgi?id=1199434#c7
+Notes:
+ bwh> I'm assuming all branches are affected because I don't see any
+ bwh> locking changes since 4.9.
+ bwh> In bullseye and newer releases this is mitigated because we
+ bwh> disabled auto-loading of the rose module.
+Bugs:
+upstream: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+4.9-upstream-stable: ignored "EOL"
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
+4.9-stretch-security: ignored "EOL"
diff --git a/active/CVE-2022-1280 b/active/CVE-2022-1280
new file mode 100644
index 00000000..cf61c845
--- /dev/null
+++ b/active/CVE-2022-1280
@@ -0,0 +1,26 @@
+Description: concurrency use-after-free between drm_setmaster_ioctl and drm_mode_getresources
+References:
+ https://www.openwall.com/lists/oss-security/2022/04/12/3
+ https://bugzilla.redhat.com/show_bug.cgi?id=2071022
+ https://bugzilla.suse.com/show_bug.cgi?id=1197914
+ https://www.openwall.com/lists/oss-security/2022/04/12/4
+Notes:
+ carnil> Not a problem on 5.15.y and newer, but the list of commits need
+ carnil> to be isolated yet.
+ carnil> Is the main fix 56f0729a510f ("drm: protect drm_master pointers
+ carnil> in drm_lease.c")? Situation though is not very clear and what
+ carnil> exactly is needed.
+ bwh> I think most of these are fixing similar races even if some are not
+ bwh> needed for the specific race in the description. I don't think it
+ bwh> makes any sense to backport them selectively.
+Bugs:
+upstream: released (5.13-rc6) [b436acd1cf7fac0ba987abd22955d98025c80c2b, c336a5ee984708db4826ef9e47d184e638e29717], released (5.15-rc1) [869e76f7a918f010bd4518d58886969b1f642a04, 5eff9585de220cdd131237f5665db5e6c6bdf590, 1f7ef07cfa14fb8557d1f1b7a14c76926142a4fb, 0b0860a3cf5eccf183760b1177a1dcdb821b0b66, 56f0729a510f92151682ff6c89f69724d5595d6e, 28be2405fb753927e18bc1a891617a430b2a0684, 2bc5da528dd570c5ecabc107e6fbdbc55974276f]
+6.1-upstream-stable: N/A "Fixed before branch point"
+5.10-upstream-stable: released (5.10.44) [491d52e0078860b33b6c14f0a7ac74ca1b603bd6, aa8591a58cbd2986090709e4202881f18e8ae30e], released (5.10.67) [54e51d288b38377e8cd645a83e1ad08cc9d20ccc, 06a553a99bacb00d3bc25f79e75c8e0fbf7a5025, 34609faad0c9f9f08d4b59d25c94b78bf5710d93, d6c91423993e8164ca4162ff046c6437bbd75b53]
+4.19-upstream-stable: released (4.19.195) [7d233ba700ceb593905ea82b42dadb4ec8ef85e9, a376f7e66b654cb290fa9d16d8dab5bfef744463], needed
+4.9-upstream-stable: released (4.9.273) [8e250a134c8fe2a945d10b421d0ccb54e85d8683], needed
+sid: released (5.15.3-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: needed
+4.19-buster-security: needed
+4.9-stretch-security: ignored "EOL"
diff --git a/active/CVE-2022-27672 b/active/CVE-2022-27672
new file mode 100644
index 00000000..a280e2f4
--- /dev/null
+++ b/active/CVE-2022-27672
@@ -0,0 +1,13 @@
+Description: Cross-Thread Return Address Predictions
+References:
+ https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1045
+Notes:
+Bugs:
+upstream: released (6.2) [be8de49bea505e7777a69ef63d60e02ac1712683, 6f0f2d5ef895d66a3f2b32dd05189ec34afa5a55, 493a2c2d23ca91afba96ac32b6cbafb54382c2a3]
+6.1-upstream-stable: released (6.1.12) [cc95b5d240b631e42e2863e1dcb6ad83920cc449, 40c4fdfc942e0c93054884546bf785fe24c6831e, da1ae884562cc22e2705113cc39712477e37ab4e]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.1.12-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2022-2961 b/active/CVE-2022-2961
new file mode 100644
index 00000000..893336ef
--- /dev/null
+++ b/active/CVE-2022-2961
@@ -0,0 +1,23 @@
+Description: race condition in rose_bind()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2120595
+Notes:
+ carnil> Possible fix is 2df91e397d85 ("net: rose: add netdev ref
+ carnil> tracker to 'struct rose_sock'") but as of 2022-08-30 no
+ carnil> clarification in RHBZ#2120595.
+ bwh> This is not fixed by commit 2df91e397d85. The problem is that
+ bwh> rose_bind() doesn't prevent two concurrent bind calls on the same
+ bwh> socket from succeeding. It checks that the SOCK_ZAPPED flag is set
+ bwh> at the top, and clears it at the bottom, leaving a race condition
+ bwh> between those bit operations.
+ bwh> In bullseye and newer releases this is mitigated because we
+ bwh> disabled auto-loading of the rose module.
+Bugs:
+upstream: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2022-3061 b/active/CVE-2022-3061
new file mode 100644
index 00000000..eb924d92
--- /dev/null
+++ b/active/CVE-2022-3061
@@ -0,0 +1,14 @@
+Description: video: fbdev: i740fb: Error out if 'pixclock' equals zero
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2122526
+Notes:
+ carnil> "Intel740 support" not built in Debian (CONFIG_FB_I740)
+Bugs:
+upstream: released (5.18-rc5) [15cf0b82271b1823fb02ab8c377badba614d95d5]
+6.1-upstream-stable: N/A "Fixed before branch point"
+5.10-upstream-stable: released (5.10.145) [e00582a36198888ffe91ed6b097d86556c8bb253]
+4.19-upstream-stable: needed
+sid: released (5.18.2-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2022-3108 b/active/CVE-2022-3108
new file mode 100644
index 00000000..433bc8f5
--- /dev/null
+++ b/active/CVE-2022-3108
@@ -0,0 +1,15 @@
+Description: drm/amdkfd: Check for null pointer after calling kmemdup
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2153052
+Notes:
+ bwh> Introduced in 4.16 by commit 3a87177eb141 "drm/amdkfd: Add topology
+ bwh> support for dGPUs".
+Bugs:
+upstream: released (5.17-rc1) [abfaf0eee97925905e742aa3b0b72e04a918fa9e]
+6.1-upstream-stable: N/A "Fixed before branch point"
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (5.16.7-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2022-3114 b/active/CVE-2022-3114
new file mode 100644
index 00000000..68a71fcd
--- /dev/null
+++ b/active/CVE-2022-3114
@@ -0,0 +1,15 @@
+Description: clk: imx: Add check for kcalloc
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2153054
+Notes:
+ carnil> Commit fixes 379c9a24cc23 ("clk: imx: Fix reparenting of UARTs not
+associated with stdout") in 5.13-rc1, which got backported to 5.10.37 as well.
+Bugs:
+upstream: released (5.19-rc1) [ed713e2bc093239ccd380c2ce8ae9e4162f5c037]
+6.1-upstream-stable: N/A "Fixed before branch point"
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.19.6-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2022-3115 b/active/CVE-2022-3115
new file mode 100644
index 00000000..1ca6bcad
--- /dev/null
+++ b/active/CVE-2022-3115
@@ -0,0 +1,15 @@
+Description: drm: mali-dp: potential dereference of null pointer
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2153058
+Notes:
+ bwh> Introduced in 4.12 by commit 99665d072183 "drm: mali-dp: add
+ bwh> malidp_crtc_state struct".
+Bugs:
+upstream: released (5.19-rc1) [73c3ed7495c67b8fbdc31cf58e6ca8757df31a33]
+6.1-upstream-stable: N/A "Fixed before branch point"
+5.10-upstream-stable: released (5.10.121) [b4c7dd0037e6aeecad9b947b30f0d9eaeda11762]
+4.19-upstream-stable: needed
+sid: released (5.18.5-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.127-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2022-3169 b/active/CVE-2022-3169
new file mode 100644
index 00000000..8e2bfc28
--- /dev/null
+++ b/active/CVE-2022-3169
@@ -0,0 +1,19 @@
+Description: Request to NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET may cause a DOS
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2125341
+ https://bugzilla.kernel.org/show_bug.cgi?id=214771
+Notes:
+ carnil> Is 23e085b2dead ("nvme: restrict management ioctls to admin")
+ carnil> as well part of the fixes needed (is the preceeding commit to
+ carnil> 1e866afd4bcd ("nvme: ensure subsystem reset is single
+ carnil> threaded"))?
+ carnil> Fixed as well in 6.0.10 for 6.10.y.
+Bugs:
+upstream: released (6.1-rc1) [1e866afd4bcdd01a70a5eddb4371158d3035ce03]
+6.1-upstream-stable: N/A "Fixed before branch point"
+5.10-upstream-stable: released (5.10.156) [023435a095d22bcbbaeea7e3a8c534b5c57d0d82]
+4.19-upstream-stable: needed
+sid: released (6.0.10-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.158-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2022-3238 b/active/CVE-2022-3238
new file mode 100644
index 00000000..08a33265
--- /dev/null
+++ b/active/CVE-2022-3238
@@ -0,0 +1,14 @@
+Description: ntfs3 local privledge escalation if NTFS character set and remount and umount called simultaneously
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2127927
+Notes:
+ carnil> NTFS3 driver not enabled in Debian.
+Bugs:
+upstream: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2022-3303 b/active/CVE-2022-3303
new file mode 100644
index 00000000..67dcf06d
--- /dev/null
+++ b/active/CVE-2022-3303
@@ -0,0 +1,14 @@
+Description: ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2129859
+ https://lore.kernel.org/all/CAFcO6XN7JDM4xSXGhtusQfS2mSBcx50VJKwQpCq=WeLt57aaZA@mail.gmail.com/
+Notes:
+Bugs:
+upstream: released (6.0-rc5) [8423f0b6d513b259fdab9c9bf4aaa6188d054c2d]
+6.1-upstream-stable: N/A "Fixed before branch point"
+5.10-upstream-stable: released (5.10.148) [fce793a056c604b41a298317cf704dae255f1b36]
+4.19-upstream-stable: needed
+sid: released (5.19.11-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2022-3344 b/active/CVE-2022-3344
new file mode 100644
index 00000000..33f55da2
--- /dev/null
+++ b/active/CVE-2022-3344
@@ -0,0 +1,21 @@
+Description: KVM: SVM: nested shutdown interception could lead to host crash
+References:
+ https://lore.kernel.org/lkml/20221020093055.224317-5-mlevitsk@redhat.com/T/
+ https://bugzilla.redhat.com/show_bug.cgi?id=2130278
+ https://lore.kernel.org/lkml/20221103141351.50662-1-mlevitsk@redhat.com/
+ https://lore.kernel.org/lkml/20221103141351.50662-3-mlevitsk@redhat.com/
+Notes:
+ carnil> Fixed as well in 6.0.11 for 6.0.y.
+ bwh> The first two fixes seem to be needed only after commit 2fcf4876ada8
+ bwh> "KVM: nSVM: implement on demand allocation of the nested state" in
+ bwh> 5.10. The last two are probably needed for 4.19 as well, though
+ bwh> backporting them doesn't look straightforward.
+Bugs:
+upstream: released (6.1-rc7) [917401f26a6af5756d89b550a8e1bd50cf42b07e, 16ae56d7e0528559bf8dc9070e3bfd8ba3de80df, f9697df251438b0798780900e8b43bdb12a56d64, ed129ec9057f89d615ba0c81a4984a90345a1684]
+6.1-upstream-stable: N/A "Fixed before branch point"
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.0.12-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2022-3523 b/active/CVE-2022-3523
new file mode 100644
index 00000000..c9ad6cd6
--- /dev/null
+++ b/active/CVE-2022-3523
@@ -0,0 +1,15 @@
+Description: mm/memory.c: fix race when faulting a device private page
+References:
+Notes:
+ bwh> This bug seems to be present in 4.19, though the affected code
+ bwh> has changed a fair bit and the upstream fix won't be easy to
+ bwh> backport.
+Bugs:
+upstream: released (6.1-rc1) [16ce101db85db694a91380aa4c89b25530871d33]
+6.1-upstream-stable: N/A "Fixed before branch point"
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.1.4-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2022-3566 b/active/CVE-2022-3566
new file mode 100644
index 00000000..cc29eecb
--- /dev/null
+++ b/active/CVE-2022-3566
@@ -0,0 +1,12 @@
+Description: tcp: Fix data races around icsk->icsk_af_ops.
+References:
+Notes:
+Bugs:
+upstream: released (6.1-rc1) [f49cd2f4d6170d27a2c61f1fecb03d8a70c91f57]
+6.1-upstream-stable: N/A "Fixed before branch point"
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.1.4-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2022-3567 b/active/CVE-2022-3567
new file mode 100644
index 00000000..8141dbd8
--- /dev/null
+++ b/active/CVE-2022-3567
@@ -0,0 +1,12 @@
+Description: ipv6: Fix data races around sk->sk_prot.
+References:
+Notes:
+Bugs:
+upstream: released (6.1-rc1) [364f997b5cfe1db0d63a390fe7c801fa2b3115f6]
+6.1-upstream-stable: N/A "Fixed before branch point"
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.1.4-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2022-38457 b/active/CVE-2022-38457
new file mode 100644
index 00000000..ac7a71a6
--- /dev/null
+++ b/active/CVE-2022-38457
@@ -0,0 +1,17 @@
+Description: UAF vulnerability in vmwgfx driver
+References:
+ https://bugzilla.openanolis.cn/show_bug.cgi?id=2074
+Notes:
+ bwh> Probably introduced in 4.20 by commit e8c66efbfe3a "drm/vmwgfx: Make
+ bwh> user resource lookups reference-free during validation".
+ carnil> According to Zack Rusin fixed conceptually via a309c7194e8a
+ carnil> ("drm/vmwgfx: Remove rcu locks from user resources")
+Bugs:
+upstream: released (6.2-rc4) [a309c7194e8a2f8bd4539b9449917913f6c2cd50]
+6.1-upstream-stable: released (6.1.7) [7ac9578e45b20e3f3c0c8eb71f5417a499a7226a]
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.1.7-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2022-3903 b/active/CVE-2022-3903
new file mode 100644
index 00000000..476d2ff3
--- /dev/null
+++ b/active/CVE-2022-3903
@@ -0,0 +1,20 @@
+Description: An invalid pipe direction in the mceusb driver cause the kernel to DOS
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2140985
+ https://lore.kernel.org/all/CAB7eexLLApHJwZfMQ=X-PtRhw0BgO+5KcSMS05FNUYejJXqtSA@mail.gmail.com/
+ https://lore.kernel.org/all/E1obysd-009Grw-He@www.linuxtv.org/
+Notes:
+ carnil> Apparently the fix was already done in 6.0-rc4 with 608e58a0f461
+ carnil> ("media: mceusb: Use new usb_control_msg_*() routines") but
+ carnil> then changes lost and redone in 6.1-rc2. The former was
+ carnil> backported to various stable series. I'm not sure what happened
+ carnil> here.
+Bugs:
+upstream: released (6.1-rc2) [41fd1cb6151439b205ac7611883d85ae14250172]
+6.1-upstream-stable: N/A "Fixed before branch point"
+5.10-upstream-stable: released (5.10.142) [587f793c64d99d92be8ef01c4c69d885a3f2edb6]
+4.19-upstream-stable: needed
+sid: released (5.19.11-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2022-39189 b/active/CVE-2022-39189
new file mode 100644
index 00000000..22ea73e7
--- /dev/null
+++ b/active/CVE-2022-39189
@@ -0,0 +1,14 @@
+Description: KVM instruction emulation doesn't clear KVM_VCPU_PREEMPTED, breaking guest's TLB flushing
+References:
+ https://bugs.chromium.org/p/project-zero/issues/detail?id=2309
+Notes:
+ carnil> Fixed as well in 5.18.17 for 5.18.y.
+Bugs:
+upstream: released (5.19-rc2) [6cd88243c7e03845a450795e134b488fc2afb736]
+6.1-upstream-stable: N/A "Fixed before branch point"
+5.10-upstream-stable: released (5.10.180) [529f41f0eb1ef995bfa83c121c3cfe3a0720119a]
+4.19-upstream-stable: needed
+sid: released (5.19.6-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2022-40133 b/active/CVE-2022-40133
new file mode 100644
index 00000000..69bd0ee2
--- /dev/null
+++ b/active/CVE-2022-40133
@@ -0,0 +1,17 @@
+Description: UAF vulnerability in vmwgfx driver
+References:
+ https://bugzilla.openanolis.cn/show_bug.cgi?id=2075
+Notes:
+ bwh> Probably introduced in 4.20 by commit e8c66efbfe3a "drm/vmwgfx: Make
+ bwh> user resource lookups reference-free during validation".
+ carnil> According to Zack Rusin fixed conceptually via a309c7194e8a
+ carnil> ("drm/vmwgfx: Remove rcu locks from user resources")
+Bugs:
+upstream: released (6.2-rc4) [a309c7194e8a2f8bd4539b9449917913f6c2cd50]
+6.1-upstream-stable: released (6.1.7) [7ac9578e45b20e3f3c0c8eb71f5417a499a7226a]
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.1.7-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2022-4129 b/active/CVE-2022-4129
new file mode 100644
index 00000000..23894321
--- /dev/null
+++ b/active/CVE-2022-4129
@@ -0,0 +1,17 @@
+Description: l2tp: missing lock when clearing sk_user_data can lead to NULL pointer dereference
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2134528
+ https://lore.kernel.org/all/20220810102848.282778-1-jakub@cloudflare.com/t
+ https://lore.kernel.org/all/20220815130107.149345-1-jakub@cloudflare.com/t
+ https://lore.kernel.org/all/20220823101459.211986-1-jakub@cloudflare.com/t
+ https://lore.kernel.org/all/20221114191619.124659-1-jakub@cloudflare.com/t
+Notes:
+Bugs:
+upstream: released (6.1-rc6) [b68777d54fac21fc833ec26ea1a2a84f975ab035], released (6.1-rc7) [af295e854a4e3813ffbdef26dbb6a4d6226c3ea1]
+6.1-upstream-stable: N/A "Fixed before branch point"
+5.10-upstream-stable: released (5.10.166) [e34a965f771f1977f172593c73e373036c765724, 5b209b8c99d487a1c32983981bf3552980fda591]
+4.19-upstream-stable: needed
+sid: released (6.1.4-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2022-4269 b/active/CVE-2022-4269
new file mode 100644
index 00000000..0b99e354
--- /dev/null
+++ b/active/CVE-2022-4269
@@ -0,0 +1,15 @@
+Description: kernel: net: CPU soft lockup in TC mirred egress-to-ingress action
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2150272
+ https://lore.kernel.org/netdev/33dc43f587ec1388ba456b4915c75f02a8aae226.1663945716.git.dcaratti@redhat.com/
+ https://lore.kernel.org/stable/20230516190040.636627-1-dragos.panait@windriver.com/
+Notes:
+Bugs:
+upstream: released (6.3-rc1) [ca22da2fbd693b54dc8e3b7b54ccc9f7e9ba3640]
+6.1-upstream-stable: released (6.1.22) [4c8fc3fe28e47e2a495444347375f7354c24b018]
+5.10-upstream-stable: released (5.10.181) [53245103786312f21fb9785327a4367cf10f0dbb]
+4.19-upstream-stable: needed
+sid: released (6.1.20-2) [bugfix/all/act_mirred-use-the-backlog-for-nested-calls-to-mirre.patch]
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2022-4382 b/active/CVE-2022-4382
new file mode 100644
index 00000000..2d800a8e
--- /dev/null
+++ b/active/CVE-2022-4382
@@ -0,0 +1,14 @@
+Description: usb: A use-after-free Write in put_dev
+References:
+ https://www.openwall.com/lists/oss-security/2022/12/13/1
+ https://lore.kernel.org/linux-usb/Y5dV11OoM3ojxNHy@rowland.harvard.edu/
+Notes:
+Bugs:
+upstream: released (6.2-rc5) [d18dcfe9860e842f394e37ba01ca9440ab2178f4]
+6.1-upstream-stable: released (6.1.8) [616fd34d017000ecf9097368b13d8a266f4920b3]
+5.10-upstream-stable: released (5.10.165) [856e4b5e53f21edbd15d275dde62228dd94fb2b4]
+4.19-upstream-stable: needed
+sid: released (6.1.8-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2022-43945 b/active/CVE-2022-43945
new file mode 100644
index 00000000..d68f02ac
--- /dev/null
+++ b/active/CVE-2022-43945
@@ -0,0 +1,20 @@
+Description: nfsd: Buffer overflows in READ/READDIR send buffers
+References:
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f90497a16e434c2211c66e3de8e77b17868382b8
+ https://lore.kernel.org/linux-nfs/B00F6DD5-8215-457B-A681-39D7A64B7668@oracle.com/
+ https://lore.kernel.org/linux-nfs/Y8vyFuQ0UdiiEJRw@eldamar.lan/T/#t
+Notes:
+ carnil> Fixed in 5.19.17 for 5.19.y and in 6.0.3 for 6.0.y.
+ bwh> The affected code was changed in 5.12, 5.13, and 5.15.
+ bwh> It's not yet clear to me whether earlier versions are also
+ bwh> affected.
+ jmm> Per Neil Brown's comment at https://bugzilla.suse.com/show_bug.cgi?id=1205128#c4 older kernels are also affected
+Bugs:
+upstream: released (6.1-rc1) [00b4492686e0497fdb924a9d4c8f6f99377e176c, 640f87c190e0d1b2a0fcb2ecf6d2cd53b1c41991, 401bc1f90874280a80b93f23be33a0e7e2d1f912, fa6be9cc6e80ec79892ddf08a8c10cabab9baf38]
+6.1-upstream-stable: N/A "Fixed before branch point"
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.0.3-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2022-44034 b/active/CVE-2022-44034
new file mode 100644
index 00000000..923fd0c1
--- /dev/null
+++ b/active/CVE-2022-44034
@@ -0,0 +1,15 @@
+Description: char: pcmcia: scr24x_cs: Fix use-after-free in scr24x_fops
+References:
+ https://lore.kernel.org/lkml/20220916050333.GA188358@ubuntu/
+ https://lore.kernel.org/lkml/20220919101825.GA313940@ubuntu/
+Notes:
+ carnil> Fixed in 6.4-rc1 by removing the driver.
+Bugs:
+upstream: released (6.4-rc1) [9b12f050c76f090cc6d0aebe0ef76fed79ec3f15]
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.4.4-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2022-4543 b/active/CVE-2022-4543
new file mode 100644
index 00000000..fe38a8b1
--- /dev/null
+++ b/active/CVE-2022-4543
@@ -0,0 +1,14 @@
+Description: KASLR Leakage Achievable even with KPTI through Prefetch Side-Channel
+References:
+ https://www.openwall.com/lists/oss-security/2022/12/16/3
+ https://www.willsroot.io/2022/12/entrybleed.html
+Notes:
+Bugs:
+upstream:
+6.1-upstream-stable:
+5.10-upstream-stable:
+4.19-upstream-stable:
+sid:
+6.1-bookworm-security:
+5.10-bullseye-security:
+4.19-buster-security:
diff --git a/active/CVE-2022-47518 b/active/CVE-2022-47518
new file mode 100644
index 00000000..72a96c9c
--- /dev/null
+++ b/active/CVE-2022-47518
@@ -0,0 +1,15 @@
+Description: wifi: wilc1000: validate number of channels
+References:
+ https://lore.kernel.org/r/20221123153543.8568-5-philipturnbull@github.com
+Notes:
+ bwh> In 4.19 the vulnerable function is in
+ bwh> drivers/staging/wilc1000/wilc_wfi_cfgoperations.c.
+Bugs:
+upstream: released (6.1-rc8) [0cdfa9e6f0915e3d243e2393bfa8a22e12d553b0]
+6.1-upstream-stable: N/A "Fixed before branch point"
+5.10-upstream-stable: released (5.10.157) [3eb6b89a4e9f9e44c3170d70d8d16c3c8dc8c800]
+4.19-upstream-stable: needed
+sid: released (6.0.12-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.158-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2022-47519 b/active/CVE-2022-47519
new file mode 100644
index 00000000..1ab28067
--- /dev/null
+++ b/active/CVE-2022-47519
@@ -0,0 +1,15 @@
+Description: wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute
+References:
+ https://lore.kernel.org/r/20221123153543.8568-3-philipturnbull@github.com
+Notes:
+ bwh> In 4.19 the vulnerable function is in
+ bwh> drivers/staging/wilc1000/wilc_wfi_cfgoperations.c.
+Bugs:
+upstream: released (6.1-rc8) [051ae669e4505abbe05165bebf6be7922de11f41]
+6.1-upstream-stable: N/A "Fixed before branch point"
+5.10-upstream-stable: released (5.10.157) [905f886eae4b065656a575e8a02544045cbaadcf]
+4.19-upstream-stable: needed
+sid: released (6.0.12-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.158-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2022-47520 b/active/CVE-2022-47520
new file mode 100644
index 00000000..8299d840
--- /dev/null
+++ b/active/CVE-2022-47520
@@ -0,0 +1,18 @@
+Description: wifi: wilc1000: validate pairwise and authentication suite offsets
+References:
+ https://lore.kernel.org/r/20221123153543.8568-2-philipturnbull@github.com
+Notes:
+ bwh> The RSN parsing code was significantly refactored after 4.19 by
+ bwh> commit 4e0b0f42c9c7 "staging: wilc1000: use struct to pack join
+ bwh> parameters for FW, but I suspect it already had this bug.
+ bwh> The vulnerable function would be in
+ bwh> drivers/staging/wilc1000/host_interface.c
+Bugs:
+upstream: released (6.1-rc8) [cd21d99e595ec1d8721e1058dcdd4f1f7de1d793]
+6.1-upstream-stable: N/A "Fixed before branch point"
+5.10-upstream-stable: released (5.10.157) [7c6535fb4d67ea37c98a1d1d24ca33dd5ec42693]
+4.19-upstream-stable: needed
+sid: released (6.0.12-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.158-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2022-47521 b/active/CVE-2022-47521
new file mode 100644
index 00000000..b0909df7
--- /dev/null
+++ b/active/CVE-2022-47521
@@ -0,0 +1,15 @@
+Description: wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute
+References:
+ https://lore.kernel.org/r/20221123153543.8568-4-philipturnbull@github.com
+Notes:
+ bwh> In 4.19 the vulnerable function is in
+ bwh> drivers/staging/wilc1000/wilc_wfi_cfgoperations.c.
+Bugs:
+upstream: released (6.1-rc8) [f9b62f9843c7b0afdaecabbcebf1dbba18599408]
+6.1-upstream-stable: N/A "Fixed before branch point"
+5.10-upstream-stable: released (5.10.157) [5a068535c0073c8402aa0755e8ef259fb98a33c5]
+4.19-upstream-stable: needed
+sid: released (6.0.12-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.158-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2022-48627 b/active/CVE-2022-48627
new file mode 100644
index 00000000..70dcc6a3
--- /dev/null
+++ b/active/CVE-2022-48627
@@ -0,0 +1,16 @@
+Description: vt: fix memory overlapping when deleting chars in the buffer
+References:
+Notes:
+ carnil> Introduced in 81732c3b2fed ("tty vt: Fix line garbage in virtual console on
+ carnil> command line edition"). Vulnerable versions: 3.7-rc1 3.10.32 3.12.13 3.13.5.
+Bugs:
+upstream: released (5.19-rc7) [39cdb68c64d84e71a4a717000b6e5de208ee60cc]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.132) [bfee93c9a6c395f9aa62268f1cedf64999844926]
+4.19-upstream-stable: needed
+sid: released (5.18.14-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.136-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2022-48628 b/active/CVE-2022-48628
new file mode 100644
index 00000000..9fb1bf5b
--- /dev/null
+++ b/active/CVE-2022-48628
@@ -0,0 +1,15 @@
+Description: ceph: drop messages from MDS when unmounting
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.6-rc1) [e3dfcab2080dc1f9a4b09cc1327361bc2845bfcd]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [89744b64914426cbabceb3d8a149176b5dafdfb5]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-0030 b/active/CVE-2023-0030
new file mode 100644
index 00000000..377094d4
--- /dev/null
+++ b/active/CVE-2023-0030
@@ -0,0 +1,13 @@
+Description: drm/nouveau/mmu: add more general vmm free/node handling functions
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2157270
+Notes:
+Bugs:
+upstream: released (5.0-rc1) [729eba3355674f2d9524629b73683ba1d1cd3f10]
+6.1-upstream-stable: N/A "Fixed before branch point"
+5.10-upstream-stable: N/A "Fixed before branching point"
+4.19-upstream-stable: needed
+sid: released (5.2.6-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: needed
diff --git a/active/CVE-2023-0160 b/active/CVE-2023-0160
new file mode 100644
index 00000000..95009ad6
--- /dev/null
+++ b/active/CVE-2023-0160
@@ -0,0 +1,19 @@
+Description: possibility of deadlock in libbpf function sock_hash_delete_elem
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2159764
+ https://lore.kernel.org/lkml/CABcoxUayum5oOqFMMqAeWuS8+EzojquSOSyDA3J_2omY=2EeAg@mail.gmail.com/
+ https://lore.kernel.org/all/63dddcc92fc31_6bb15208e9@john.notmuch/
+ https://lore.kernel.org/netdev/87a614h62a.fsf@cloudflare.com/t/#u
+Notes:
+ carnil> As noted by Ubuntu: first attempt to fix was reverted in
+ carnil> 8c5c2a4898e3 ("bpf, sockmap: Revert buggy deadlock fix in the
+ carnil> sockhash and sockmap")
+Bugs:
+upstream:
+6.1-upstream-stable:
+5.10-upstream-stable:
+4.19-upstream-stable:
+sid:
+6.1-bookworm-security:
+5.10-bullseye-security:
+4.19-buster-security:
diff --git a/active/CVE-2023-0386 b/active/CVE-2023-0386
new file mode 100644
index 00000000..78b5e1ee
--- /dev/null
+++ b/active/CVE-2023-0386
@@ -0,0 +1,18 @@
+Description: ovl: fail on invalid uid/gid mapping at copy up
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2159505
+ https://github.com/chenaotian/CVE-2023-0386
+Notes:
+ carnil> Issue different from CVE-2021-3847.
+ carnil> Only exploitable after commit 459c7c565ac3 "ovl: unprivieged
+ carnil> mounts" in 5.11-rc1, or if the Debian-specific module parameter
+ carnil> permit_mounts_in_userns is enabled.
+Bugs:
+upstream: released (6.2-rc6) [4f11ada10d0ad3fd53e2bd67806351de63a4f9c3]
+6.1-upstream-stable: released (6.1.9) [42fea1c35254c49cce07c600d026cbc00c6d3c81]
+5.10-upstream-stable: N/A "Not exploitable in this version"
+4.19-upstream-stable: N/A "Not exploitable in this version"
+sid: released (6.1.11-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.179-1) [bugfix/all/ovl-fail-on-invalid-uid-gid-mapping-at-copy-up.patch]
+4.19-buster-security: pending (4.19.309-1) [bugfix/all/ovl-fail-on-invalid-uid-gid-mapping-at-copy-up.patch]
diff --git a/active/CVE-2023-0597 b/active/CVE-2023-0597
new file mode 100644
index 00000000..ad36278e
--- /dev/null
+++ b/active/CVE-2023-0597
@@ -0,0 +1,15 @@
+Description: x86/mm: Randomize per-cpu entry area
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2165926
+ https://lore.kernel.org/lkml/Yz%2FmfJ1gjgshF19t@hirez.programming.kicks-ass.net/
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/arch/x86/mm/cpu_entry_area.c?h=v6.2-rc6&id=97e3d26b5e5f371b3ee223d94dd123e6c442ba80
+Notes:
+Bugs:
+upstream: released (6.2-rc1) [97e3d26b5e5f371b3ee223d94dd123e6c442ba80]
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.3.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-1075 b/active/CVE-2023-1075
new file mode 100644
index 00000000..e3c45a87
--- /dev/null
+++ b/active/CVE-2023-1075
@@ -0,0 +1,16 @@
+Description: net/tls: tls_is_tx_ready() checked list_entry
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2173434
+ https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=ffe2a22562444720b05bdfeb999c03e810d84cbb
+Notes:
+ carnil> Commit fixes a42055e8d2c3 ("net/tls: Add support for async
+ carnil> encryption of records for performance") in 4.20-rc1.
+Bugs:
+upstream: released (6.2-rc7) [ffe2a22562444720b05bdfeb999c03e810d84cbb]
+6.1-upstream-stable: released (6.1.11) [37c0cdf7e4919e5f76381ac60817b67bcbdacb50]
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.1.11-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2023-1076 b/active/CVE-2023-1076
new file mode 100644
index 00000000..eddf3194
--- /dev/null
+++ b/active/CVE-2023-1076
@@ -0,0 +1,19 @@
+Description: tap: tap_open(): correctly initialize socket uid
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2173435
+ https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=66b2c338adce580dfce2199591e65e2bab889cff
+ https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=a096ccca6e503a5c575717ff8a36ace27510ab0a
+ https://bugzilla.redhat.com/show_bug.cgi?id=2229498
+Notes:
+ carnil> Commit fixes 86741ec25462 ("net: core: Add a UID field to struct sock.").
+ carnil> Initial commits to address CVE-2023-1076 were incorrect
+ carnil> resulting in CVE-2023-4194.
+Bugs:
+upstream: released (6.3-rc1) [66b2c338adce580dfce2199591e65e2bab889cff, a096ccca6e503a5c575717ff8a36ace27510ab0a]
+6.1-upstream-stable: released (6.1.16) [035a80733ec47ed81aa159e16e56d2de106d3335, b4ada752eaf1341f47bfa3d8ada377eca75a8d44]
+5.10-upstream-stable: released (5.10.173) [4a9272a864cbf6dacc3f4b35213108dd01691d31, 9a31af61f397500ccae49d56d809b2217d1e2178]
+4.19-upstream-stable: needed
+sid: released (6.1.20-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2023-1192 b/active/CVE-2023-1192
new file mode 100644
index 00000000..1a449827
--- /dev/null
+++ b/active/CVE-2023-1192
@@ -0,0 +1,26 @@
+Description: use-after-free in smb2_is_status_io_timeout()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2154178
+ https://bugzilla.redhat.com/show_bug.cgi?id=2154178#c24
+ https://lore.kernel.org/linux-cifs/ZZgFEX3QNWWj_VxA@eldamar.lan
+ https://lore.kernel.org/linux-cifs/aca1c4e755e8c005b874c57a6210c4c6a34d2324.camel@debian.org/
+Notes:
+ bwh> Introduced in 5.10 by commit 8e670f77c4a5 "Handle STATUS_IO_TIMEOUT
+ bwh> gracefully". I posted my analysis and an untested patch on RHBZ.
+ carnil> Paulo Alcantara replied that this issue is supposed to be fixed
+ carnil> with d527f51331ca ("cifs: Fix UAF in
+ carnil> cifs_demultiplex_thread()") and that wile the commit mentions
+ carnil> an UAF in >is_network_name_deleted() it should work as well for
+ carnil> the smb2_is_status_io_timeout() case.
+ carnil> But according to Ben this is another issue.
+Bugs:
+upstream: released (6.6-rc3) [d527f51331cace562393a8038d870b3e9916686f]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [908b3b5e97d25e879de3d1f172a255665491c2c3]
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2023-1249 b/active/CVE-2023-1249
new file mode 100644
index 00000000..b72b6ce2
--- /dev/null
+++ b/active/CVE-2023-1249
@@ -0,0 +1,14 @@
+Description: coredump: Use the vma snapshot in fill_files_note
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2169719
+ https://patchwork.kernel.org/project/linux-fsdevel/patch/87iltzn3nd.fsf_-_@email.froward.int.ebiederm.org/
+Notes:
+Bugs:
+upstream: released (5.18-rc1) [390031c942116d4733310f0684beb8db19885fe6]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.110) [558564db44755dfb3e48b0d64de327d20981e950]
+4.19-upstream-stable: needed
+sid: released (5.17.3-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.113-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2023-1582 b/active/CVE-2023-1582
new file mode 100644
index 00000000..d6bedbac
--- /dev/null
+++ b/active/CVE-2023-1582
@@ -0,0 +1,14 @@
+Description: fs/proc: task_mmu.c: don't read mapcount for migration entry
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2180936
+ https://lore.kernel.org/linux-mm/Yg6ac8WlwtnDH6M0@kroah.com/
+Notes:
+Bugs:
+upstream: released (5.17-rc4) [24d7275ce2791829953ed4e72f68277ceb2571c6]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.102) [db3f3636e4aed2cba3e4e7897a053323f7a62249]
+4.19-upstream-stable: needed
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.103-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2023-20588 b/active/CVE-2023-20588
new file mode 100644
index 00000000..d2f8c455
--- /dev/null
+++ b/active/CVE-2023-20588
@@ -0,0 +1,14 @@
+Description: x86/CPU/AMD: Do not leak quotient data after a division by 0
+References:
+ https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7007.html
+Notes:
+ carnil> For 6.4.y fixed as well in 6.4.10. Followup in 6.4.12.
+Bugs:
+upstream: released (6.5-rc6) [77245f1c3c6495521f6a3af082696ee2f8ce3921], released (6.5-rc7) [f58d6fbcb7c848b7f2469be339bc571f2e9d245b]
+6.1-upstream-stable: released (6.1.45) [f2615bb47be4f53be92c81a6a8aa286c92ef04d9], released (6.1.48) [e4679a0342e05a962639a6ec3781f257f417f0ff]
+5.10-upstream-stable: released (5.10.190) [b6fc2fbf89089ecfb8eb9a89a7fc91d444f4fec7], released (5.10.192) [69712baf249570a1419e75dc1a103a44e375b2cd]
+4.19-upstream-stable: needed
+sid: released (6.4.11-1), released (6.4.13-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.191-1), released (5.10.197-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2023-20938 b/active/CVE-2023-20938
new file mode 100644
index 00000000..d1a2fd54
--- /dev/null
+++ b/active/CVE-2023-20938
@@ -0,0 +1,13 @@
+Description: binder: Information leakage between user processes
+References:
+ https://source.android.com/docs/security/bulletin/2023-02-01
+Notes:
+Bugs:
+upstream: released (5.17-rc1) [9a0a930fe2535a76ad70d3f43caeccf0d86a3009, 09184ae9b5756cc469db6fd1d1cfdcffbf627c2d, 656e01f3ab54afe71bed066996fc2640881e1220, 6d98eb95b450a75adb4516a1d33652dc78d2b20c], released (5.18-rc5) [ef38de9217a04c9077629a24652689d8fdb4c6c6, 2d1746e3fda0c3612143d7c06f8e1d1830c13e23]
+6.1-upstream-stable: N/A "Fixed before branch point"
+5.10-upstream-stable: released (5.10.157) [2e3c27f24173c6f3d799080da82126fa044a2f5e, c9d3f25a7f4e3aab3dfd91885e3d428bccdcb0e1, 5204296fc76623552d53f042e2dc411b49c151f2, 23e9d815fad84c1bee3742a8de4bd39510435362, ae9e0cc973fb7499ea1b1a8dfd0795f728b84faf, 017de842533f4334d646f1d480f591f4ca9f5c7a]
+4.19-upstream-stable: needed
+sid: released (5.17.6-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.158-1)
+4.19-buster-security: ignored "Minor issue for Debian"
diff --git a/active/CVE-2023-2124 b/active/CVE-2023-2124
new file mode 100644
index 00000000..075711b6
--- /dev/null
+++ b/active/CVE-2023-2124
@@ -0,0 +1,14 @@
+Description: OOB access in the Linux kernel's XFS subsystem
+References:
+ https://www.openwall.com/lists/oss-security/2023/04/19/2
+ https://lore.kernel.org/linux-xfs/20230412214034.GL3223426@dread.disaster.area/T/#m1ebbcd1ad061d2d33bef6f0534a2b014744d152d
+Notes:
+Bugs:
+upstream: released (6.4-rc1) [22ed903eee23a5b174e240f1cdfa9acf393a5210]
+6.1-upstream-stable: released (6.1.33) [a2961463d74f5c86a8dda3b41c484c28ccc4c289]
+5.10-upstream-stable: released (5.10.184) [0e98a97f772f2ffcee8ced7a49b71e72916e0aa1]
+4.19-upstream-stable: needed
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2023-21264 b/active/CVE-2023-21264
new file mode 100644
index 00000000..f0128c4f
--- /dev/null
+++ b/active/CVE-2023-21264
@@ -0,0 +1,19 @@
+Description:
+References:
+ https://source.android.com/docs/security/bulletin/2023-08-01
+ https://android.googlesource.com/kernel/common/+/b35a06182451f
+ https://android.googlesource.com/kernel/common/+/53625a846a7b4
+Notes:
+ carnil> Commit fixes e82edcc75c4e ("KVM: arm64: Implement do_share()
+ carnil> helper for sharing memory") 5.17-rc1.
+ carnil> Not completely sure if this the issue applies really to the
+ carnil> upstream kernel.
+Bugs:
+upstream: released (6.4-rc5) [09cce60bddd6461a93a5bf434265a47827d1bc6f]
+6.1-upstream-stable: needed
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.3.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2023-2176 b/active/CVE-2023-2176
new file mode 100644
index 00000000..016b82f0
--- /dev/null
+++ b/active/CVE-2023-2176
@@ -0,0 +1,18 @@
+Description: cma: IP tree/list corruption triggered by rebinding
+References:
+ https://lkml.org/lkml/2022/12/9/178
+ https://www.spinics.net/lists/linux-rdma/msg114749.html
+ https://patchwork.kernel.org/project/linux-rdma/patch/3d0e9a2fd62bc10ba02fed1c7c48a48638952320.1672819273.git.leonro@nvidia.com/
+Notes:
+ bwh> Appears to have been introduced in 6.0 by commit fc008bdbf1cd
+ bwh> "RDMA/core: Add an rb_tree that stores cm_ids sorted by ifindex
+ bwh> and remote IP".
+Bugs:
+upstream: released (6.3-rc1) [8d037973d48c026224ab285e6a06985ccac6f7bf]
+6.1-upstream-stable: released (6.1.81) [88067197e97af3fcb104dd86030f788ec1b32fdb]
+5.10-upstream-stable: N/A "Vulnerability introduced later"
+4.19-upstream-stable: N/A "Vulnerability introduced later"
+sid: released (6.3.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerability introduced later"
+4.19-buster-security: N/A "Vulnerability introduced later"
diff --git a/active/CVE-2023-2177 b/active/CVE-2023-2177
new file mode 100644
index 00000000..09f5a249
--- /dev/null
+++ b/active/CVE-2023-2177
@@ -0,0 +1,16 @@
+Description:
+References:
+ https://lore.kernel.org/netdev/CADvbK_dWMO0XdAf950Q14pUv99ahS1MRnOtppvosU2w33sO=kw@mail.gmail.com/T/
+ https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=181d8d2066c0
+Notes:
+ carnil> Commit fixes 5bbbbe32a431 ("sctp: introduce stream scheduler
+ carnil> foundations") in 4.15-rc1.
+Bugs:
+upstream: released (5.19) [181d8d2066c000ba0a0e6940a7ad80f1a0e68e9d]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.135) [6f3505588d66b27220f07d0cab18da380fae2e2d]
+4.19-upstream-stable: needed
+sid: released (5.18.16-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.136-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2023-23005 b/active/CVE-2023-23005
new file mode 100644
index 00000000..14f36c69
--- /dev/null
+++ b/active/CVE-2023-23005
@@ -0,0 +1,15 @@
+Description: mm/demotion: fix NULL vs IS_ERR checking in memory_tier_init
+References:
+Notes:
+ carnil> Commit fixes 7b88bda3761b ("mm/demotion/dax/kmem: set node's
+ carnil> abstract distance to MEMTIER_DEFAULT_DAX_ADISTANCE") in 6.1-
+ carnil> rc1.
+Bugs:
+upstream: released (6.2-rc1) [4a625ceee8a0ab0273534cb6b432ce6b331db5ee]
+6.1-upstream-stable: needed
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.3.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2023-23039 b/active/CVE-2023-23039
new file mode 100644
index 00000000..a631145a
--- /dev/null
+++ b/active/CVE-2023-23039
@@ -0,0 +1,17 @@
+Description: drivers: tty: vcc: Fix use-after-free in vcc_open()
+References:
+ https://lore.kernel.org/lkml/20230102010528.2868403-1-yoochan1026@gmail.com/
+Notes:
+ carnil> CONFIG_VCC depends on CONFIG_SUN_LDOMS. CONFIG_SUN_LDOMS is
+ carnil> SPARC64 only.
+ bwh> Introduced in 4.14 by commit 5d171050e28f "sparc64: vcc: Enable
+ bwh> VCC port probe and removal".
+Bugs:
+upstream: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "sparc64 not supported in LTS"
diff --git a/active/CVE-2023-26242 b/active/CVE-2023-26242
new file mode 100644
index 00000000..4ee4f990
--- /dev/null
+++ b/active/CVE-2023-26242
@@ -0,0 +1,14 @@
+Description: fpga: dfl-afu-region: Add overflow checks for region size and offset
+References:
+ https://patchwork.kernel.org/project/linux-fpga/patch/20230206054326.89323-1-k1rh4.lee@gmail.com/
+Notes:
+ carnil> CONFIG_FPGA_DFL_AFU not enabled in Debian.
+Bugs:
+upstream: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-28466 b/active/CVE-2023-28466
new file mode 100644
index 00000000..a32285e9
--- /dev/null
+++ b/active/CVE-2023-28466
@@ -0,0 +1,14 @@
+Description: net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf()
+References:
+Notes:
+ carnil> source-wise affecting all suites, but we enable CONFIG_TLS only
+ carnil> since bookworm.
+Bugs:
+upstream: released (6.3-rc2) [49c47cc21b5b7a3d8deb18fc57b0aa2ab1286962]
+6.1-upstream-stable: released (6.1.20) [14c17c673e1bba08032d245d5fb025d1cbfee123]
+5.10-upstream-stable: released (5.10.177) [1fde5782f187daa05919d2bebd872df8ebcc00d1]
+4.19-upstream-stable: needed
+sid: released (6.1.20-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2023-28746 b/active/CVE-2023-28746
new file mode 100644
index 00000000..6b69f150
--- /dev/null
+++ b/active/CVE-2023-28746
@@ -0,0 +1,14 @@
+Description: Register File Data Sampling (RFDS)
+References:
+Notes:
+Bugs:
+upstream: released (6.9-rc1) [e95df4ec0c0c9791941f112db699fae794b9862a, 4e42765d1be01111df0c0275bbaf1db1acef346e, 8076fcde016c9c0e0660543e67bff86cb48a7c9c, 2a0180129d726a4b953232175857d442651b55a0]
+6.7-upstream-stable: released (6.7.10) [18867a204511d032c2a6ed083461a10905061fac, 13acf9f1df3513ea7a5170399c2a8e297e5fbdc1, fe5f4d14cdad934c5c92080cebd5b18189bf4ac9, 328607cf9e1fcbbc3f5521391d601306f72a5890]
+6.6-upstream-stable: released (6.6.22) [c35ca0968de41952af2ad7d22881e4a7c6e1b145, ddfd38558acc5b3891fd197372fedb76372da740, 77018fb9efe50cf24e61275ee09253cf1fbb6854, 4a5b5bfea063745471af6395d22ebaea8242225e]
+6.1-upstream-stable: released (6.1.82) [8b5760939db9c49c03b9e19f6c485a8812f48d83, 29476fac750dddeabc3503bf9b13e05b949d7adb, d405b9c03f06b1b5e73ebc4f34452687022f7029, b2e92ab17e440a97c716b701ecd897eebca11ac0]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.9-2) [bugfix/x86/x86-mmio-Disable-KVM-mitigation-when-X86_FEATURE_CLE.patch, bugfix/x86/Documentation-hw-vuln-Add-documentation-for-RFDS.patch, bugfix/x86/x86-rfds-Mitigate-Register-File-Data-Sampling-RFDS.patch, bugfix/x86/KVM-x86-Export-RFDS_NO-and-RFDS_CLEAR-to-guests.patch]
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-3022 b/active/CVE-2023-3022
new file mode 100644
index 00000000..10a41503
--- /dev/null
+++ b/active/CVE-2023-3022
@@ -0,0 +1,18 @@
+Description: ipv6: Use result arg in fib_lookup_arg consistently
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2211440
+Notes:
+ carnil> Report actually not very clear in RHBZ#2211440 as the
+ carnil> additional references are closed.
+ bwh> The fix is marked as fixing commit effda4dd97e8 "ipv6: Pass
+ bwh> fib6_result to fib lookups" which also went into 5.2, but
+ bwh> the bug seems to predate that.
+Bugs:
+upstream: released (5.2-rc1) [a65120bae4b7425a39c5783aa3d4fc29677eef0e]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Fixed before branching point"
+4.19-upstream-stable: needed
+sid: released (5.2.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: needed
diff --git a/active/CVE-2023-31081 b/active/CVE-2023-31081
new file mode 100644
index 00000000..f69ae75d
--- /dev/null
+++ b/active/CVE-2023-31081
@@ -0,0 +1,16 @@
+Description: general protection fault in vidtv_mux_stop_thread
+References:
+ https://lore.kernel.org/all/CA+UBctDXyiosaiR7YNKCs8k0aWu4gU+YutRcnC+TDJkXpHjQag@mail.gmail.com/
+Notes:
+ bwh> vidtv driver (CONFIG_DVB_VIDTV) is not enabled in official
+ bwh> configs. Introduced at the earliest in 5.10 by commit
+ bwh> f90cf6079bf6 "media: vidtv: add a bridge driver".
+Bugs:
+upstream:
+6.1-upstream-stable:
+5.10-upstream-stable:
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid:
+6.1-bookworm-security:
+5.10-bullseye-security:
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2023-31082 b/active/CVE-2023-31082
new file mode 100644
index 00000000..9156870a
--- /dev/null
+++ b/active/CVE-2023-31082
@@ -0,0 +1,18 @@
+Description: sleeping function called from invalid context at kernel/printk/printk.c:2656
+References:
+ https://lore.kernel.org/all/CA+UBctCZok5FSQ=LPRA+A-jocW=L8FuMVZ_7MNqhh483P5yN8A@mail.gmail.com/
+Notes:
+ bwh> Introduced in 6.0 by commit 32dd59f96924 "tty: n_gsm: fix race
+ bwh> condition in gsmld_write()" which was backported to stable
+ bwh> branches. There was an unsuccessful attempt to fix this in
+ bwh> commit 902e02ea9385 "tty: n_gsm: avoid call of sleepingfunctions
+ bwh> from atomic context" which has been reverted.
+Bugs:
+upstream: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-31083 b/active/CVE-2023-31083
new file mode 100644
index 00000000..79363055
--- /dev/null
+++ b/active/CVE-2023-31083
@@ -0,0 +1,15 @@
+Description: general protection fault in hci_uart_tty_ioctl
+References:
+ https://lore.kernel.org/all/CA+UBctC3p49aTgzbVgkSZ2+TQcqq4fPDO7yZitFT5uBPDeCO2g@mail.gmail.com/
+ https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=ff1b86784849f8e181641610f0acb4b77da7501d
+Notes:
+ bwh> Introduced in 2.6.26 by commit 04f378b198da "tty: BKL pushdown".
+Bugs:
+upstream: released (6.6-rc1) [9c33663af9ad115f90c076a1828129a3fbadea98]
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.5.8-1) [bugfix/all/Bluetooth-hci_ldisc-check-HCI_UART_PROTO_READY-flag-.patch]
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-33288 b/active/CVE-2023-33288
new file mode 100644
index 00000000..563a49a2
--- /dev/null
+++ b/active/CVE-2023-33288
@@ -0,0 +1,13 @@
+Description: power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition
+References:
+ https://lore.kernel.org/lkml/20230309174728.233732-1-zyytlz.wz%40163.com/
+Notes:
+Bugs:
+upstream: released (6.3-rc4) [47c29d69212911f50bdcdd0564b5999a559010d4]
+6.1-upstream-stable: released (6.1.22) [84bdb3b76b07f2e62183913a1f5da2d4aa25580a]
+5.10-upstream-stable: released (5.10.177) [2b346876b93168541a45551d5f9abd1d26102e89]
+4.19-upstream-stable: needed
+sid: released (6.1.25-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2023-3397 b/active/CVE-2023-3397
new file mode 100644
index 00000000..2d907bed
--- /dev/null
+++ b/active/CVE-2023-3397
@@ -0,0 +1,14 @@
+Description: fs/jfs: Add a mutex named txEnd_lmLogClose_mutex to prevent a race condition between txEnd and lmLogClose functions
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2217271
+ https://lore.kernel.org/lkml/20230515095956.17898-1-zyytlz.wz@163.com/
+Notes:
+Bugs:
+upstream: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-35827 b/active/CVE-2023-35827
new file mode 100644
index 00000000..1ef51472
--- /dev/null
+++ b/active/CVE-2023-35827
@@ -0,0 +1,14 @@
+Description: net: ravb: Fix possible UAF bug in ravb_remove
+References:
+ https://www.spinics.net/lists/netdev/msg886947.html
+ https://lore.kernel.org/lkml/cca0b40b-d6f8-54c7-1e46-83cb62d0a2f1%40huawei.com/T/
+Notes:
+Bugs:
+upstream: released (6.6-rc6) [3971442870713de527684398416970cf025b4f89]
+6.1-upstream-stable: released (6.1.59) [6f6fa8061f756aedb93af12a8a5d3cf659127965]
+5.10-upstream-stable: released (5.10.199) [db9aafa19547833240f58c2998aed7baf414dc82]
+4.19-upstream-stable: needed
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2023-3640 b/active/CVE-2023-3640
new file mode 100644
index 00000000..c53a1b51
--- /dev/null
+++ b/active/CVE-2023-3640
@@ -0,0 +1,16 @@
+Description: x86/mm: a per-cpu entry area leak was identified through the init_cea_offsets function when prefetchnta and prefetcht2 instructions being used for the per-cpu entry area mapping to the user space
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2217523
+Notes:
+ bwh> From the description on RHBZ, this seems like the unfixable residual
+ bwh> effect of Meltdown and not a new issue. There's no claim that kernel
+ bwh> memory outside of the entry area can be read.
+Bugs:
+upstream: ignored "Unfixable CPU issue"
+6.1-upstream-stable: ignored "Unfixable CPU issue"
+5.10-upstream-stable: ignored "Unfixable CPU issue"
+4.19-upstream-stable: ignored "Unfixable CPU issue"
+sid: ignored "Unfixable CPU issue"
+6.1-bookworm-security: ignored "Unfixable CPU issue"
+5.10-bullseye-security: ignored "Unfixable CPU issue"
+4.19-buster-security: ignored "Unfixable CPU issue"
diff --git a/active/CVE-2023-37453 b/active/CVE-2023-37453
new file mode 100644
index 00000000..c89bbe33
--- /dev/null
+++ b/active/CVE-2023-37453
@@ -0,0 +1,19 @@
+Description:i out-of-bounds in read_descriptors in drivers/usb/core/sysfs
+References:
+ https://syzkaller.appspot.com/bug?extid=18996170f8096c6174d0
+ https://lore.kernel.org/all/000000000000c0ffe505fe86c9ca%40google.com/T/
+ https://lore.kernel.org/all/000000000000e56434059580f86e%40google.com/T/
+Notes:
+ carnil> Introduced by 45bf39f8df7f ("USB: core: Don't hold device lock
+ carnil> while reading the "descriptors" sysfs file") in 6.3-rc1 (but
+ carnil> backported to 4.19.275, 5.10.171, 6.1.15 and other stable
+ carnil> series back in the time).
+Bugs:
+upstream: released (6.6-rc1) [ff33299ec8bb80cdcc073ad9c506bd79bb2ed20b]
+6.1-upstream-stable: released (6.1.53) [8186596a663506b1124bede9fde6f243ef9f37ee]
+5.10-upstream-stable: released (5.10.195) [9d241c5d9a9b7ad95c90c6520272fe404d5ac88f]
+4.19-upstream-stable: needed
+sid: released (6.5.3-1)
+6.1-bookworm-security: released (6.1.55-1)
+5.10-bullseye-security: released (5.10.197-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2023-37454 b/active/CVE-2023-37454
new file mode 100644
index 00000000..89808555
--- /dev/null
+++ b/active/CVE-2023-37454
@@ -0,0 +1,19 @@
+Description: use-after-free in udf_put_super and udf_close_lvid functions in fs/udf/super.c
+References:
+ https://lore.kernel.org/all/00000000000056e02f05dfb6e11a%40google.com/T/
+ https://syzkaller.appspot.com/bug?extid=60864ed35b1073540d57
+ https://syzkaller.appspot.com/bug?extid=61564e5023b7229ec85d
+ https://syzkaller.appspot.com/bug?extid=26873a72980f8fa8bc55
+Notes:
+ carnil> There might be no upstream fix for it from upstream. As by
+ carnil> stated on the upstream thread about the issue: the reproducer
+ carnil> does modify the block device while the filesystem is mounted.
+Bugs:
+upstream: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-3863 b/active/CVE-2023-3863
new file mode 100644
index 00000000..76c5191f
--- /dev/null
+++ b/active/CVE-2023-3863
@@ -0,0 +1,13 @@
+Description: net: nfc: Fix use-after-free caused by nfc_llcp_find_local
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2225126
+Notes:
+Bugs:
+upstream: released (6.5-rc1) [6709d4b7bc2e079241fdef15d1160581c5261c10]
+6.1-upstream-stable: released (6.1.39) [425d9d3a92df7d96b3cfb7ee5c240293a21cbde3]
+5.10-upstream-stable: released (5.10.188) [96f2c6f272ec04083d828de46285a7d7b17d1aad]
+4.19-upstream-stable: needed
+sid: released (6.4.4-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2023-39191 b/active/CVE-2023-39191
new file mode 100644
index 00000000..93c75ca1
--- /dev/null
+++ b/active/CVE-2023-39191
@@ -0,0 +1,15 @@
+Description: eBPF: insufficient stack type checks in dynptr
+References:
+ https://www.zerodayinitiative.com/advisories/ZDI-23-1489/
+ https://lore.kernel.org/all/20230121002241.2113993-1-memxor@gmail.com/
+Notes:
+ carnil> Debian sets CONFIG_BPF_UNPRIV_DEFAULT_OFF=y
+Bugs:
+upstream: released (6.3-rc1) [d6fefa1105dacc8a742cdcf2f4bfb501c9e61349, 79168a669d8125453c8a271115f1ffd4294e61f6, ef8fc7a07c0e161841779d6fe3f6acd5a05c547c, f8064ab90d6644bc8338d2d7ff6a0d6e7a1b2ef3, 379d4ba831cfa895d0cc61d88cd0e1402f35818c, f5b625e5f8bbc6be8bb568a64d7906b091bc7cb0, 1ee72bcbe48de6dcfa44d6eba0aec6e42d04cd4d, 91b875a5e43b3a8dec4fbdca067c8860004b5f0e, f4d24edf1b9249e43282ac2572d43d9ad10faf43, ef4810135396735c1a6b1c343c3cc4fe4be96a43, 011edc8e49b8551dfb6cfcc8601d05e029cf5994, ae8e354c497af625eaecd3d86e04f9087762d42b]
+6.1-upstream-stable: needed
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.3.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2023-39197 b/active/CVE-2023-39197
new file mode 100644
index 00000000..a1264583
--- /dev/null
+++ b/active/CVE-2023-39197
@@ -0,0 +1,16 @@
+Description: netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2218342
+ https://www.zerodayinitiative.com/advisories/ZDI-CAN-21202
+Notes:
+ carnil> Commit fixes 2bc780499aa3 ("[NETFILTER]: nf_conntrack: add DCCP
+ carnil> protocol support").
+Bugs:
+upstream: released (6.5-rc1) [ff0a3a7d52ff7282dbd183e7fc29a1fe386b0c30]
+6.1-upstream-stable: released (6.1.39) [26bd1f210d3783a691052c51d76bb8a8bbd24c67]
+5.10-upstream-stable: released (5.10.188) [9bdcda7abaf22f6453e5b5efb7eb4e524095d5d8]
+4.19-upstream-stable: needed
+sid: released (6.4.4-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2023-39198 b/active/CVE-2023-39198
new file mode 100644
index 00000000..43316c81
--- /dev/null
+++ b/active/CVE-2023-39198
@@ -0,0 +1,15 @@
+Description: drm/qxl: fix UAF on handle creation
+References:
+ https://www.zerodayinitiative.com/advisories/ZDI-CAN-20940/
+Notes:
+ bwh> Introduced in 4.15 by commit 62676d10b483 "qxl: alloc & use shadow for
+ bwh> dumb buffers".
+Bugs:
+upstream: released (6.5-rc7) [c611589b4259ed63b9b77be6872b1ce07ec0ac16]
+6.1-upstream-stable: released (6.1.47) [a1fa8f0fc58e0ec972f718030710efc442d7304b]
+5.10-upstream-stable: released (5.10.208) [03585b18b715621a64ced023ca8c1fc36b6b2119]
+4.19-upstream-stable: needed
+sid: released (6.4.13-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.209-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2023-4010 b/active/CVE-2023-4010
new file mode 100644
index 00000000..f5542b71
--- /dev/null
+++ b/active/CVE-2023-4010
@@ -0,0 +1,17 @@
+Description:
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2227726
+ https://github.com/wanrenmi/a-usb-kernel-bug
+Notes:
+ bwh> This might be related to commit 26c6c2f8a907 "USB: HCD: Fix URB
+ bwh> giveback issue in tasklet function" but I have not investigated
+ bwh> that.
+Bugs:
+upstream:
+6.1-upstream-stable:
+5.10-upstream-stable:
+4.19-upstream-stable:
+sid:
+6.1-bookworm-security:
+5.10-bullseye-security:
+4.19-buster-security:
diff --git a/active/CVE-2023-4133 b/active/CVE-2023-4133
new file mode 100644
index 00000000..be3ceb76
--- /dev/null
+++ b/active/CVE-2023-4133
@@ -0,0 +1,15 @@
+Description: cxgb4: fix use after free bugs caused by circular dependency problem
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2221702
+Notes:
+ carnil> Commit fixes e0f911c81e93 ("cxgb4: fetch stats for offloaded tc
+ carnil> flower flows") in 4.15-rc1.
+Bugs:
+upstream: released (6.3) [e50b9b9e8610d47b7c22529443e45a16b1ea3a15]
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.3.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-4134 b/active/CVE-2023-4134
new file mode 100644
index 00000000..28f526f7
--- /dev/null
+++ b/active/CVE-2023-4134
@@ -0,0 +1,16 @@
+Description: Input: cyttsp4_core - change del_timer_sync() to timer_shutdown_sync()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2221700
+Notes:
+ carnil> Commit fixes 17fb1563d69b ("Input: cyttsp4 - add core driver
+ carnil> for Cypress TMA4XX touchscreen devices") 3.11-rc1.
+ carnil> TOUCHSCREEN_CYTTSP4_CORE is not set in Debian.
+Bugs:
+upstream: released (6.5-rc1) [dbe836576f12743a7d2d170ad4ad4fd324c4d47a]
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.4.4-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-4194 b/active/CVE-2023-4194
new file mode 100644
index 00000000..818224c2
--- /dev/null
+++ b/active/CVE-2023-4194
@@ -0,0 +1,18 @@
+Description: tap: tap_open(): correctly initialize socket uid next fix of i_uid to current_fsuid
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2229498
+ https://lore.kernel.org/all/20230731164237.48365-1-lersek@redhat.com/
+ https://lore.kernel.org/all/20230731164237.48365-2-lersek@redhat.com/
+ https://lore.kernel.org/all/20230731164237.48365-3-lersek@redhat.com/
+Notes:
+ carnil> CVE exists because of incorrect fixes for CVE-2023-1076.
+ carnil> For 6.4.y fixed as well in 6.4.10.
+Bugs:
+upstream: released (6.5-rc5) [9bc3047374d5bec163e83e743709e23753376f0c, 5c9241f3ceab3257abe2923a59950db0dc8bb737]
+6.1-upstream-stable: released (6.1.45) [b6846d7c408b33e4701f4f5ca28932e2a08e0a2e. 767800fc402deac438c5aed9c82f0e71a70c86fd]
+5.10-upstream-stable: released (5.10.190) [5ea23f1cb67e4468db7ff651627892c9217fec24, 33a339e717be2c88b7ad11375165168d5b40e38e]
+4.19-upstream-stable: needed
+sid: released (6.4.11-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2023-4244 b/active/CVE-2023-4244
new file mode 100644
index 00000000..2e8982bd
--- /dev/null
+++ b/active/CVE-2023-4244
@@ -0,0 +1,24 @@
+Description: Use-after-free in nft_verdict_dump due to a race between set GC and transaction
+References:
+ https://kernel.dance/3e91b0ebd994635df2346353322ac51ce84ce6d8
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e91b0ebd994635df2346353322ac51ce84ce6d8
+ https://bugzilla.redhat.com/show_bug.cgi?id=2235306
+ https://lore.kernel.org/netdev/20230810070830.24064-1-pablo@netfilter.org/
+ https://lore.kernel.org/netdev/20230815223011.7019-1-fw@strlen.de/
+Notes:
+ carnil> Fixed as well in 6.4.12 for 6.4.y. Needs closer verification
+ carnil> which commits are actually needed to fix the issue in stable
+ carnil> series.
+ carnil> As per 2023-08-30 23185c6aed1f ("netfilter: nft_dynset:
+ carnil> disallow object maps") has been backported to all relevant
+ carnil> stable series, in particular 4.19.293, 5.10.192, 6.1.47,
+ carnil> 6.4.12.
+Bugs:
+upstream: released (6.5-rc6) [24138933b97b055d486e8064b4a1721702442a9b, 5f68718b34a531a556f2f50300ead2862278da26, f6c383b8c31a93752a52697f8430a71dcbc46adf, c92db3030492b8ad1d0faace7a93bbcf53850d0c, a2dd0233cbc4d8a0abb5f64487487ffc9265beb5], released (6.5-rc7) [6a33d8b73dfac0a41f3877894b38082bd0c9a5bc, 02c6c24402bf1c1e986899c14ba22a10b510916b, 23185c6aed1ffb8fc44087880ba2767aba493779]
+6.1-upstream-stable: released (6.1.47) [7148bca63b212fc8e5c2e8374e14cd62b1c8441c], released (6.1.56) [59dab3bf0b8fc08eb802721c0532f13dd89209b8, ea3eb9f2192e4fc33b795673e56c97a21987f868, df650d6a4bf47248261b61ef6b174d7c54034d15, 4ead4f74b3a9162b205f702d72d4a3421356dbc1, 0b9af4860a61f55cf716267b5ae5df34aacc4b39, 41113aa5698ad7a82635bcb747d483e4458d518d, afa584c35065051a11ae3ea3cc105b634053fcd8]
+5.10-upstream-stable: released (5.10.192) [a7653eaea0a59a6993c62d3653af5c880ce28533], released (5.10.198) [b15ea4017af82011dd55225ce77cce3d4dfc169c, 448be0774882f95a74fa5eb7519761152add601b, 146c76866795553dbc19998f36718d7986ad302b, 77046cb00850e35ba935944b5100996b2ce34bba, 911dd3cdf1083f4c2e7df72aaab486a1d6dbcc0a, 4046f2b56e5a7ba7e123ff961dd51187b8d59e78, dc0b1f019554e601f57e78d8f5c70e59d77e49a5]
+4.19-upstream-stable: released (4.19.293) [255bb7fd670589c00cb2f8a1353b721306135ca3], needed
+sid: released (6.4.13-1)
+6.1-bookworm-security: released (6.1.55-1) [bugfix/all/netfilter-nf_tables-don-t-skip-expired-elements-duri.patch, bugfix/all/netfilter-nf_tables-gc-transaction-api-to-avoid-race.patch, bugfix/all/netfilter-nf_tables-adapt-set-backend-to-use-gc-tran.patch, bugfix/all/netfilter-nft_set_hash-mark-set-element-as-dead-when.patch, bugfix/all/netfilter-nf_tables-remove-busy-mark-and-gc-batch-ap.patch, bugfix/all/netfilter-nf_tables-fix-gc-transaction-races-with-ne.patch, bugfix/all/netfilter-nf_tables-gc-transaction-race-with-netns-d.patch]
+5.10-bullseye-security: released (5.10.197-1) [bugfix/all/netfilter-nf_tables-don-t-skip-expired-elements-duri.patch, bugfix/all/netfilter-nf_tables-gc-transaction-api-to-avoid-race.patch, bugfix/all/netfilter-nf_tables-adapt-set-backend-to-use-gc-tran.patch, bugfix/all/netfilter-nft_set_hash-mark-set-element-as-dead-when.patch, bugfix/all/netfilter-nf_tables-remove-busy-mark-and-gc-batch-ap.patch, bugfix/all/netfilter-nf_tables-fix-gc-transaction-races-with-ne.patch, bugfix/all/netfilter-nf_tables-gc-transaction-race-with-netns-d.patch]
+4.19-buster-security: released (4.19.304-1), needed
diff --git a/active/CVE-2023-46838 b/active/CVE-2023-46838
new file mode 100644
index 00000000..d8f1cce0
--- /dev/null
+++ b/active/CVE-2023-46838
@@ -0,0 +1,14 @@
+Description: xen-netback: don't produce zero-size SKB frags
+References:
+ https://xenbits.xen.org/xsa/advisory-448.html
+Notes:
+ carnil> Fixed as well in 6.7.2 for 6.7.y and 6.6.14 for 6.6.y.
+Bugs:
+upstream: released (6.8-rc2) [c7ec4f2d684e17d69bbdd7c4324db0ef5daac26a]
+6.1-upstream-stable: released (6.1.75) [437360133cbd1e9fb88b122e84fff0df08f18e23]
+5.10-upstream-stable: released (5.10.209) [cce8ba6fa4ec43ad778d64823a2f8ca120d362c1]
+4.19-upstream-stable: released (4.19.306) [5bb8270789c88c0e4ad78c0de2f274f2275c7f6c]
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: released (5.10.209-1)
+4.19-buster-security: pending (4.19.309-1)
diff --git a/active/CVE-2023-47233 b/active/CVE-2023-47233
new file mode 100644
index 00000000..a59a2e76
--- /dev/null
+++ b/active/CVE-2023-47233
@@ -0,0 +1,14 @@
+Description: Use after Free bug in brcmf_cfg80211_detach
+References:
+ https://bugzilla.suse.com/show_bug.cgi?id=1216702
+ https://lore.kernel.org/all/20231106141704.866455-1-zyytlz.wz@163.com/
+Notes:
+Bugs:
+upstream: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-51779 b/active/CVE-2023-51779
new file mode 100644
index 00000000..fbe3be43
--- /dev/null
+++ b/active/CVE-2023-51779
@@ -0,0 +1,13 @@
+Description: Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg
+References:
+Notes:
+ carnil> For 6.6.y fixed as well in 6.6.9.
+Bugs:
+upstream: released (6.7-rc7) [2e07e8348ea454615e268222ae3fc240421be768]
+6.1-upstream-stable: released (6.1.70) [37f71e2c9f515834841826f4eb68ec33cfb2a1ff]
+5.10-upstream-stable: released (5.10.206) [db1b14eec8c61a20374de9f9c2ddc6c9406a8c42]
+4.19-upstream-stable: needed
+sid: released (6.6.9-1)
+6.1-bookworm-security: released (6.1.69-1) [bugfix/all/Bluetooth-af_bluetooth-Fix-Use-After-Free-in-bt_sock.patch]
+5.10-bullseye-security: released (5.10.209-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52340 b/active/CVE-2023-52340
new file mode 100644
index 00000000..677263ec
--- /dev/null
+++ b/active/CVE-2023-52340
@@ -0,0 +1,13 @@
+Description: ipv6: remove max_size check inline with ipv4
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2257979
+Notes:
+Bugs:
+upstream: released (6.3-rc1) [af6d10345ca76670c1b7c37799f0d5576ccef277]
+6.1-upstream-stable: released (6.1.73) [0f22c8a6efe63c16d1abf1e6c0317abbf121f883]
+5.10-upstream-stable: released (5.10.208) [dd56c5790dc3484f3c89fd4e21735c796a82b40d]
+4.19-upstream-stable: released (4.19.305) [95372b040ae689293c6863b90049f1af68410c8b]
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: released (5.10.209-1)
+4.19-buster-security: pending (4.19.309-1)
diff --git a/active/CVE-2023-52429 b/active/CVE-2023-52429
new file mode 100644
index 00000000..80ef9feb
--- /dev/null
+++ b/active/CVE-2023-52429
@@ -0,0 +1,15 @@
+Description: dm: limit the number of targets and parameter size area
+References:
+ https://www.spinics.net/lists/dm-devel/msg56625.html
+Notes:
+ carnil> For 6.6.y fixed in 6.6.18 and in 6.7.y in 6.7.6.
+ bwh> Duplicate of CVE-2024-23851.
+Bugs:
+upstream: released (6.8-rc3) [bd504bcfec41a503b32054da5472904b404341a4]
+6.1-upstream-stable: released (6.1.79) [c5d83ac2bf6ca668a39ffb1a576899a66153ba19]
+5.10-upstream-stable: released (5.10.210) [a891a0621e725e85529985139cada8cb5a74a116]
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52434 b/active/CVE-2023-52434
new file mode 100644
index 00000000..359610c2
--- /dev/null
+++ b/active/CVE-2023-52434
@@ -0,0 +1,16 @@
+Description: smb: client: fix potential OOBs in smb2_parse_contexts()
+References:
+ https://lore.kernel.org/linux-cve-announce/2024022033-makeshift-flammable-cb72@gregkh/
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.7-rc6) [af1689a9b7701d9907dfc84d2a4b57c4bc907144]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: released (6.6.8) [17a0f64cc02d4972e21c733d9f21d1c512963afa]
+6.1-upstream-stable: released (6.1.79) [1ae3c59355dc9882e09c020afe8ffbd895ad0f29]
+5.10-upstream-stable: released (5.10.211) [13fb0fc4917621f3dfa285a27eaf7151d770b5e5]
+4.19-upstream-stable: needed
+sid: released (6.6.8-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52435 b/active/CVE-2023-52435
new file mode 100644
index 00000000..3e192c31
--- /dev/null
+++ b/active/CVE-2023-52435
@@ -0,0 +1,15 @@
+Description: net: prevent mss overflow in skb_segment()
+References:
+ https://lore.kernel.org/linux-cve-announce/2024022048-rind-huff-b1a2@gregkh/
+Notes:
+ carnil> Commit fixes 3953c46c3ac7 ("sk_buff: allow segmenting based on
+ carnil> frag sizes") in 4.8-rc1.
+Bugs:
+upstream: released (6.7-rc6) [23d05d563b7e7b0314e65c8e882bc27eac2da8e7]
+6.1-upstream-stable: released (6.1.79) [989b0ff35fe5fc9652ee5bafbe8483db6f27b137]
+5.10-upstream-stable: released (5.10.210) [8f8f185643747fbb448de6aab0efa51c679909a3]
+4.19-upstream-stable: needed
+sid: released (6.6.11-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52436 b/active/CVE-2023-52436
new file mode 100644
index 00000000..d8a63018
--- /dev/null
+++ b/active/CVE-2023-52436
@@ -0,0 +1,12 @@
+Description: f2fs: explicitly null-terminate the xattr list
+References:
+Notes:
+Bugs:
+upstream: released (6.8-rc1) [e26b6d39270f5eab0087453d9b544189a38c8564]
+6.1-upstream-stable: released (6.1.74) [5de9e9dd1828db9b8b962f7ca42548bd596deb8a]
+5.10-upstream-stable: released (5.10.209) [3e47740091b05ac8d7836a33afd8646b6863ca52]
+4.19-upstream-stable: released (4.19.306) [16ae3132ff7746894894927c1892493693b89135]
+sid: released (6.6.13-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: released (5.10.209-1)
+4.19-buster-security: pending (4.19.309-1)
diff --git a/active/CVE-2023-52439 b/active/CVE-2023-52439
new file mode 100644
index 00000000..29d370b5
--- /dev/null
+++ b/active/CVE-2023-52439
@@ -0,0 +1,15 @@
+Description: uio: Fix use-after-free in uio_open
+References:
+ https://lore.kernel.org/linux-cve-announce/2024022026-wobbling-jumbo-748e@gregkh/
+Notes:
+ carnil> Commit fixes 57c5f4df0a5a ("uio: fix crash after the device is
+ carnil> unregistered") in 4.18-rc5.
+Bugs:
+upstream: released (6.8-rc1) [0c9ae0b8605078eafc3bea053cc78791e97ba2e2]
+6.1-upstream-stable: released (6.1.74) [17a8519cb359c3b483fb5c7367efa9a8a508bdea]
+5.10-upstream-stable: released (5.10.209) [5e0be1229ae199ebb90b33102f74a0f22d152570]
+4.19-upstream-stable: released (4.19.306) [3174e0f7de1ba392dc191625da83df02d695b60c]
+sid: released (6.6.13-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: released (5.10.209-1)
+4.19-buster-security: pending (4.19.309-1)
diff --git a/active/CVE-2023-52443 b/active/CVE-2023-52443
new file mode 100644
index 00000000..b9d9b6ba
--- /dev/null
+++ b/active/CVE-2023-52443
@@ -0,0 +1,12 @@
+Description: apparmor: avoid crash when parsed profile name is empty
+References:
+Notes:
+Bugs:
+upstream: released (6.8-rc1) [55a8210c9e7d21ff2644809699765796d4bfb200]
+6.1-upstream-stable: released (6.1.75) [9d4fa5fe2b1d56662afd14915a73b4d0783ffa45]
+5.10-upstream-stable: released (5.10.209) [5ff00408e5029d3550ee77f62dc15f1e15c47f87]
+4.19-upstream-stable: released (4.19.306) [9286ee97aa4803d99185768735011d0d65827c9e]
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: released (5.10.209-1)
+4.19-buster-security: pending (4.19.309-1)
diff --git a/active/CVE-2023-52444 b/active/CVE-2023-52444
new file mode 100644
index 00000000..390ee306
--- /dev/null
+++ b/active/CVE-2023-52444
@@ -0,0 +1,12 @@
+Description: f2fs: fix to avoid dirent corruption
+References:
+Notes:
+Bugs:
+upstream: released (6.8-rc1) [53edb549565f55ccd0bdf43be3d66ce4c2d48b28]
+6.1-upstream-stable: released (6.1.75) [f0145860c20be6bae6785c7a2249577674702ac7]
+5.10-upstream-stable: released (5.10.209) [6f866885e147d33efc497f1095f35b2ee5ec7310]
+4.19-upstream-stable: released (4.19.306) [02160112e6d45c2610b049df6eb693d7a2e57b46]
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: released (5.10.209-1)
+4.19-buster-security: pending (4.19.309-1)
diff --git a/active/CVE-2023-52445 b/active/CVE-2023-52445
new file mode 100644
index 00000000..5f95956d
--- /dev/null
+++ b/active/CVE-2023-52445
@@ -0,0 +1,12 @@
+Description: media: pvrusb2: fix use after free on context disconnection
+References:
+Notes:
+Bugs:
+upstream: released (6.8-rc1) [ded85b0c0edd8f45fec88783d7555a5b982449c1]
+6.1-upstream-stable: released (6.1.75) [30773ea47d41773f9611ffb4ebc9bda9d19a9e7e]
+5.10-upstream-stable: released (5.10.209) [3233d8bf7893550045682192cb227af7fa3defeb]
+4.19-upstream-stable: released (4.19.306) [ec36c134dd020d28e312c2f1766f85525e747aab]
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: released (5.10.209-1)
+4.19-buster-security: pending (4.19.309-1)
diff --git a/active/CVE-2023-52447 b/active/CVE-2023-52447
new file mode 100644
index 00000000..67d51f49
--- /dev/null
+++ b/active/CVE-2023-52447
@@ -0,0 +1,17 @@
+Description: bpf: Defer the free of inner map when necessary
+References:
+Notes:
+ carnil> Introduced in bba1dc0b55ac ("bpf: Remove redundant synchronize_rcu.")
+ carnil> 638e4b825d52 ("bpf: Allows per-cpu maps and map-in-map in sleepable programs").
+ carnil> Vulnerable versions: 5.9-rc1 5.12-rc1.
+Bugs:
+upstream: released (6.8-rc1) [876673364161da50eed6b472d746ef88242b2368]
+6.7-upstream-stable: released (6.7.2) [bfd9b20c4862f41d4590fde11d70a5eeae53dcc5]
+6.6-upstream-stable: released (6.6.14) [f91cd728b10c51f6d4a39957ccd56d1e802fc8ee]
+6.1-upstream-stable: released (6.1.75) [62fca83303d608ad4fec3f7428c8685680bb01b0]
+5.10-upstream-stable: released (5.10.214) [90c445799fd1dc214d7c6279c144e33a35e29ef2]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2023-52449 b/active/CVE-2023-52449
new file mode 100644
index 00000000..e992e9c1
--- /dev/null
+++ b/active/CVE-2023-52449
@@ -0,0 +1,12 @@
+Description: mtd: Fix gluebi NULL pointer dereference caused by ftl notifier
+References:
+Notes:
+Bugs:
+upstream: released (6.8-rc1) [a43bdc376deab5fff1ceb93dca55bcab8dbdc1d6]
+6.1-upstream-stable: released (6.1.75) [5389407bba1eab1266c6d83e226fb0840cb98dd5]
+5.10-upstream-stable: released (5.10.209) [001a3f59d8c914ef8273461d4bf495df384cc5f8]
+4.19-upstream-stable: released (4.19.306) [aeba358bcc8ffddf9b4a9bd0e5ec9eb338d46022]
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: released (5.10.209-1)
+4.19-buster-security: pending (4.19.309-1)
diff --git a/active/CVE-2023-52452 b/active/CVE-2023-52452
new file mode 100644
index 00000000..31ef64dd
--- /dev/null
+++ b/active/CVE-2023-52452
@@ -0,0 +1,14 @@
+Description: bpf: Fix accesses to uninit stack slots
+References:
+Notes:
+ carnil> Introduced with 01f810ace9ed3 ("bpf: Allow variable-offset
+ carnil> stack access") in 5.12-rc1 (and backported to 5.10.33)
+Bugs:
+upstream: released (6.8-rc1) [6b4a64bafd107e521c01eec3453ce94a3fb38529]
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2023-52458 b/active/CVE-2023-52458
new file mode 100644
index 00000000..32d815ea
--- /dev/null
+++ b/active/CVE-2023-52458
@@ -0,0 +1,14 @@
+Description: block: add check that partition length needs to be aligned with block size
+References:
+Notes:
+Bugs:
+upstream: released (6.8-rc1) [6f64f866aa1ae6975c95d805ed51d7e9433a0016]
+6.7-upstream-stable: released (6.7.2) [bcdc288e7bc008daf38ef0401b53e4a8bb61bbe5]
+6.6-upstream-stable: released (6.6.14) [cb16cc1abda18a9514106d2ac8c8d7abc0be5ed8]
+6.1-upstream-stable: released (6.1.75) [ef31cc87794731ffcb578a195a2c47d744e25fb8]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52464 b/active/CVE-2023-52464
new file mode 100644
index 00000000..7f506f42
--- /dev/null
+++ b/active/CVE-2023-52464
@@ -0,0 +1,14 @@
+Description: EDAC/thunderx: Fix possible out-of-bounds string access
+References:
+Notes:
+Bugs:
+upstream: released (6.8-rc1) [475c58e1a471e9b873e3e39958c64a2d278275c8]
+6.7-upstream-stable: released (6.7.2) [426fae93c01dffa379225eb2bd4d3cdc42c6eec5]
+6.6-upstream-stable: released (6.6.14) [e1c86511241588efffaa49556196f09a498d5057]
+6.1-upstream-stable: released (6.1.75) [9dbac9fdae6e3b411fc4c3fca3bf48f70609c398]
+5.10-upstream-stable: released (5.10.209) [6aa7865ba7ff7f0ede0035180fb3b9400ceb405a]
+4.19-upstream-stable: released (4.19.306) [71c17ee02538802ceafc830f0736aa35b564e601]
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: released (5.10.209-1)
+4.19-buster-security: pending (4.19.309-1)
diff --git a/active/CVE-2023-52469 b/active/CVE-2023-52469
new file mode 100644
index 00000000..377a7d53
--- /dev/null
+++ b/active/CVE-2023-52469
@@ -0,0 +1,16 @@
+Description: drivers/amd/pm: fix a use-after-free in kv_parse_power_table
+References:
+Notes:
+ carnil> Introduced in a2e73f56fa62 ("drm/amdgpu: Add support for CIK parts").
+ carnil> Vulnerable versions: 4.2-rc1.
+Bugs:
+upstream: released (6.8-rc1) [28dd788382c43b330480f57cd34cde0840896743]
+6.7-upstream-stable: released (6.7.2) [3426f059eacc33ecc676b0d66539297e1cfafd02]
+6.6-upstream-stable: released (6.6.14) [95084632a65d5c0d682a83b55935560bdcd2a1e3]
+6.1-upstream-stable: released (6.1.75) [35fa2394d26e919f63600ce631e6aefc95ec2706]
+5.10-upstream-stable: released (5.10.209) [520e213a0b97b64735a13950e9371e0a5d7a5dc3]
+4.19-upstream-stable: released (4.19.306) [8a27d9d9fc9b5564b8904c3a77a7dea482bfa34e]
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: released (5.10.209-1)
+4.19-buster-security: pending (4.19.309-1)
diff --git a/active/CVE-2023-52470 b/active/CVE-2023-52470
new file mode 100644
index 00000000..e352f6eb
--- /dev/null
+++ b/active/CVE-2023-52470
@@ -0,0 +1,16 @@
+Description: drm/radeon: check the alloc_workqueue return value in radeon_crtc_init()
+References:
+Notes:
+ carnil> Introduced in fa7f517cb26e ("drm/radeon: rework page flip handling v4").
+ carnil> Vulnerable versions: 3.16-rc1.
+Bugs:
+upstream: released (6.8-rc1) [7a2464fac80d42f6f8819fed97a553e9c2f43310]
+6.7-upstream-stable: released (6.7.2) [fb2d8bc9b5e55848b8a7c3c028e2ee8d49f28f97]
+6.6-upstream-stable: released (6.6.14) [0b813a6a0087451cb702b6eb841f10856f49d088]
+6.1-upstream-stable: released (6.1.75) [c4ff55408187f2595066967047363ca84e76db85]
+5.10-upstream-stable: released (5.10.209) [57ca7984806d79b38af528de88fd803babf27feb]
+4.19-upstream-stable: released (4.19.306) [21b1645660717d6126dd4866c850fcc5c4703a41]
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: released (5.10.209-1)
+4.19-buster-security: pending (4.19.309-1)
diff --git a/active/CVE-2023-52474 b/active/CVE-2023-52474
new file mode 100644
index 00000000..52ff6cfa
--- /dev/null
+++ b/active/CVE-2023-52474
@@ -0,0 +1,17 @@
+Description: IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests
+References:
+Notes:
+ carnil> Introduced in 7be85676f1d1 ("IB/hfi1: Don't remove RB entry when not needed.")
+ carnil> 7724105686e7 ("IB/hfi1: add driver files"). Vulnerable versions: 4.3-rc1
+ carnil> 4.14-rc1.
+Bugs:
+upstream: released (6.4-rc1) [00cbce5cbf88459cd1aa1d60d0f1df15477df127]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.28) [dce59b5443700fbd0d2433ec6e4d4cf063448844]
+5.10-upstream-stable: released (5.10.180) [9c4c6512d7330b743c4ffd18bd999a86ca26db0d]
+4.19-upstream-stable: needed
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52476 b/active/CVE-2023-52476
new file mode 100644
index 00000000..1d89b23a
--- /dev/null
+++ b/active/CVE-2023-52476
@@ -0,0 +1,15 @@
+Description: perf/x86/lbr: Filter vsyscall addresses
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.6-rc6) [e53899771a02f798d436655efbd9d4b46c0f9265]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.59) [3863989497652488a50f00e96de4331e5efabc6c]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52479 b/active/CVE-2023-52479
new file mode 100644
index 00000000..386eaf58
--- /dev/null
+++ b/active/CVE-2023-52479
@@ -0,0 +1,15 @@
+Description: ksmbd: fix uaf in smb20_oplock_break_ack
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.6-rc5) [c69813471a1ec081a0b9bf0c6bd7e8afd818afce]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.57) [8226ffc759ea59f10067b9acdf7f94bae1c69930]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52480 b/active/CVE-2023-52480
new file mode 100644
index 00000000..affd7532
--- /dev/null
+++ b/active/CVE-2023-52480
@@ -0,0 +1,15 @@
+Description: ksmbd: fix race condition between session lookup and expire
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.6-rc5) [53ff5cf89142b978b1a5ca8dc4d4425e6a09745f]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.57) [a2ca5fd3dbcc665e1169044fa0c9e3eba779202b]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52481 b/active/CVE-2023-52481
new file mode 100644
index 00000000..fb0104c5
--- /dev/null
+++ b/active/CVE-2023-52481
@@ -0,0 +1,15 @@
+Description: arm64: errata: Add Cortex-A520 speculative unprivileged load workaround
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.6-rc5) [471470bc7052d28ce125901877dd10e4c048e513]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.57) [6e3ae2927b432a3b7c8374f14dbc1bd9ebe4372c]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52482 b/active/CVE-2023-52482
new file mode 100644
index 00000000..a9a52132
--- /dev/null
+++ b/active/CVE-2023-52482
@@ -0,0 +1,15 @@
+Description: x86/srso: Add SRSO mitigation for Hygon processors
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.6-rc4) [a5ef7d68cea1344cf524f04981c2b3f80bedbb0d]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [6ce2f297a7168274547d0b5aea6c7c16268b8a96]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52484 b/active/CVE-2023-52484
new file mode 100644
index 00000000..60b9c700
--- /dev/null
+++ b/active/CVE-2023-52484
@@ -0,0 +1,15 @@
+Description: iommu/arm-smmu-v3: Fix soft lockup triggered by arm_smmu_mm_invalidate_range
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.6-rc5) [d5afb4b47e13161b3f33904d45110f9e6463bad6]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [f90f4c562003ac3d3b135c5a40a5383313f27264]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52485 b/active/CVE-2023-52485
new file mode 100644
index 00000000..d9d1c34e
--- /dev/null
+++ b/active/CVE-2023-52485
@@ -0,0 +1,15 @@
+Description: drm/amd/display: Wake DMCUB before sending a command
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [8892780834ae294bc3697c7d0e056d7743900b39]
+6.7-upstream-stable: released (6.7.3) [303197775a97416b62d4da69280d0c120a20e009]
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52486 b/active/CVE-2023-52486
new file mode 100644
index 00000000..b884c3c6
--- /dev/null
+++ b/active/CVE-2023-52486
@@ -0,0 +1,15 @@
+Description: drm: Don't unref the same fb many times by mistake due to deadlock handling
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [cb4daf271302d71a6b9a7c01bd0b6d76febd8f0c]
+6.7-upstream-stable: released (6.7.3) [bfd0feb1b109cb63b87fdcd00122603787c75a1a]
+6.6-upstream-stable: released (6.6.15) [d7afdf360f4ac142832b098b4de974e867cc063c]
+6.1-upstream-stable: released (6.1.76) [62f2e79cf9f4f47cc9dea9cebdf58d9f7b5695e0]
+5.10-upstream-stable: released (5.10.210) [f55261469be87c55df13db76dc945f6bcd825105]
+4.19-upstream-stable: released (4.19.307) [376e21a9e4c2c63ee5d8d3aa74be5082c3882229]
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: needed
+4.19-buster-security: pending (4.19.309-1)
diff --git a/active/CVE-2023-52488 b/active/CVE-2023-52488
new file mode 100644
index 00000000..2dbfb149
--- /dev/null
+++ b/active/CVE-2023-52488
@@ -0,0 +1,16 @@
+Description: serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO
+References:
+Notes:
+ carnil> Introduced in dfeae619d781 ("serial: sc16is7xx"). Vulnerable versions: 3.16-rc1.
+ bwh> Driver is not enabled in any suite.
+Bugs:
+upstream: released (6.8-rc1) [dbf4ab821804df071c8b566d9813083125e6d97b]
+6.7-upstream-stable: released (6.7.3) [aa7cb4787698add9367b19f7afc667662c9bdb23]
+6.6-upstream-stable: released (6.6.15) [084c24e788d9cf29c55564de368bf5284f2bb5db]
+6.1-upstream-stable: released (6.1.76) [416b10d2817c94db86829fb92ad43ce7d002c573]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52489 b/active/CVE-2023-52489
new file mode 100644
index 00000000..0a1b945d
--- /dev/null
+++ b/active/CVE-2023-52489
@@ -0,0 +1,16 @@
+Description: mm/sparsemem: fix race in accessing memory_section->usage
+References:
+Notes:
+ carnil> Introduced in f46edbd1b151 ("mm/sparsemem: add helpers track active portions of
+ carnil> a section at boot"). Vulnerable versions: 5.3-rc1.
+Bugs:
+upstream: released (6.8-rc1) [5ec8e8ea8b7783fab150cf86404fc38cb4db8800]
+6.7-upstream-stable: released (6.7.3) [3a01daace71b521563c38bbbf874e14c3e58adb7]
+6.6-upstream-stable: released (6.6.15) [70064241f2229f7ba7b9599a98f68d9142e81a97]
+6.1-upstream-stable: released (6.1.76) [68ed9e33324021e9d6b798e9db00ca3093d2012a]
+5.10-upstream-stable: released (5.10.210) [90ad17575d26874287271127d43ef3c2af876cea]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2023-52491 b/active/CVE-2023-52491
new file mode 100644
index 00000000..a0b5909b
--- /dev/null
+++ b/active/CVE-2023-52491
@@ -0,0 +1,16 @@
+Description: media: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run
+References:
+Notes:
+ carnil> Introduced in b2f0d2724ba4 ("[media] vcodec: mediatek: Add Mediatek JPEG
+ carnil> Decoder Driver"). Vulnerable versions: 4.12-rc1.
+Bugs:
+upstream: released (6.8-rc1) [206c857dd17d4d026de85866f1b5f0969f2a109e]
+6.7-upstream-stable: released (6.7.3) [6e2f37022f0fc0893da4d85a0500c9d547fffd4c]
+6.6-upstream-stable: released (6.6.15) [8254d54d00eb6cdb8367399c7f912eb8d354ecd7]
+6.1-upstream-stable: released (6.1.76) [9fec4db7fff54d9b0306a332bab31eac47eeb5f6]
+5.10-upstream-stable: released (5.10.210) [43872f44eee6c6781fea1348b38885d8e78face9]
+4.19-upstream-stable: needed
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52492 b/active/CVE-2023-52492
new file mode 100644
index 00000000..4660c662
--- /dev/null
+++ b/active/CVE-2023-52492
@@ -0,0 +1,16 @@
+Description: dmaengine: fix NULL pointer in channel unregistration function
+References:
+Notes:
+ carnil> Introduced in d2fb0a043838 ("dmaengine: break out channel registration").
+ carnil> Vulnerable versions: 5.6-rc1.
+Bugs:
+upstream: released (6.8-rc1) [f5c24d94512f1b288262beda4d3dcb9629222fc7]
+6.7-upstream-stable: released (6.7.3) [9263fd2a63487c6d04cbb7b74a48fb12e1e352d0]
+6.6-upstream-stable: released (6.6.15) [7f0ccfad2031eddcc510caf4e57f2d4aa2d8a50b]
+6.1-upstream-stable: released (6.1.76) [2ab32986a0b9e329eb7f8f04dd57cc127f797c08]
+5.10-upstream-stable: released (5.10.210) [9de69732dde4e443c1c7f89acbbed2c45a6a8e17]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2023-52493 b/active/CVE-2023-52493
new file mode 100644
index 00000000..d4e441ec
--- /dev/null
+++ b/active/CVE-2023-52493
@@ -0,0 +1,16 @@
+Description: bus: mhi: host: Drop chan lock before queuing buffers
+References:
+Notes:
+ carnil> Introduced in 1d3173a3bae7 ("bus: mhi: core: Add support for processing events
+ carnil> from client device"). Vulnerable versions: 5.7-rc1.
+Bugs:
+upstream: released (6.8-rc1) [01bd694ac2f682fb8017e16148b928482bc8fa4b]
+6.7-upstream-stable: released (6.7.3) [b8eff20d87092e14cac976d057cb0aea2f1d0830]
+6.6-upstream-stable: released (6.6.15) [eaefb9464031215d63c0a8a7e2bfaa00736aa17e]
+6.1-upstream-stable: released (6.1.76) [3c5ec66b4b3f6816f3a6161538672e389e537690]
+5.10-upstream-stable: released (5.10.210) [20a6dea2d1c68d4e03c6bb50bc12e72e226b5c0e]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2023-52494 b/active/CVE-2023-52494
new file mode 100644
index 00000000..8b89aecd
--- /dev/null
+++ b/active/CVE-2023-52494
@@ -0,0 +1,16 @@
+Description: bus: mhi: host: Add alignment check for event ring read pointer
+References:
+Notes:
+ carnil> Introduced in ec32332df764 ("bus: mhi: core: Sanity check values from remote
+ carnil> device before use"). Vulnerable versions: 5.10.36 5.11.20 5.12.3 5.13-rc1.
+Bugs:
+upstream: released (6.8-rc1) [eff9704f5332a13b08fbdbe0f84059c9e7051d5f]
+6.7-upstream-stable: released (6.7.3) [ecf8320111822a1ae5d5fc512953eab46d543d0b]
+6.6-upstream-stable: released (6.6.15) [a9ebfc405fe1be145f414eafadcbf09506082010]
+6.1-upstream-stable: released (6.1.76) [2df39ac8f813860f79782807c3f7acff40b3c551]
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2023-52497 b/active/CVE-2023-52497
new file mode 100644
index 00000000..6adc6ffc
--- /dev/null
+++ b/active/CVE-2023-52497
@@ -0,0 +1,18 @@
+Description: erofs: fix lz4 inplace decompression
+References:
+Notes:
+ carnil> Introduced in 0ffd71bcc3a0 ("staging: erofs: introduce LZ4 decompression
+ carnil> inplace")
+ carnil> 598162d05080 ("erofs: support decompress big pcluster for lz4 backend").
+ carnil> Vulnerable versions: 5.3-rc1 5.13-rc1.
+Bugs:
+upstream: released (6.8-rc1) [3c12466b6b7bf1e56f9b32c366a3d83d87afb4de]
+6.7-upstream-stable: released (6.7.3) [bffc4cc334c5bb31ded54bc3cfd651735a3cb79e]
+6.6-upstream-stable: released (6.6.15) [f36d200a80a3ca025532ed60dd1ac21b620e14ae]
+6.1-upstream-stable: released (6.1.76) [33bf23c9940dbd3a22aad7f0cda4c84ed5701847]
+5.10-upstream-stable: released (5.10.211) [a0180e940cf1aefa7d516e20b259ad34f7a8b379]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2023-52498 b/active/CVE-2023-52498
new file mode 100644
index 00000000..b0c6d8a6
--- /dev/null
+++ b/active/CVE-2023-52498
@@ -0,0 +1,15 @@
+Description: PM: sleep: Fix possible deadlocks in core system-wide PM code
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [7839d0078e0d5e6cc2fa0b0dfbee71de74f1e557]
+6.7-upstream-stable: released (6.7.3) [9bd3dce27b01c51295b60e1433e1dadfb16649f7]
+6.6-upstream-stable: released (6.6.15) [e681e29d1f59a04ef773296e4bebb17b1b79f8fe]
+6.1-upstream-stable: released (6.1.76) [e1c9d32c98309ae764893a481552d3f99d46cb34]
+5.10-upstream-stable: released (5.10.210) [f46eb832389f162ad13cb780d0b8cde93641990d]
+4.19-upstream-stable: needed
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52500 b/active/CVE-2023-52500
new file mode 100644
index 00000000..c0cf5f68
--- /dev/null
+++ b/active/CVE-2023-52500
@@ -0,0 +1,15 @@
+Description: scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.6-rc2) [c13e7331745852d0dd7c35eabbe181cbd5b01172]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [2259e1901b2d8c0e8538fc99e77de443b939e749]
+5.10-upstream-stable: released (5.10.198) [2afd8fcee0c4d65a482e30c3ad2a92c25e5e92d4]
+4.19-upstream-stable: needed
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52501 b/active/CVE-2023-52501
new file mode 100644
index 00000000..0c4ab027
--- /dev/null
+++ b/active/CVE-2023-52501
@@ -0,0 +1,15 @@
+Description: ring-buffer: Do not attempt to read past "commit"
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.6-rc2) [95a404bd60af6c4d9d8db01ad14fe8957ece31ca]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [b08a4938229dbb530a35c41b83002a1457c6ff49]
+5.10-upstream-stable: released (5.10.198) [cee5151c5410e868826b8afecfb356f3799ebea3]
+4.19-upstream-stable: needed
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52508 b/active/CVE-2023-52508
new file mode 100644
index 00000000..2bc816b2
--- /dev/null
+++ b/active/CVE-2023-52508
@@ -0,0 +1,15 @@
+Description: nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid()
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.6-rc2) [8ae5b3a685dc59a8cf7ccfe0e850999ba9727a3c]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [be90c9e29dd59b7d19a73297a1590ff3ec1d22ea]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52509 b/active/CVE-2023-52509
new file mode 100644
index 00000000..a0de9b27
--- /dev/null
+++ b/active/CVE-2023-52509
@@ -0,0 +1,16 @@
+Description: ravb: Fix use-after-free issue in ravb_tx_timeout_work()
+References:
+Notes:
+ carnil> Introduced in c156633f1353 ("Renesas Ethernet AVB driver proper"). Vulnerable
+ carnil> versions: 4.2-rc1.
+Bugs:
+upstream: released (6.6-rc6) [3971442870713de527684398416970cf025b4f89]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.59) [6f6fa8061f756aedb93af12a8a5d3cf659127965]
+5.10-upstream-stable: released (5.10.199) [db9aafa19547833240f58c2998aed7baf414dc82]
+4.19-upstream-stable: needed
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52511 b/active/CVE-2023-52511
new file mode 100644
index 00000000..5afd1740
--- /dev/null
+++ b/active/CVE-2023-52511
@@ -0,0 +1,15 @@
+Description: spi: sun6i: reduce DMA RX transfer width to single byte
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.6-rc1) [171f8a49f212e87a8b04087568e1b3d132e36a18]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [e15bb292b24630ee832bfc7fd616bd72c7682bbb]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52515 b/active/CVE-2023-52515
new file mode 100644
index 00000000..6ae6c9fe
--- /dev/null
+++ b/active/CVE-2023-52515
@@ -0,0 +1,16 @@
+Description: RDMA/srp: Do not call scsi_done() from srp_abort()
+References:
+Notes:
+ carnil> Introduced in d8536670916a ("IB/srp: Avoid having aborted requests hang").
+ carnil> Vulnerable versions: 3.0.45 3.2.32 3.4.13 3.5.6 3.6.1 3.7-rc1.
+Bugs:
+upstream: released (6.6-rc5) [e193b7955dfad68035b983a0011f4ef3590c85eb]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.57) [2b298f9181582270d5e95774e5a6c7a7fb5b1206]
+5.10-upstream-stable: released (5.10.199) [26788a5b48d9d5cd3283d777d238631c8cd7495a]
+4.19-upstream-stable: needed
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52516 b/active/CVE-2023-52516
new file mode 100644
index 00000000..3b53c332
--- /dev/null
+++ b/active/CVE-2023-52516
@@ -0,0 +1,15 @@
+Description: dma-debug: don't call __dma_entry_alloc_check_leak() under free_entries_lock
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.6-rc1) [fb5a4315591dae307a65fc246ca80b5159d296e1]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [be8f49029eca3efbad0d74dbff3cb9129994ffab]
+5.10-upstream-stable: released (5.10.198) [c79300599923daaa30f417c75555d5566b3d31ae]
+4.19-upstream-stable: needed
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52517 b/active/CVE-2023-52517
new file mode 100644
index 00000000..bb07d8ca
--- /dev/null
+++ b/active/CVE-2023-52517
@@ -0,0 +1,15 @@
+Description: spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.6-rc1) [1f11f4202caf5710204d334fe63392052783876d]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [36b29974a7ad2ff604c24ad348f940506c7b1209]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52522 b/active/CVE-2023-52522
new file mode 100644
index 00000000..886a1751
--- /dev/null
+++ b/active/CVE-2023-52522
@@ -0,0 +1,16 @@
+Description: net: fix possible store tearing in neigh_periodic_work()
+References:
+Notes:
+ carnil> Introduced in 767e97e1e0db ("neigh: RCU conversion of struct neighbour").
+ carnil> Vulnerable versions: 2.6.37-rc1.
+Bugs:
+upstream: released (6.6-rc5) [25563b581ba3a1f263a00e8c9a97f5e7363be6fd]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.57) [f82aac8162871e87027692b36af335a2375d4580]
+5.10-upstream-stable: released (5.10.198) [2ea52a2fb8e87067e26bbab4efb8872639240eb0]
+4.19-upstream-stable: needed
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52530 b/active/CVE-2023-52530
new file mode 100644
index 00000000..f1366a77
--- /dev/null
+++ b/active/CVE-2023-52530
@@ -0,0 +1,17 @@
+Description: wifi: mac80211: fix potential key use-after-free
+References:
+Notes:
+ carnil> Introduced in fdf7cb4185b6 ("mac80211: accept key reinstall without changing
+ carnil> anything"). Vulnerable versions: 3.2.95 3.16.50 3.18.82 4.1.47 4.4.99 4.9.63
+ carnil> 4.13.14 4.14-rc6.
+Bugs:
+upstream: released (6.6-rc5) [31db78a4923ef5e2008f2eed321811ca79e7f71b]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.57) [2f4e16e39e4f5e78248dd9e51276a83203950b36]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52531 b/active/CVE-2023-52531
new file mode 100644
index 00000000..5b5a07a9
--- /dev/null
+++ b/active/CVE-2023-52531
@@ -0,0 +1,16 @@
+Description: wifi: iwlwifi: mvm: Fix a memory corruption issue
+References:
+Notes:
+ carnil> Introduced in 8ca151b568b6 ("iwlwifi: add the MVM driver"). Vulnerable
+ carnil> versions: 3.9-rc1.
+Bugs:
+upstream: released (6.6-rc5) [8ba438ef3cacc4808a63ed0ce24d4f0942cfe55d]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.57) [6b3223449c959a8be94a1f042288059e40fcccb0]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52561 b/active/CVE-2023-52561
new file mode 100644
index 00000000..a5fba1ab
--- /dev/null
+++ b/active/CVE-2023-52561
@@ -0,0 +1,15 @@
+Description: arm64: dts: qcom: sdm845-db845c: Mark cont splash memory region as reserved
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.6-rc1) [110e70fccce4f22b53986ae797d665ffb1950aa6]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [dc1ab6577475b0460ba4261cd9caec37bd62ca0b]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52569 b/active/CVE-2023-52569
new file mode 100644
index 00000000..4fbfc801
--- /dev/null
+++ b/active/CVE-2023-52569
@@ -0,0 +1,15 @@
+Description: btrfs: remove BUG() after failure to insert delayed dir index item
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.6-rc2) [2c58c3931ede7cd08cbecf1f1a4acaf0a04a41a9]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [39c4a9522db0072570d602e9b365119e17fb9f4f]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52572 b/active/CVE-2023-52572
new file mode 100644
index 00000000..bfae580c
--- /dev/null
+++ b/active/CVE-2023-52572
@@ -0,0 +1,17 @@
+Description: cifs: Fix UAF in cifs_demultiplex_thread()
+References:
+Notes:
+ carnil> Introduced in ec637e3ffb6b ("[CIFS] Avoid extra large buffer allocation (and
+ carnil> memcpy) in cifs_readpages"). Vulnerable versions: 2.6.16-rc2.
+ bwh> Duplicate of CVE-2023-1192.
+Bugs:
+upstream: released (6.6-rc3) [d527f51331cace562393a8038d870b3e9916686f]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [908b3b5e97d25e879de3d1f172a255665491c2c3]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52583 b/active/CVE-2023-52583
new file mode 100644
index 00000000..c8d66aec
--- /dev/null
+++ b/active/CVE-2023-52583
@@ -0,0 +1,15 @@
+Description: ceph: fix deadlock or deadcode of misusing dget()
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [b493ad718b1f0357394d2cdecbf00a44a36fa085]
+6.7-upstream-stable: released (6.7.4) [76cb2aa3421fee4fde706dec41b1344bc0a9ad67]
+6.6-upstream-stable: released (6.6.16) [196b87e5c00ce021e164a5de0f0d04f4116a9160]
+6.1-upstream-stable: released (6.1.77) [7f2649c94264d00df6b6ac27161e9f4372a3450e]
+5.10-upstream-stable: released (5.10.210) [e016e358461b89b231626fcf78c5c38e35c44fd3]
+4.19-upstream-stable: released (4.19.307) [eb55ba8aa7fb7aad54f40fbf4d8dcdfdba0bebf6]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: pending (4.19.309-1)
diff --git a/active/CVE-2023-52584 b/active/CVE-2023-52584
new file mode 100644
index 00000000..c3303f33
--- /dev/null
+++ b/active/CVE-2023-52584
@@ -0,0 +1,15 @@
+Description: spmi: mediatek: Fix UAF on device remove
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [e821d50ab5b956ed0effa49faaf29912fd4106d9]
+6.7-upstream-stable: released (6.7.4) [9a3881b1f07db1bb55cb0108e6f05cfd027eaf2e]
+6.6-upstream-stable: released (6.6.16) [f8dcafcb54632536684336161da8bdd52120f95e]
+6.1-upstream-stable: released (6.1.77) [521f28eedd6b14228c46e3b81e3bf9b90c2818d8]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52585 b/active/CVE-2023-52585
new file mode 100644
index 00000000..18545382
--- /dev/null
+++ b/active/CVE-2023-52585
@@ -0,0 +1,15 @@
+Description: drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [b8d55a90fd55b767c25687747e2b24abd1ef8680]
+6.7-upstream-stable: released (6.7.4) [195a6289282e039024ad30ba66e6f94a4d0fbe49]
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52586 b/active/CVE-2023-52586
new file mode 100644
index 00000000..bc9ee5c9
--- /dev/null
+++ b/active/CVE-2023-52586
@@ -0,0 +1,15 @@
+Description: drm/msm/dpu: Add mutex lock in control vblank irq
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [45284ff733e4caf6c118aae5131eb7e7cf3eea5a]
+6.7-upstream-stable: released (6.7.4) [14f109bf74dd67e1d0469fed859c8e506b0df53f]
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52587 b/active/CVE-2023-52587
new file mode 100644
index 00000000..f02c50c7
--- /dev/null
+++ b/active/CVE-2023-52587
@@ -0,0 +1,15 @@
+Description: IB/ipoib: Fix mcast list locking
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [4f973e211b3b1c6d36f7c6a19239d258856749f9]
+6.7-upstream-stable: released (6.7.4) [7c7bd4d561e9dc6f5b7df9e184974915f6701a89]
+6.6-upstream-stable: released (6.6.16) [342258fb46d66c1b4c7e2c3717ac01e10c03cf18]
+6.1-upstream-stable: released (6.1.77) [5108a2dc2db5630fb6cd58b8be80a0c134bc310a]
+5.10-upstream-stable: released (5.10.210) [ac2630fd3c90ffec34a0bfc4d413668538b0e8f2]
+4.19-upstream-stable: released (4.19.307) [4c8922ae8eb8dcc1e4b7d1059d97a8334288d825]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: pending (4.19.309-1)
diff --git a/active/CVE-2023-52588 b/active/CVE-2023-52588
new file mode 100644
index 00000000..6cd25994
--- /dev/null
+++ b/active/CVE-2023-52588
@@ -0,0 +1,15 @@
+Description: f2fs: fix to tag gcing flag on page during block migration
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [4961acdd65c956e97c1a000c82d91a8c1cdbe44b]
+6.7-upstream-stable: released (6.7.4) [b8094c0f1aae329b1c60a275a780d6c2c9ff7aa3]
+6.6-upstream-stable: released (6.6.16) [417b8a91f4e8831cadaf85c3f15c6991c1f54dde]
+6.1-upstream-stable: released (6.1.77) [7c972c89457511007dfc933814c06786905e515c]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52589 b/active/CVE-2023-52589
new file mode 100644
index 00000000..2a0487bc
--- /dev/null
+++ b/active/CVE-2023-52589
@@ -0,0 +1,15 @@
+Description: media: rkisp1: Fix IRQ disable race issue
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [870565f063a58576e8a4529f122cac4325c6b395]
+6.7-upstream-stable: released (6.7.4) [7bb1a2822aa2c2de4e09bf7c56dd93bd532f1fa7]
+6.6-upstream-stable: released (6.6.16) [fab483438342984f2a315fe13c882a80f0f7e545]
+6.1-upstream-stable: released (6.1.77) [bf808f58681cab64c81cd814551814fd34e540fe]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52590 b/active/CVE-2023-52590
new file mode 100644
index 00000000..70f42503
--- /dev/null
+++ b/active/CVE-2023-52590
@@ -0,0 +1,15 @@
+Description: ocfs2: Avoid touching renamed directory if parent does not change
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [9d618d19b29c2943527e3a43da0a35aea91062fc]
+6.7-upstream-stable: released (6.7.4) [de940cede3c41624e2de27f805b490999f419df9]
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52591 b/active/CVE-2023-52591
new file mode 100644
index 00000000..e64774f9
--- /dev/null
+++ b/active/CVE-2023-52591
@@ -0,0 +1,15 @@
+Description: reiserfs: Avoid touching renamed directory if parent does not change
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [49db9b1b86a82448dfaf3fcfefcf678dee56c8ed]
+6.7-upstream-stable: released (6.7.4) [c04c162f82ac403917780eb6d1654694455d4e7c]
+6.6-upstream-stable: released (6.6.16) [17e1361cb91dc1325834da95d2ab532959d2debc]
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52593 b/active/CVE-2023-52593
new file mode 100644
index 00000000..35996b7e
--- /dev/null
+++ b/active/CVE-2023-52593
@@ -0,0 +1,15 @@
+Description: wifi: wfx: fix possible NULL pointer dereference in wfx_set_mfp_ap()
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [fe0a7776d4d19e613bb8dd80fe2d78ae49e8b49d]
+6.7-upstream-stable: released (6.7.4) [3739121443f5114c6bcf6d841a5124deb006b878]
+6.6-upstream-stable: released (6.6.16) [9ab224744a47363f74ea29c6894c405e3bcf5132]
+6.1-upstream-stable: released (6.1.77) [574dcd3126aa2eed75437137843f254b1190dd03]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52594 b/active/CVE-2023-52594
new file mode 100644
index 00000000..ea0268d6
--- /dev/null
+++ b/active/CVE-2023-52594
@@ -0,0 +1,15 @@
+Description: wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [2adc886244dff60f948497b59affb6c6ebb3c348]
+6.7-upstream-stable: released (6.7.4) [be609c7002dd4504b15b069cb7582f4c778548d1]
+6.6-upstream-stable: released (6.6.16) [e4f4bac7d3b64eb75f70cd3345712de6f68a215d]
+6.1-upstream-stable: released (6.1.77) [25c6f49ef59b7a9b80a3f7ab9e95268a1b01a234]
+5.10-upstream-stable: released (5.10.210) [84770a996ad8d7f121ff2fb5a8d149aad52d64c1]
+4.19-upstream-stable: released (4.19.307) [f44f073c78112ff921a220d01b86d09f2ace59bc]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: pending (4.19.309-1)
diff --git a/active/CVE-2023-52595 b/active/CVE-2023-52595
new file mode 100644
index 00000000..d65b9e5a
--- /dev/null
+++ b/active/CVE-2023-52595
@@ -0,0 +1,15 @@
+Description: wifi: rt2x00: restart beacon queue when hardware reset
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [a11d965a218f0cd95b13fe44d0bcd8a20ce134a8]
+6.7-upstream-stable: released (6.7.4) [fdb580ed05df8973aa5149cafa598c64bebcd0cb]
+6.6-upstream-stable: released (6.6.16) [04cfe4a5da57ab9358cdfadea22bcb37324aaf83]
+6.1-upstream-stable: released (6.1.77) [739b3ccd9486dff04af95f9a890846d088a84957]
+5.10-upstream-stable: released (5.10.210) [69e905beca193125820c201ab3db4fb0e245124e]
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52596 b/active/CVE-2023-52596
new file mode 100644
index 00000000..9c8607fd
--- /dev/null
+++ b/active/CVE-2023-52596
@@ -0,0 +1,15 @@
+Description: sysctl: Fix out of bounds access for empty sysctl registers
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [315552310c7de92baea4e570967066569937a843]
+6.7-upstream-stable: released (6.7.4) [2ae7081bc10123b187e36a4f3a8e53768de31489]
+6.6-upstream-stable: released (6.6.16) [15893975e9e382f8294ea8d926f08dc2d8d39ede]
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52597 b/active/CVE-2023-52597
new file mode 100644
index 00000000..06865fb5
--- /dev/null
+++ b/active/CVE-2023-52597
@@ -0,0 +1,15 @@
+Description: KVM: s390: fix setting of fpc register
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [b988b1bb0053c0dcd26187d29ef07566a565cf55]
+6.7-upstream-stable: released (6.7.4) [2823db0010c400e4b2b12d02aa5d0d3ecb15d7c7]
+6.6-upstream-stable: released (6.6.16) [c87d7d910775a025e230fd6359b60627e392460f]
+6.1-upstream-stable: released (6.1.77) [0671f42a9c1084db10d68ac347d08dbf6689ecb3]
+5.10-upstream-stable: released (5.10.210) [150a3a3871490e8c454ffbac2e60abeafcecff99]
+4.19-upstream-stable: released (4.19.307) [3a04410b0bc7e056e0843ac598825dd359246d18]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: ignored "s390 not supported in LTS"
diff --git a/active/CVE-2023-52598 b/active/CVE-2023-52598
new file mode 100644
index 00000000..f073fdcf
--- /dev/null
+++ b/active/CVE-2023-52598
@@ -0,0 +1,15 @@
+Description: s390/ptrace: handle setting of fpc register correctly
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [8b13601d19c541158a6e18b278c00ba69ae37829]
+6.7-upstream-stable: released (6.7.4) [bdce67df7f12fb0409fbc604ce7c4254703f56d4]
+6.6-upstream-stable: released (6.6.16) [02c6bbfb08bad78dd014e24c7b893723c15ec7a1]
+6.1-upstream-stable: released (6.1.77) [7a4d6481fbdd661f9e40e95febb95e3dee82bad3]
+5.10-upstream-stable: released (5.10.210) [856caf2730ea18cb39e95833719c02a02447dc0a]
+4.19-upstream-stable: released (4.19.307) [6ccf904aac0292e1f6b1a1be6c407c414f7cf713]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: ignored "s390 not supported in LTS"
diff --git a/active/CVE-2023-52599 b/active/CVE-2023-52599
new file mode 100644
index 00000000..7352941d
--- /dev/null
+++ b/active/CVE-2023-52599
@@ -0,0 +1,15 @@
+Description: jfs: fix array-index-out-of-bounds in diNewExt
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [49f9637aafa6e63ba686c13cb8549bf5e6920402]
+6.7-upstream-stable: released (6.7.4) [5a6660139195f5e2fbbda459eeecb8788f3885fe]
+6.6-upstream-stable: released (6.6.16) [6996d43b14486f4a6655b10edc541ada1b580b4b]
+6.1-upstream-stable: released (6.1.77) [3537f92cd22c672db97fae6997481e678ad14641]
+5.10-upstream-stable: released (5.10.210) [e2b77d107b33bb31c8b1f5c4cb8f277b23728f1e]
+4.19-upstream-stable: released (4.19.307) [f423528488e4f9606cef858eceea210bf1163f41]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: pending (4.19.309-1)
diff --git a/active/CVE-2023-52600 b/active/CVE-2023-52600
new file mode 100644
index 00000000..3ce30313
--- /dev/null
+++ b/active/CVE-2023-52600
@@ -0,0 +1,15 @@
+Description: jfs: fix uaf in jfs_evict_inode
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [e0e1958f4c365e380b17ccb35617345b31ef7bf3]
+6.7-upstream-stable: released (6.7.4) [bacdaa04251382d7efd4f09f9a0686bfcc297e2e]
+6.6-upstream-stable: released (6.6.16) [1696d6d7d4a1b373e96428d0fe1166bd7c3c795e]
+6.1-upstream-stable: released (6.1.77) [32e8f2d95528d45828c613417cb2827d866cbdce]
+5.10-upstream-stable: released (5.10.210) [bc6ef64dbe71136f327d63b2b9071b828af2c2a8]
+4.19-upstream-stable: released (4.19.307) [81b4249ef37297fb17ba102a524039a05c6c5d35]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: pending (4.19.309-1)
diff --git a/active/CVE-2023-52601 b/active/CVE-2023-52601
new file mode 100644
index 00000000..e9ec0a8c
--- /dev/null
+++ b/active/CVE-2023-52601
@@ -0,0 +1,15 @@
+Description: jfs: fix array-index-out-of-bounds in dbAdjTree
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [74ecdda68242b174920fe7c6133a856fb7d8559b]
+6.7-upstream-stable: released (6.7.4) [fc67a2e18f4c4e3f07e9f9ae463da24530470e73]
+6.6-upstream-stable: released (6.6.16) [2e16a1389b5a7983b45cb2aa20b0e3f0ee364d6c]
+6.1-upstream-stable: released (6.1.77) [70780914cb57e2ba711e0ac1b677aaaa75103603]
+5.10-upstream-stable: released (5.10.210) [2037cb9d95f1741885f7daf50e8a028c4ade5317]
+4.19-upstream-stable: released (4.19.307) [3d3898b4d72c677d47fe3cb554449f2df5c12555]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: pending (4.19.309-1)
diff --git a/active/CVE-2023-52602 b/active/CVE-2023-52602
new file mode 100644
index 00000000..1e310acf
--- /dev/null
+++ b/active/CVE-2023-52602
@@ -0,0 +1,15 @@
+Description: jfs: fix slab-out-of-bounds Read in dtSearch
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [fa5492ee89463a7590a1449358002ff7ef63529f]
+6.7-upstream-stable: released (6.7.4) [bff9d4078a232c01e42e9377d005fb2f4d31a472]
+6.6-upstream-stable: released (6.6.16) [7110650b85dd2f1cee819acd1345a9013a1a62f7]
+6.1-upstream-stable: released (6.1.77) [cab0c265ba182fd266c2aa3c69d7e40640a7f612]
+5.10-upstream-stable: released (5.10.210) [1c40ca3d39d769931b28295b3145c25f1decf5a6]
+4.19-upstream-stable: released (4.19.307) [ce8bc22e948634a5c0a3fa58a179177d0e3f3950]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: pending (4.19.309-1)
diff --git a/active/CVE-2023-52603 b/active/CVE-2023-52603
new file mode 100644
index 00000000..47b5a6eb
--- /dev/null
+++ b/active/CVE-2023-52603
@@ -0,0 +1,15 @@
+Description: UBSAN: array-index-out-of-bounds in dtSplitRoot
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [27e56f59bab5ddafbcfe69ad7a4a6ea1279c1b16]
+6.7-upstream-stable: released (6.7.4) [6e2902ecc77e9760a9fc447f56d598383e2372d2]
+6.6-upstream-stable: released (6.6.16) [edff092a59260bf0b0a2eba219cb3da6372c2f9f]
+6.1-upstream-stable: released (6.1.77) [e4cbc857d75d4e22a1f75446e7480b1f305d8d60]
+5.10-upstream-stable: released (5.10.210) [7aa33854477d9c346f5560a1a1fcb3fe7783e2a8]
+4.19-upstream-stable: released (4.19.307) [e30b52a2ea3d1e0aaee68096957cf90a2f4ec5af]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: pending (4.19.309-1)
diff --git a/active/CVE-2023-52604 b/active/CVE-2023-52604
new file mode 100644
index 00000000..a55a0c11
--- /dev/null
+++ b/active/CVE-2023-52604
@@ -0,0 +1,15 @@
+Description: FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [9862ec7ac1cbc6eb5ee4a045b5d5b8edbb2f7e68]
+6.7-upstream-stable: released (6.7.4) [59342822276f753e49d27ef5eebffbba990572b9]
+6.6-upstream-stable: released (6.6.16) [6a44065dd604972ec1fbcccbdc4a70d266a89cdd]
+6.1-upstream-stable: released (6.1.77) [42f433785f108893de0dd5260bafb85d7d51db03]
+5.10-upstream-stable: released (5.10.210) [de34de6e57bbbc868e4fcf9e98c76b3587cabb0b]
+4.19-upstream-stable: released (4.19.307) [e3e95c6850661c77e6dab079d9b5374a618ebb15]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: pending (4.19.309-1)
diff --git a/active/CVE-2023-52606 b/active/CVE-2023-52606
new file mode 100644
index 00000000..ddfff9f4
--- /dev/null
+++ b/active/CVE-2023-52606
@@ -0,0 +1,15 @@
+Description: powerpc/lib: Validate size for vector operations
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [8f9abaa6d7de0a70fc68acaedce290c1f96e2e59]
+6.7-upstream-stable: released (6.7.4) [848e1d7fd710900397e1d0e7584680c1c04e3afd]
+6.6-upstream-stable: released (6.6.16) [28b8ba8eebf26f66d9f2df4ba550b6b3b136082c]
+6.1-upstream-stable: released (6.1.77) [abd26515d4b767ba48241eea77b28ce0872aef3e]
+5.10-upstream-stable: released (5.10.210) [beee482cc4c9a6b1dcffb2e190b4fd8782258678]
+4.19-upstream-stable: released (4.19.307) [42084a428a139f1a429f597d44621e3a18f3e414]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: ignored "powerpc not supported in LTS"
diff --git a/active/CVE-2023-52607 b/active/CVE-2023-52607
new file mode 100644
index 00000000..9425ec40
--- /dev/null
+++ b/active/CVE-2023-52607
@@ -0,0 +1,15 @@
+Description: powerpc/mm: Fix null-pointer dereference in pgtable_cache_add
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [f46c8a75263f97bda13c739ba1c90aced0d3b071]
+6.7-upstream-stable: released (6.7.4) [ffd29dc45bc0355393859049f6becddc3ed08f74]
+6.6-upstream-stable: released (6.6.16) [145febd85c3bcc5c74d87ef9a598fc7d9122d532]
+6.1-upstream-stable: released (6.1.77) [d482d61025e303a2bef3733a011b6b740215cfa1]
+5.10-upstream-stable: released (5.10.210) [aa28eecb43cac6e20ef14dfc50b8892c1fbcda5b]
+4.19-upstream-stable: released (4.19.307) [21e45a7b08d7cd98d6a53c5fc5111879f2d96611]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: ignored "powerpc not supported in LTS"
diff --git a/active/CVE-2023-52608 b/active/CVE-2023-52608
new file mode 100644
index 00000000..8bc9d29b
--- /dev/null
+++ b/active/CVE-2023-52608
@@ -0,0 +1,16 @@
+Description: firmware: arm_scmi: Check mailbox/SMT channel for consistency
+References:
+Notes:
+ carnil> Introduced in 5c8a47a5a91d ("firmware: arm_scmi: Make scmi core independent of
+ carnil> the transport type"). Vulnerable versions: 5.7-rc1.
+Bugs:
+upstream: released (6.8-rc2) [437a310b22244d4e0b78665c3042e5d1c0f45306]
+6.7-upstream-stable: released (6.7.3) [12dc4217f16551d6dee9cbefc23fdb5659558cda]
+6.6-upstream-stable: released (6.6.15) [9b5e1b93c83ee5fc9f5d7bd2d45b421bd87774a2]
+6.1-upstream-stable: released (6.1.76) [7f95f6997f4fdd17abec3200cae45420a5489350]
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2023-52609 b/active/CVE-2023-52609
new file mode 100644
index 00000000..c9d98235
--- /dev/null
+++ b/active/CVE-2023-52609
@@ -0,0 +1,16 @@
+Description: binder: fix race between mmput() and do_exit()
+References:
+Notes:
+ carnil> Introduced in 457b9a6f09f0 ("Staging: android: add binder driver"). Vulnerable
+ carnil> versions: 2.6.29-rc1.
+Bugs:
+upstream: released (6.8-rc1) [9a9ab0d963621d9d12199df9817e66982582d5a5]
+6.7-upstream-stable: released (6.7.2) [77d210e8db4d61d43b2d16df66b1ec46fad2ee01]
+6.6-upstream-stable: released (6.6.14) [67f16bf2cc1698fd50e01ee8a2becc5a8e6d3a3e]
+6.1-upstream-stable: released (6.1.75) [6696f76c32ff67fec26823fc2df46498e70d9bf3]
+5.10-upstream-stable: released (5.10.209) [7e7a0d86542b0ea903006d3f42f33c4f7ead6918]
+4.19-upstream-stable: released (4.19.306) [95b1d336b0642198b56836b89908d07b9a0c9608]
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: released (5.10.209-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52610 b/active/CVE-2023-52610
new file mode 100644
index 00000000..9c806ea3
--- /dev/null
+++ b/active/CVE-2023-52610
@@ -0,0 +1,16 @@
+Description: net/sched: act_ct: fix skb leak and crash on ooo frags
+References:
+Notes:
+ carnil> Introduced in b57dc7c13ea9 ("net/sched: Introduce action ct"). Vulnerable
+ carnil> versions: 5.3-rc1.
+Bugs:
+upstream: released (6.8-rc1) [3f14b377d01d8357eba032b4cabc8c1149b458b6]
+6.7-upstream-stable: released (6.7.2) [f5346df0591d10bc948761ca854b1fae6d2ef441]
+6.6-upstream-stable: released (6.6.14) [73f7da5fd124f2cda9161e2e46114915e6e82e97]
+6.1-upstream-stable: released (6.1.75) [0b5b831122fc3789fff75be433ba3e4dd7b779d4]
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2023-52612 b/active/CVE-2023-52612
new file mode 100644
index 00000000..e6d41177
--- /dev/null
+++ b/active/CVE-2023-52612
@@ -0,0 +1,16 @@
+Description: crypto: scomp - fix req->dst buffer overflow
+References:
+Notes:
+ carnil> Introduced in 1ab53a77b772 ("crypto: acomp - add driver-side scomp interface").
+ carnil> Vulnerable versions: 4.10-rc1.
+Bugs:
+upstream: released (6.8-rc1) [744e1885922a9943458954cfea917b31064b4131]
+6.7-upstream-stable: released (6.7.2) [71c6670f9f032ec67d8f4e3f8db4646bf5a62883]
+6.6-upstream-stable: released (6.6.14) [7d9e5bed036a7f9e2062a137e97e3c1e77fb8759]
+6.1-upstream-stable: released (6.1.75) [4df0c942d04a67df174195ad8082f6e30e7f71a5]
+5.10-upstream-stable: released (5.10.209) [4518dc468cdd796757190515a9be7408adc8911e]
+4.19-upstream-stable: released (4.19.306) [1142d65c5b881590962ad763f94505b6dd67d2fe]
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: released (5.10.209-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52614 b/active/CVE-2023-52614
new file mode 100644
index 00000000..c74f8aed
--- /dev/null
+++ b/active/CVE-2023-52614
@@ -0,0 +1,16 @@
+Description: PM / devfreq: Fix buffer overflow in trans_stat_show
+References:
+Notes:
+ carnil> Introduced in e552bbaf5b98 ("PM / devfreq: Add sysfs node for representing
+ carnil> frequency transition information."). Vulnerable versions: 3.8-rc1.
+Bugs:
+upstream: released (6.8-rc1) [08e23d05fa6dc4fc13da0ccf09defdd4bbc92ff4]
+6.7-upstream-stable: released (6.7.3) [eaef4650fa2050147ca25fd7ee43bc0082e03c87]
+6.6-upstream-stable: released (6.6.15) [a979f56aa4b93579cf0e4265ae04d7e9300fd3e8]
+6.1-upstream-stable: released (6.1.76) [8a7729cda2dd276d7a3994638038fb89035b6f2c]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52615 b/active/CVE-2023-52615
new file mode 100644
index 00000000..b25db1ea
--- /dev/null
+++ b/active/CVE-2023-52615
@@ -0,0 +1,16 @@
+Description: hwrng: core - Fix page fault dead lock on mmap-ed hwrng
+References:
+Notes:
+ carnil> Introduced in 9996508b3353 ("hwrng: core - Replace u32 in driver API with byte
+ carnil> array"). Vulnerable versions: 2.6.33-rc1.
+Bugs:
+upstream: released (6.8-rc1) [78aafb3884f6bc6636efcc1760c891c8500b9922]
+6.7-upstream-stable: released (6.7.3) [6822a14271786150e178869f1495cc03e74c5029]
+6.6-upstream-stable: released (6.6.15) [ecabe8cd456d3bf81e92c53b074732f3140f170d]
+6.1-upstream-stable: released (6.1.76) [aa8aa16ed9adf1df05bb339d588cf485a011839e]
+5.10-upstream-stable: released (5.10.210) [c6a8111aacbfe7a8a70f46cc0de8eed00561693c]
+4.19-upstream-stable: released (4.19.307) [eafd83b92f6c044007a3591cbd476bcf90455990]
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52616 b/active/CVE-2023-52616
new file mode 100644
index 00000000..2cf3a418
--- /dev/null
+++ b/active/CVE-2023-52616
@@ -0,0 +1,16 @@
+Description: crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init
+References:
+Notes:
+ carnil> Introduced in d58bb7e55a8a ("lib/mpi: Introduce ec implementation to MPI
+ carnil> library"). Vulnerable versions: 5.10-rc1.
+Bugs:
+upstream: released (6.8-rc1) [ba3c5574203034781ac4231acf117da917efcd2a]
+6.7-upstream-stable: released (6.7.3) [7abdfd45a650c714d5ebab564bb1b988f14d9b49]
+6.6-upstream-stable: released (6.6.15) [7ebf812b7019fd2d4d5a7ca45ef4bf3a6f4bda0a]
+6.1-upstream-stable: released (6.1.79) [bb44477d4506e52785693a39f03cdc6a2c5e8598]
+5.10-upstream-stable: released (5.10.210) [0c3687822259a7628c85cd21a3445cbe3c367165]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2023-52617 b/active/CVE-2023-52617
new file mode 100644
index 00000000..dfcb481d
--- /dev/null
+++ b/active/CVE-2023-52617
@@ -0,0 +1,15 @@
+Description: PCI: switchtec: Fix stdev_release() crash after surprise hot remove
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [df25461119d987b8c81d232cfe4411e91dcabe66]
+6.7-upstream-stable: released (6.7.4) [e129c7fa7070fbce57feb0bfc5eaa65eef44b693]
+6.6-upstream-stable: released (6.6.16) [0233b836312e39a3c763fb53512b3fa455b473b3]
+6.1-upstream-stable: released (6.1.77) [1d83c85922647758c1f1e4806a4c5c3cf591a20a]
+5.10-upstream-stable: released (5.10.210) [4a5d0528cf19dbf060313dffbe047bc11c90c24c]
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52618 b/active/CVE-2023-52618
new file mode 100644
index 00000000..8754cfc4
--- /dev/null
+++ b/active/CVE-2023-52618
@@ -0,0 +1,15 @@
+Description: block/rnbd-srv: Check for unlikely string overflow
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [9e4bf6a08d1e127bcc4bd72557f2dfafc6bc7f41]
+6.7-upstream-stable: released (6.7.4) [a2c6206f18104fba7f887bf4dbbfe4c41adc4339]
+6.6-upstream-stable: released (6.6.16) [5b9ea86e662035a886ccb5c76d56793cba618827]
+6.1-upstream-stable: released (6.1.77) [af7bbdac89739e2e7380387fda598848d3b7010f]
+5.10-upstream-stable: released (5.10.210) [95bc866c11974d3e4a9d922275ea8127ff809cf7]
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52619 b/active/CVE-2023-52619
new file mode 100644
index 00000000..2ddf43d3
--- /dev/null
+++ b/active/CVE-2023-52619
@@ -0,0 +1,15 @@
+Description: pstore/ram: Fix crash when setting number of cpus to an odd number
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [d49270a04623ce3c0afddbf3e984cb245aa48e9c]
+6.7-upstream-stable: released (6.7.4) [cd40e43f870cf21726b22487a95ed223790b3542]
+6.6-upstream-stable: released (6.6.16) [0593cfd321df9001142a9d2c58d4144917dff7ee]
+6.1-upstream-stable: released (6.1.77) [75b0f71b26b3ad833c5c0670109c0af6e021e86a]
+5.10-upstream-stable: released (5.10.210) [a63e48cd835c34c38ef671d344cc029b1ea5bf10]
+4.19-upstream-stable: released (4.19.307) [8b69c30f4e8b69131d92096cb296dc1f217101e4]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52620 b/active/CVE-2023-52620
new file mode 100644
index 00000000..81f5ee41
--- /dev/null
+++ b/active/CVE-2023-52620
@@ -0,0 +1,15 @@
+Description: netfilter: nf_tables: disallow timeout for anonymous sets
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.4) [e26d3009efda338f19016df4175f354a9bd0a4ab]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.81) [b7be6c737a179a76901c872f6b4c1d00552d9a1b]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.4.4-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52621 b/active/CVE-2023-52621
new file mode 100644
index 00000000..1d40c898
--- /dev/null
+++ b/active/CVE-2023-52621
@@ -0,0 +1,15 @@
+Description: bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [169410eba271afc9f0fb476d996795aa26770c6d]
+6.7-upstream-stable: released (6.7.4) [c7f1b6146f4a46d727c0d046284c28b6882c6304]
+6.6-upstream-stable: released (6.6.16) [483cb92334cd7f1d5387dccc0ab5d595d27a669d]
+6.1-upstream-stable: released (6.1.77) [d6d6fe4bb105595118f12abeed4a7bdd450853f3]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52622 b/active/CVE-2023-52622
new file mode 100644
index 00000000..d0c76782
--- /dev/null
+++ b/active/CVE-2023-52622
@@ -0,0 +1,15 @@
+Description: ext4: avoid online resizing failures due to oversized flex bg
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [5d1935ac02ca5aee364a449a35e2977ea84509b0]
+6.7-upstream-stable: released (6.7.4) [dc3e0f55bec4410f3d74352c4a7c79f518088ee2]
+6.6-upstream-stable: released (6.6.16) [8b1413dbfe49646eda2c00c0f1144ee9d3368e0c]
+6.1-upstream-stable: released (6.1.77) [6d2cbf517dcabc093159cf138ad5712c9c7fa954]
+5.10-upstream-stable: released (5.10.210) [cfbbb3199e71b63fc26cee0ebff327c47128a1e8]
+4.19-upstream-stable: released (4.19.307) [cd1f93ca97a9136989f3bd2bf90696732a2ed644]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52623 b/active/CVE-2023-52623
new file mode 100644
index 00000000..e8c9bfed
--- /dev/null
+++ b/active/CVE-2023-52623
@@ -0,0 +1,15 @@
+Description: SUNRPC: Fix a suspicious RCU usage warning
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [31b62908693c90d4d07db597e685d9f25a120073]
+6.7-upstream-stable: released (6.7.4) [8f860c8407470baff2beb9982ad6b172c94f1d0a]
+6.6-upstream-stable: released (6.6.16) [69c7eeb4f622c2a28da965f970f982db171f3dc6]
+6.1-upstream-stable: released (6.1.77) [e8ca3e73301e23e8c0ac0ce2e6bac4545cd776e0]
+5.10-upstream-stable: released (5.10.210) [c430e6bb43955c6bf573665fcebf31694925b9f7]
+4.19-upstream-stable: released (4.19.307) [fece80a2a6718ed58487ce397285bb1b83a3e54e]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52624 b/active/CVE-2023-52624
new file mode 100644
index 00000000..85664e8e
--- /dev/null
+++ b/active/CVE-2023-52624
@@ -0,0 +1,15 @@
+Description: drm/amd/display: Wake DMCUB before executing GPINT commands
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [e5ffd1263dd5b44929c676171802e7b6af483f21]
+6.7-upstream-stable: released (6.7.3) [2ef98c6d753a744e333b7e34b9cf687040fba57d]
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52625 b/active/CVE-2023-52625
new file mode 100644
index 00000000..06754870
--- /dev/null
+++ b/active/CVE-2023-52625
@@ -0,0 +1,15 @@
+Description: drm/amd/display: Refactor DMCUB enter/exit idle interface
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [8e57c06bf4b0f51a4d6958e15e1a99c9520d00fa]
+6.7-upstream-stable: released (6.7.3) [820c3870c491946a78950cdf961bf40e28c1025f]
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52627 b/active/CVE-2023-52627
new file mode 100644
index 00000000..4e03b9ce
--- /dev/null
+++ b/active/CVE-2023-52627
@@ -0,0 +1,16 @@
+Description: iio: adc: ad7091r: Allow users to configure device events
+References:
+Notes:
+ carnil> Introduced in ca69300173b6 ("iio: adc: Add support for AD7091R5 ADC").
+ carnil> Vulnerable versions: 5.6-rc1.
+Bugs:
+upstream: released (6.8-rc1) [020e71c7ffc25dfe29ed9be6c2d39af7bd7f661f]
+6.7-upstream-stable: released (6.7.3) [55aca2ce91a63740278502066beaddbd841af9c6]
+6.6-upstream-stable: released (6.6.15) [89c4e63324e208a23098f7fb15c00487cecbfed2]
+6.1-upstream-stable: released (6.1.76) [137568aa540a9f587c48ff7d4c51cdba08cfe9a4]
+5.10-upstream-stable: released (5.10.210) [1eba6f7ffa295a0eec098c107043074be7cc4ec5]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2023-52628 b/active/CVE-2023-52628
new file mode 100644
index 00000000..c01bc919
--- /dev/null
+++ b/active/CVE-2023-52628
@@ -0,0 +1,20 @@
+Description: netfilter: nftables: exthdr: fix 4-byte stack OOB write
+References:
+Notes:
+ carnil> Introduced in 49499c3e6e18 ("netfilter: nf_tables: switch registers to 32 bit
+ carnil> addressing")
+ carnil> 935b7f643018 ("netfilter: nft_exthdr: add TCP option matching")
+ carnil> 133dc203d77d ("netfilter: nft_exthdr: Support SCTP chunks")
+ carnil> dbb5281a1f84 ("netfilter: nf_tables: add support for matching IPv4 options").
+ carnil> Vulnerable versions: 4.1-rc1 4.11-rc1 5.3-rc1 5.10.198 5.14-rc1.
+Bugs:
+upstream: released (6.6-rc1) [fd94d9dadee58e09b49075240fe83423eb1dcd36]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.54) [d9ebfc0f21377690837ebbd119e679243e0099cc]
+5.10-upstream-stable: released (5.10.198) [a7d86a77c33ba1c357a7504341172cc1507f0698]
+4.19-upstream-stable: needed
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.55-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2023-6039 b/active/CVE-2023-6039
new file mode 100644
index 00000000..4d5ef27e
--- /dev/null
+++ b/active/CVE-2023-6039
@@ -0,0 +1,14 @@
+Description: net: usb: lan78xx: reorder cleanup operations to avoid UAF bugs
+References:
+Notes:
+ carnil> Commit fixes 77dfff5bb7e2 ("lan78xx: Fix race condition in
+ carnil> disconnect handling") in 5.15-rc1.
+Bugs:
+upstream: released (6.5-rc5) [1e7417c188d0a83fb385ba2dbe35fd2563f2b6f3]
+6.1-upstream-stable: needed
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.4.11-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2023-6040 b/active/CVE-2023-6040
new file mode 100644
index 00000000..94368f40
--- /dev/null
+++ b/active/CVE-2023-6040
@@ -0,0 +1,13 @@
+Description: netfilter: nf_tables: Reject tables of unsupported family
+References:
+ https://www.openwall.com/lists/oss-security/2024/01/12/1
+Notes:
+Bugs:
+upstream: released (5.18-rc1) [f1082dd31fe461d482d69da2a8eccfeb7bf07ac2]
+6.1-upstream-stable: N/A "Fixed before branch point"
+5.10-upstream-stable: released (5.10.208) [25d1e7be85cf0a5afca5555f90e4609c40480ece]
+4.19-upstream-stable: released (4.19.305) [087d38ae0fd5a9a41b949e97601b4b0d09336f19]
+sid: released (5.18.2-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.209-1)
+4.19-buster-security: pending (4.19.309-1)
diff --git a/active/CVE-2023-6121 b/active/CVE-2023-6121
new file mode 100644
index 00000000..07dd86f2
--- /dev/null
+++ b/active/CVE-2023-6121
@@ -0,0 +1,18 @@
+Description: nvmet: nul-terminate the NQNs passed in the connect command
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2250043
+ https://lore.kernel.org/linux-nvme/b58a2dc6-cc8f-4d19-9efe-e1d5b4505efc@nvidia.com/T/
+ https://lore.kernel.org/linux-nvme/CAK5usQvxAyC3LJ4OnqerS1P0JpbfFr9uRZmq6Jb4QhaB7AQCoQ@mail.gmail.com/T/
+Notes:
+ carnil> Introduced with a07b4970f464 "nvmet: add a generic NVMe
+ carnil> target") in 4.8-rc1.
+ carnil> For 6.6.y fixed as well in 6.6.4.
+Bugs:
+upstream: released (6.7-rc3) [1c22e0295a5eb571c27b53c7371f95699ef705ff]
+6.1-upstream-stable: released (6.1.65) [0e485f12ebb7b69b67c7f85195a1b4aad95d354a]
+5.10-upstream-stable: released (5.10.203) [2be451e7a2f124899546c1bb5c6d509a927968c8]
+4.19-upstream-stable: needed
+sid: released (6.6.8-1)
+6.1-bookworm-security: released (6.1.64-1) [bugfix/all/nvmet-nul-terminate-the-NQNs-passed-in-the-connect-c.patch]
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2023-6238 b/active/CVE-2023-6238
new file mode 100644
index 00000000..c4579f2c
--- /dev/null
+++ b/active/CVE-2023-6238
@@ -0,0 +1,20 @@
+Description: nvme: memory corruption via unprivileged user passthrough
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2250834
+ https://lore.kernel.org/linux-nvme/20231013051458.39987-1-joshi.k@samsung.com/T/#u
+ https://lore.kernel.org/linux-nvme/20231016060519.231880-1-joshi.k@samsung.com/T/#u
+Notes:
+ carnil> Issue introduced with 855b7717f44b1 ("nvme: fine-granular
+ carnil> CAP_SYS_ADMIN for nvme io commands") in 6.2-rc1.
+ carnil> To exploit the issue it's still required that root changes the
+ carnil> device node persmissions. Though this was allowed unter the
+ carnil> assumtion it was safe to allow (which turns out not to be).
+Bugs:
+upstream: needed
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2023-6240 b/active/CVE-2023-6240
new file mode 100644
index 00000000..2a83d183
--- /dev/null
+++ b/active/CVE-2023-6240
@@ -0,0 +1,15 @@
+Description: Marvin vulnerability side-channel leakage in the RSA decryption operation
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2250843
+ https://securitypitfalls.wordpress.com/2023/10/16/experiment-with-side-channel-attacks-yourself/
+ https://people.redhat.com/~hkario/marvin/
+Notes:
+Bugs:
+upstream:
+6.1-upstream-stable:
+5.10-upstream-stable:
+4.19-upstream-stable:
+sid:
+6.1-bookworm-security:
+5.10-bullseye-security:
+4.19-buster-security:
diff --git a/active/CVE-2023-6270 b/active/CVE-2023-6270
new file mode 100644
index 00000000..ec7f1f11
--- /dev/null
+++ b/active/CVE-2023-6270
@@ -0,0 +1,16 @@
+Description: AoE: improper reference count leads to use-after-free vulnerability
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2256786
+ https://www.zerodayinitiative.com/advisories/ZDI-CAN-22236/
+Notes:
+ carnil> Commit fixes 7562f876cd93 ("[NET]: Rework dev_base via
+ carnil> list_head (v3)")
+Bugs:
+upstream: released (6.9-rc1) [f98364e926626c678fb4b9004b75cacf92ff0662]
+6.1-upstream-stable: released (6.1.83) [74ca3ef68d2f449bc848c0a814cefc487bf755fa]
+5.10-upstream-stable: released (5.10.214) [faf0b4c5e00bb680e8e43ac936df24d3f48c8e65]
+4.19-upstream-stable: released (4.19.311) [ad80c34944d7175fa1f5c7a55066020002921a99]
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-6356 b/active/CVE-2023-6356
new file mode 100644
index 00000000..2617a7b8
--- /dev/null
+++ b/active/CVE-2023-6356
@@ -0,0 +1,19 @@
+Description: NULL pointer dereference in nvmet_tcp_build_iovec
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2254054
+ https://lore.kernel.org/linux-nvme/CAK5usQupQgYoyav2itYADv2XVooMptqqswW8cTkuoMkRpjapwQ@mail.gmail.com/T/#t
+Notes:
+ bwh> There has never been a nvmet_tcp_build_iovec() function in
+ bwh> nvmet, but I think this is fixed by commit efa56305908b
+ bwh> "nvmet-tcp: Fix a kernel panic when host sends an invalid
+ bwh> H2C PDU length" which mentions nvmet_tcp_build_pdu_iovec().
+ bwh> Fixed as well in 6.6.14 and 6.7.2.
+Bugs:
+upstream: released (6.8-rc1) [efa56305908ba20de2104f1b8508c6a7401833be]
+6.1-upstream-stable: released (6.1.75) [2871aa407007f6f531fae181ad252486e022df42]
+5.10-upstream-stable: released (5.10.209) [f775f2621c2ac5cc3a0b3a64665dad4fb146e510]
+4.19-upstream-stable: needed
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: released (5.10.209-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2023-6535 b/active/CVE-2023-6535
new file mode 100644
index 00000000..e585ccc3
--- /dev/null
+++ b/active/CVE-2023-6535
@@ -0,0 +1,14 @@
+Description: NULL pointer dereference in nvmet_tcp_execute_request
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2254053
+ https://lore.kernel.org/linux-nvme/89a927a6-2baf-434a-b1d5-50fb99beca73@grimberg.me/T/#t
+Notes:
+Bugs:
+upstream:
+6.1-upstream-stable:
+5.10-upstream-stable:
+4.19-upstream-stable:
+sid:
+6.1-bookworm-security:
+5.10-bullseye-security:
+4.19-buster-security:
diff --git a/active/CVE-2023-6536 b/active/CVE-2023-6536
new file mode 100644
index 00000000..e804453b
--- /dev/null
+++ b/active/CVE-2023-6536
@@ -0,0 +1,18 @@
+Description: NULL pointer dereference in __nvmet_req_complete
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2254052
+ https://lore.kernel.org/linux-nvme/69e7bbe4-b454-4941-90e2-2e6a4cf0f182@grimberg.me/T/#t
+Notes:
+ bwh> I think this is fixed by commit 0849a5441358 "nvmet-tcp:
+ bwh> fix a crash in nvmet_req_complete()"; that mentions
+ bwh> nvmet_req_complete() which is a thin wrapper for
+ bwh> __nvmet_req_complete()). Fixed as well in 6.6.14 and 6.7.2.
+Bugs:
+upstream: released (6.8-rc1) [0849a5441358cef02586fb2d60f707c0db195628]
+6.1-upstream-stable: released (6.1.75) [83ccd15717ee2b6143df72df39685f0c832e3451]
+5.10-upstream-stable: released (5.10.209) [39669fae69f302961d89f38d969c6fcc1d07eb02]
+4.19-upstream-stable: needed
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: released (5.10.209-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2023-6610 b/active/CVE-2023-6610
new file mode 100644
index 00000000..de5698d6
--- /dev/null
+++ b/active/CVE-2023-6610
@@ -0,0 +1,18 @@
+Description: smb: client: fix potential OOB in smb2_dump_detail()
+References:
+ https://bugzilla.kernel.org/show_bug.cgi?id=218219
+ https://bugzilla.redhat.com/show_bug.cgi?id=2253614
+Notes:
+ bwh> Introduced in 3.6 by commit 093b2bdad322 "CIFS: Make
+ bwh> demultiplex_thread work with SMB2 code". We don't enable
+ bwh> CONFIG_CIFS_DEBUG2 so only custom kernels are affected.
+ carnil> For 6.6.y fixed as well in 6.6.13.
+Bugs:
+upstream: released (6.7-rc7) [567320c46a60a3c39b69aa1df802d753817a3f86]
+6.1-upstream-stable: released (6.1.74) [5411e3292792be7dafd1fe948a87e3ca29c1f550]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.6.13-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-6915 b/active/CVE-2023-6915
new file mode 100644
index 00000000..0d937e5a
--- /dev/null
+++ b/active/CVE-2023-6915
@@ -0,0 +1,14 @@
+Description: ida: Fix crash in ida_free when the bitmap is empty
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2254982
+Notes:
+ carnil> For 6.6.y fixed as well in 6.6.13.
+Bugs:
+upstream: released (6.7-rc7) [af73483f4e8b6f5c68c9aa63257bdd929a9c194a]
+6.1-upstream-stable: released (6.1.74) [9efdc0081ccae62c44a929e21d32bacc5f2e113f]
+5.10-upstream-stable: released (5.10.209) [dbf8b0d9387fa02de0aa047ce23eb3a7bd134e03]
+4.19-upstream-stable:
+sid: released (6.6.13-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: released (5.10.209-1)
+4.19-buster-security:
diff --git a/active/CVE-2023-7042 b/active/CVE-2023-7042
new file mode 100644
index 00000000..105ea935
--- /dev/null
+++ b/active/CVE-2023-7042
@@ -0,0 +1,18 @@
+Description: wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2255497
+ https://patchwork.kernel.org/project/linux-wireless/patch/20231208043433.271449-1-hdthky0@gmail.com/
+ https://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git/commit/?h=ath-next&id=ad25ee36f00172f7d53242dc77c69fff7ced0755
+Notes:
+ carnil> Commit fixes dc405152bb64 ("ath10k: handle mgmt tx completion
+ carnil> event") in 4.19-rc1.
+ carnil> Fixed as well in 6.7.11 and 6.8.2.
+Bugs:
+upstream: released (6.9-rc1) [ad25ee36f00172f7d53242dc77c69fff7ced0755]
+6.1-upstream-stable: released (6.1.83) [90f089d77e38db1c48629f111f3c8c336be1bc38]
+5.10-upstream-stable: released (5.10.214) [e1dc7aa814a95aeeb1b2c05be2b62af8423b15cc]
+4.19-upstream-stable: released (4.19.311) [0cd3b0a1dc987697cba1fe93c784365aa1f8a230]
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-0340 b/active/CVE-2024-0340
new file mode 100644
index 00000000..c7126d1a
--- /dev/null
+++ b/active/CVE-2024-0340
@@ -0,0 +1,14 @@
+Description: vhost: use kzalloc() instead of kmalloc() followed by memset()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2257406
+ https://lore.kernel.org/lkml/5kn47peabxjrptkqa6dwtyus35ahf4pcj4qm4pumse33kxqpjw@mec4se5relrc/T/
+Notes:
+Bugs:
+upstream: released (6.4-rc6) [4d8df0f5f79f747d75a7d356d9b9ea40a4e4c8a9]
+6.1-upstream-stable: released (6.1.78) [4675661672e3730597babf97c4e9593a775c8917]
+5.10-upstream-stable: released (5.10.210) [cda4ca038cafe016bd8dcac8cac83d771dfdcbf0]
+4.19-upstream-stable: released (4.19.307) [95eab1039625d54d1770665756dd34e9fe926638]
+sid: released (6.4.4-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: pending (4.19.309-1)
diff --git a/active/CVE-2024-0564 b/active/CVE-2024-0564
new file mode 100644
index 00000000..8878d1bf
--- /dev/null
+++ b/active/CVE-2024-0564
@@ -0,0 +1,14 @@
+Description:
+References:
+ https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1680513
+ https://bugzilla.redhat.com/show_bug.cgi?id=2258514
+Notes:
+Bugs:
+upstream:
+6.1-upstream-stable:
+5.10-upstream-stable:
+4.19-upstream-stable:
+sid:
+6.1-bookworm-security:
+5.10-bullseye-security:
+4.19-buster-security:
diff --git a/active/CVE-2024-0565 b/active/CVE-2024-0565
new file mode 100644
index 00000000..7ab48346
--- /dev/null
+++ b/active/CVE-2024-0565
@@ -0,0 +1,17 @@
+Description: smb: client: fix OOB in receive_encrypted_standard()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2258518
+ https://www.spinics.net/lists/stable-commits/msg328851.html
+Notes:
+ carnil> Commit fixes b24df3e30cbf ("cifs: update
+ carnil> receive_encrypted_standard to handle compounded responses") in
+ carnil> 4.19-rc1.
+Bugs:
+upstream: released (6.7-rc6) [eec04ea119691e65227a97ce53c0da6b9b74b0b7]
+6.1-upstream-stable: released (6.1.69) [9f528a8e68327117837b5e28b096f52af4c26a05]
+5.10-upstream-stable: released (5.10.211) [b03c8099a738a04d2343547ae6a04e5f0f63d3fa]
+4.19-upstream-stable: needed
+sid: released (6.6.8-1)
+6.1-bookworm-security: released (6.1.69-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-0607 b/active/CVE-2024-0607
new file mode 100644
index 00000000..a56fd0f3
--- /dev/null
+++ b/active/CVE-2024-0607
@@ -0,0 +1,15 @@
+Description: netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2258635
+Notes:
+ carnil> Commit fixes ce1e7989d989 ("netfilter: nft_byteorder: provide
+ carnil> 64bit le/be conversion") in 4.5-rc1.
+Bugs:
+upstream: released (6.7-rc2) [c301f0981fdd3fd1ffac6836b423c4d7a8e0eb63]
+6.1-upstream-stable: released (6.1.64) [18a169810cff769a7a697b35058c756805f589e0]
+5.10-upstream-stable: released (5.10.210) [9a865a11d6890d4a789db1eaafebdc8bd092b12c]
+4.19-upstream-stable: released (4.19.307) [fca41e5b687e029f69e3a35a2fa31e2560e538dc]
+sid: released (6.5.13-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: needed
+4.19-buster-security: pending (4.19.309-1)
diff --git a/active/CVE-2024-0841 b/active/CVE-2024-0841
new file mode 100644
index 00000000..1e907906
--- /dev/null
+++ b/active/CVE-2024-0841
@@ -0,0 +1,17 @@
+Description: hugetlbfs: Null pointer dereference in hugetlbfs_fill_super function
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2256490
+ https://lore.kernel.org/all/20240130210418.3771-1-osalvador@suse.de/T/#u
+Notes:
+ carnil> Commit fixes 32021982a324 ("hugetlbfs: Convert to fs_context")
+ carnil> 5.1-rc1.
+ bwh> Fixed also in 6.6.18 and 6.7.6.
+Bugs:
+upstream: released (6.8-rc4) [79d72c68c58784a3e1cd2378669d51bfd0cb7498]
+6.1-upstream-stable: released (6.1.79) [2e2c07104b4904aed1389a59b25799b95a85b5b9]
+5.10-upstream-stable: released (5.10.212) [80d852299987a8037be145a94f41874228f1a773]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-1086 b/active/CVE-2024-1086
new file mode 100644
index 00000000..def75662
--- /dev/null
+++ b/active/CVE-2024-1086
@@ -0,0 +1,17 @@
+Description: netfilter: nf_tables: reject QUEUE/DROP verdict parameters
+References:
+ https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660
+ https://pwning.tech/nftables/
+Notes:
+ carnil> Commit fixes e0abdadcc6e1 ("netfilter: nf_tables: accept
+ carnil> QUEUE/DROP verdict parameters") 3.15-rc1.
+ carnil> Fixed for 6.7.y in 6.7.3, for 6.6.y in 6.6.15.
+Bugs:
+upstream: released (6.8-rc2) [f342de4e2f33e0e39165d8639387aa6c19dff660]
+6.1-upstream-stable: released (6.1.76) [8e34430e33b8a80bc014f3efe29cac76bc30a4b4]
+5.10-upstream-stable: released (5.10.210) [55a60251fa50d4e68175e36666b536a602ce4f6c]
+4.19-upstream-stable: released (4.19.307) [8365e9d92b85fda975a5ece7a3a139cb964018c8]
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: released (5.10.209-2) [bugfix/all/netfilter-nf_tables-reject-QUEUE-DROP-verdict-parame.patch]
+4.19-buster-security: pending (4.19.309-1)
diff --git a/active/CVE-2024-1151 b/active/CVE-2024-1151
new file mode 100644
index 00000000..dcfc6f5b
--- /dev/null
+++ b/active/CVE-2024-1151
@@ -0,0 +1,17 @@
+Description: net: openvswitch: limit the number of recursions from action sets
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2262241
+ https://lore.kernel.org/all/20240207132416.1488485-1-aconole@redhat.com/
+Notes:
+ carnil> Commit fixes 798c166173ff ("openvswitch: Optimize sample action
+ carnil> for the clone use cases") in 4.12-rc1.
+ carnil> For 6.6.y fixed in 6.6.18 and in 6.7.y with 6.7.6.
+Bugs:
+upstream: released (6.8-rc5) [6e2f90d31fe09f2b852de25125ca875aabd81367]
+6.1-upstream-stable: released (6.1.79) [65ded4eb220695909eee657758e824fc30f0b561]
+5.10-upstream-stable: released (5.10.210) [55cfccb658fc142d7fbfeae2d0496b7841d128c3]
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-21803 b/active/CVE-2024-21803
new file mode 100644
index 00000000..cdbd3725
--- /dev/null
+++ b/active/CVE-2024-21803
@@ -0,0 +1,13 @@
+Description:
+References:
+ https://bugzilla.openanolis.cn/show_bug.cgi?id=8081
+Notes:
+Bugs:
+upstream:
+6.1-upstream-stable:
+5.10-upstream-stable:
+4.19-upstream-stable:
+sid:
+6.1-bookworm-security:
+5.10-bullseye-security:
+4.19-buster-security:
diff --git a/active/CVE-2024-2193 b/active/CVE-2024-2193
new file mode 100644
index 00000000..b29e3a00
--- /dev/null
+++ b/active/CVE-2024-2193
@@ -0,0 +1,16 @@
+Description: GhostRace
+References:
+ https://www.openwall.com/lists/oss-security/2024/03/12/14
+ https://www.vusec.net/projects/ghostrace/
+Notes:
+Bugs:
+upstream: needed
+6.7-upstream-stable: needed
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-22099 b/active/CVE-2024-22099
new file mode 100644
index 00000000..0e277163
--- /dev/null
+++ b/active/CVE-2024-22099
@@ -0,0 +1,22 @@
+Description:
+References:
+ https://bugzilla.openanolis.cn/show_bug.cgi?id=7956
+Notes:
+ carnil> The CVE description reads as "NULL Pointer Dereference
+ carnil> vulnerability in Linux Linux kernel kernel on Linux, x86, ARM
+ carnil> (net, bluetooth modules) allows Overflow Buffers. This
+ carnil> vulnerability is associated with program files
+ carnil> /net/bluetooth/rfcomm/core.c. This issue affects Linux kernel:
+ carnil> v2.6.12-rc2." and gives an indication on affected ranges from
+ carnil> v2.6.12-rc2 before v6.8-rc1. The OpenAnolis issue is to date
+ carnil> (2024-01-25) still restricted.
+ carnil> Fixed in 6.7.11 as well.
+Bugs:
+upstream: released (6.8-rc7) [2535b848fa0f42ddff3e5255cf5e742c9b77bb26]
+6.1-upstream-stable: released (6.1.83) [567c0411dc3b424fc7bd1e6109726d7ba32d4f73]
+5.10-upstream-stable: released (5.10.214) [81d7d920a22fd58ef9aedb1bd0a68ee32bd23e96]
+4.19-upstream-stable: released (4.19.311) [369f419c097e82407dd429a202cde9a73d3ae29b]
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-22386 b/active/CVE-2024-22386
new file mode 100644
index 00000000..5bce9458
--- /dev/null
+++ b/active/CVE-2024-22386
@@ -0,0 +1,13 @@
+Description:
+References:
+ https://bugzilla.openanolis.cn/show_bug.cgi?id=8147
+Notes:
+Bugs:
+upstream:
+6.1-upstream-stable:
+5.10-upstream-stable:
+4.19-upstream-stable:
+sid:
+6.1-bookworm-security:
+5.10-bullseye-security:
+4.19-buster-security:
diff --git a/active/CVE-2024-23196 b/active/CVE-2024-23196
new file mode 100644
index 00000000..d3b89dd4
--- /dev/null
+++ b/active/CVE-2024-23196
@@ -0,0 +1,13 @@
+Description:
+References:
+ https://bugzilla.openanolis.cn/show_bug.cgi?id=8148
+Notes:
+Bugs:
+upstream: released (6.5-rc1) [1f4a08fed450db87fbb5ff5105354158bdbe1a22]
+6.1-upstream-stable: released (6.1.47) [cdd412b528dee6e0851c4735d6676ec138da13a4]
+5.10-upstream-stable: released (5.10.192) [9f9eed451176ffcac6b5ba0f6dae1a6b4a1cb0eb]
+4.19-upstream-stable:
+sid: released (6.4.13-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.197-1)
+4.19-buster-security:
diff --git a/active/CVE-2024-23307 b/active/CVE-2024-23307
new file mode 100644
index 00000000..e18f1d6c
--- /dev/null
+++ b/active/CVE-2024-23307
@@ -0,0 +1,19 @@
+Description:
+References:
+ https://bugzilla.openanolis.cn/show_bug.cgi?id=7975
+Notes:
+ carnil> CVE description reads as "Integer Overflow or Wraparound
+ carnil> vulnerability in Linux Linux kernel kernel on Linux, x86, ARM
+ carnil> (md, raid, raid5 modules) allows Forced Integer Overflow."
+ carnil> which indicates together with the affected version (from v4.1-
+ carnil> rc1 before v6.8-rc1), that it is a upstream Linux kernel issue.
+ carnil> To date (2024-01-25) the OpenAnolis is restricted.
+Bugs:
+upstream: released (6.9-rc1) [dfd2bf436709b2bccb78c2dda550dde93700efa7]
+6.1-upstream-stable:
+5.10-upstream-stable:
+4.19-upstream-stable:
+sid:
+6.1-bookworm-security:
+5.10-bullseye-security:
+4.19-buster-security:
diff --git a/active/CVE-2024-23848 b/active/CVE-2024-23848
new file mode 100644
index 00000000..bbedeed2
--- /dev/null
+++ b/active/CVE-2024-23848
@@ -0,0 +1,13 @@
+Description:
+References:
+ https://lore.kernel.org/lkml/e9f42704-2f99-4f2c-ade5-f952e5fd53e5%40xs4all.nl/
+Notes:
+Bugs:
+upstream:
+6.1-upstream-stable:
+5.10-upstream-stable:
+4.19-upstream-stable:
+sid:
+6.1-bookworm-security:
+5.10-bullseye-security:
+4.19-buster-security:
diff --git a/active/CVE-2024-23849 b/active/CVE-2024-23849
new file mode 100644
index 00000000..451ade01
--- /dev/null
+++ b/active/CVE-2024-23849
@@ -0,0 +1,17 @@
+Description: net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv
+References:
+ https://lore.kernel.org/netdev/CALGdzuoVdq-wtQ4Az9iottBqC5cv9ZhcE5q8N7LfYFvkRsOVcw@mail.gmail.com/
+ https://lore.kernel.org/netdev/1705715319-19199-1-git-send-email-sharath.srinivasan%40oracle.com/
+Notes:
+ carnil> For 6.7.y fixed as well in 6.7.3.
+ carnil> Issue introduced with 3289025aedc0 ("RDS: add receive message
+ carnil> trace used by application").
+Bugs:
+upstream: released (6.8-rc2) [13e788deb7348cc88df34bed736c3b3b9927ea52]
+6.1-upstream-stable: released (6.1.76) [71024928b3f71ce4529426f8692943205c58d30b]
+5.10-upstream-stable: released (5.10.210) [5ae8d50044633306ff160fcf7faa24994175efe1]
+4.19-upstream-stable: released (4.19.307) [344350bfa3b4b37d7c3d5a00536e6fbf0e953fbf]
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: needed
+4.19-buster-security: pending (4.19.309-1)
diff --git a/active/CVE-2024-23850 b/active/CVE-2024-23850
new file mode 100644
index 00000000..0b99c940
--- /dev/null
+++ b/active/CVE-2024-23850
@@ -0,0 +1,18 @@
+Description: btrfs: do not ASSERT() if the newly created subvolume already got read
+References:
+ https://lore.kernel.org/lkml/CALGdzuo6awWdau3X=8XK547x2vX_-VoFmH1aPsqosRTQ5WzJVA%40mail.gmail.com/
+ https://lore.kernel.org/all/6a80cb4b32af89787dadee728310e5e2ca85343f.1705741883.git.wqu%40suse.com/
+Notes:
+ carnil> Commit fixes 2dfb1e43f57d ("btrfs: preallocate anon block
+ carnil> device at first phase of snapshot creation") in 5.9-rc1 (and
+ carnil> backported to 5.8.3)
+ bwh> Fixed as well in 6.6.18 and 6.7.6.
+Bugs:
+upstream: released (6.8-rc4) [e03ee2fe873eb68c1f9ba5112fee70303ebf9dfb]
+6.1-upstream-stable: released (6.1.79) [66b317a2fc45b2ef66527ee3f8fa08fb5beab88d]
+5.10-upstream-stable: released (5.10.210) [3f5d47eb163bceb1b9e613c9003bae5fefc0046f]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-23851 b/active/CVE-2024-23851
new file mode 100644
index 00000000..1a9af5cf
--- /dev/null
+++ b/active/CVE-2024-23851
@@ -0,0 +1,16 @@
+Description: dm: limit the number of targets and parameter size area
+References:
+ https://www.spinics.net/lists/dm-devel/msg56574.html
+ https://www.spinics.net/lists/dm-devel/msg56694.html
+Notes:
+ carnil> For 6.6.y fixed in 6.6.18 and for 6.7.y in 6.7.6.
+ bwh> Duplicate of CVE-2023-52429.
+Bugs:
+upstream: released (6.8-rc3) [bd504bcfec41a503b32054da5472904b404341a4]
+6.1-upstream-stable: released (6.1.79) [c5d83ac2bf6ca668a39ffb1a576899a66153ba19]
+5.10-upstream-stable: released (5.10.210) [a891a0621e725e85529985139cada8cb5a74a116]
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-24855 b/active/CVE-2024-24855
new file mode 100644
index 00000000..f48a0e76
--- /dev/null
+++ b/active/CVE-2024-24855
@@ -0,0 +1,13 @@
+Description:
+References:
+ https://bugzilla.openanolis.cn/show_bug.cgi?id=8149
+Notes:
+Bugs:
+upstream: released (6.5-rc2) [0e881c0a4b6146b7e856735226208f48251facd8]
+6.1-upstream-stable:
+5.10-upstream-stable:
+4.19-upstream-stable:
+sid: released (6.5.3-1)
+6.1-bookworm-security:
+5.10-bullseye-security:
+4.19-buster-security:
diff --git a/active/CVE-2024-24857 b/active/CVE-2024-24857
new file mode 100644
index 00000000..115a2b67
--- /dev/null
+++ b/active/CVE-2024-24857
@@ -0,0 +1,13 @@
+Description:
+References:
+ https://bugzilla.openanolis.cn/show_bug.cgi?id=8155
+Notes:
+Bugs:
+upstream:
+6.1-upstream-stable:
+5.10-upstream-stable:
+4.19-upstream-stable:
+sid:
+6.1-bookworm-security:
+5.10-bullseye-security:
+4.19-buster-security:
diff --git a/active/CVE-2024-24858 b/active/CVE-2024-24858
new file mode 100644
index 00000000..966667a1
--- /dev/null
+++ b/active/CVE-2024-24858
@@ -0,0 +1,13 @@
+Description:
+References:
+ https://bugzilla.openanolis.cn/show_bug.cgi?id=8154
+Notes:
+Bugs:
+upstream:
+6.1-upstream-stable:
+5.10-upstream-stable:
+4.19-upstream-stable:
+sid:
+6.1-bookworm-security:
+5.10-bullseye-security:
+4.19-buster-security:
diff --git a/active/CVE-2024-24859 b/active/CVE-2024-24859
new file mode 100644
index 00000000..2c3c663e
--- /dev/null
+++ b/active/CVE-2024-24859
@@ -0,0 +1,13 @@
+Description:
+References:
+ https://bugzilla.openanolis.cn/show_bug.cgi?id=8153
+Notes:
+Bugs:
+upstream:
+6.1-upstream-stable:
+5.10-upstream-stable:
+4.19-upstream-stable:
+sid:
+6.1-bookworm-security:
+5.10-bullseye-security:
+4.19-buster-security:
diff --git a/active/CVE-2024-24861 b/active/CVE-2024-24861
new file mode 100644
index 00000000..785b404a
--- /dev/null
+++ b/active/CVE-2024-24861
@@ -0,0 +1,13 @@
+Description:
+References:
+ https://bugzilla.openanolis.cn/show_bug.cgi?id=8150
+Notes:
+Bugs:
+upstream: released (6.9-rc1) [36d503ad547d1c75758a6fcdbec2806f1b6aeb41]
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-24864 b/active/CVE-2024-24864
new file mode 100644
index 00000000..3bc08d9f
--- /dev/null
+++ b/active/CVE-2024-24864
@@ -0,0 +1,13 @@
+Description:
+References:
+ https://bugzilla.openanolis.cn/show_bug.cgi?id=8178
+Notes:
+Bugs:
+upstream:
+6.1-upstream-stable:
+5.10-upstream-stable:
+4.19-upstream-stable:
+sid:
+6.1-bookworm-security:
+5.10-bullseye-security:
+4.19-buster-security:
diff --git a/active/CVE-2024-25739 b/active/CVE-2024-25739
new file mode 100644
index 00000000..355470ed
--- /dev/null
+++ b/active/CVE-2024-25739
@@ -0,0 +1,15 @@
+Description: ubi: Check for too small LEB size in VTBL code
+References:
+ https://www.spinics.net/lists/kernel/msg5074816.html
+ https://groups.google.com/g/syzkaller/c/Xl97YcQA4hg
+Notes:
+ carnil> Commit fixes 801c135ce73d ("UBI: Unsorted Block Images")
+Bugs:
+upstream: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-25740 b/active/CVE-2024-25740
new file mode 100644
index 00000000..2859384c
--- /dev/null
+++ b/active/CVE-2024-25740
@@ -0,0 +1,13 @@
+Description: memory leak in ubi_attach
+References:
+ https://lore.kernel.org/lkml/0171b6cc-95ee-3538-913b-65a391a446b3%40huawei.com/T/
+Notes:
+Bugs:
+upstream:
+6.1-upstream-stable:
+5.10-upstream-stable:
+4.19-upstream-stable:
+sid:
+6.1-bookworm-security:
+5.10-bullseye-security:
+4.19-buster-security:
diff --git a/active/CVE-2024-25741 b/active/CVE-2024-25741
new file mode 100644
index 00000000..add48b57
--- /dev/null
+++ b/active/CVE-2024-25741
@@ -0,0 +1,13 @@
+Description: usb/f_printer: WARNING in usb_ep_queue
+References:
+ https://www.spinics.net/lists/linux-usb/msg252167.html
+Notes:
+Bugs:
+upstream:
+6.1-upstream-stable:
+5.10-upstream-stable:
+4.19-upstream-stable:
+sid:
+6.1-bookworm-security:
+5.10-bullseye-security:
+4.19-buster-security:
diff --git a/active/CVE-2024-26581 b/active/CVE-2024-26581
new file mode 100644
index 00000000..ce373b3a
--- /dev/null
+++ b/active/CVE-2024-26581
@@ -0,0 +1,16 @@
+Description: netfilter: nft_set_rbtree: skip end interval element from gc
+References:
+Notes:
+ carnil> Introduced in f718863aca46 ("netfilter: nft_set_rbtree: fix overlap expiration
+ carnil> walk"). Vulnerable versions: 5.4.262 5.10.190 5.15.124 6.1.43 6.4.8 6.5-rc4.
+Bugs:
+upstream: released (6.8-rc4) [60c0c230c6f046da536d3df8b39a20b9a9fd6af0]
+6.7-upstream-stable: released (6.7.5) [6eb14441f10602fa1cf691da9d685718b68b78a9]
+6.6-upstream-stable: released (6.6.17) [b734f7a47aeb32a5ba298e4ccc16bb0c52b6dbf7]
+6.1-upstream-stable: released (6.1.78) [1296c110c5a0b45a8fcf58e7d18bc5da61a565cb]
+5.10-upstream-stable: released (5.10.210) [4cee42fcf54fec46b344681e7cc4f234bb22f85a]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26582 b/active/CVE-2024-26582
new file mode 100644
index 00000000..b39919d8
--- /dev/null
+++ b/active/CVE-2024-26582
@@ -0,0 +1,16 @@
+Description: net: tls: fix use-after-free with partial reads and async decrypt
+References:
+Notes:
+ carnil> Introduced in fd31f3996af2 ("tls: rx: decrypt into a fresh skb"). Vulnerable
+ carnil> versions: 6.0-rc1.
+Bugs:
+upstream: released (6.8-rc5) [32b55c5ff9103b8508c1e04bfa5a08c64e7a925f]
+6.7-upstream-stable: released (6.7.6) [754c9bab77a1b895b97bd99d754403c505bc79df]
+6.6-upstream-stable: released (6.6.18) [d684763534b969cca1022e2a28645c7cc91f7fa5]
+6.1-upstream-stable: released (6.1.79) [20b4ed034872b4d024b26e2bc1092c3f80e5db96]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26583 b/active/CVE-2024-26583
new file mode 100644
index 00000000..e463768f
--- /dev/null
+++ b/active/CVE-2024-26583
@@ -0,0 +1,16 @@
+Description: tls: fix race between async notify and socket close
+References:
+Notes:
+ carnil> Introduced in 0cada33241d9 ("net/tls: fix race condition causing kernel
+ carnil> panic"). Vulnerable versions: 5.4.44 5.4.71 5.6.16 5.7 5.8.15.
+Bugs:
+upstream: released (6.8-rc5) [aec7961916f3f9e88766e2688992da6980f11b8d]
+6.7-upstream-stable: released (6.7.6) [6209319b2efdd8524691187ee99c40637558fa33]
+6.6-upstream-stable: released (6.6.18) [86dc27ee36f558fe223dbdfbfcb6856247356f4a]
+6.1-upstream-stable: released (6.1.79) [7a3ca06d04d589deec81f56229a9a9d62352ce01]
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26584 b/active/CVE-2024-26584
new file mode 100644
index 00000000..2143c8f8
--- /dev/null
+++ b/active/CVE-2024-26584
@@ -0,0 +1,18 @@
+Description: net: tls: handle backlogging of crypto requests
+References:
+Notes:
+ carnil> Introduced in a54667f6728c ("tls: Add support for encryption using async
+ carnil> offload accelerator")
+ carnil> 94524d8fc965 ("net/tls: Add support for async decryption of tls records").
+ carnil> Vulnerable versions: 4.16-rc1 4.20-rc1.
+Bugs:
+upstream: released (6.8-rc5) [8590541473188741055d27b955db0777569438e3]
+6.7-upstream-stable: released (6.7.6) [ab6397f072e5097f267abf5cb08a8004e6b17694]
+6.6-upstream-stable: released (6.6.18) [13eca403876bbea3716e82cdfe6f1e6febb38754]
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26585 b/active/CVE-2024-26585
new file mode 100644
index 00000000..40133c28
--- /dev/null
+++ b/active/CVE-2024-26585
@@ -0,0 +1,16 @@
+Description: tls: fix race between tx work scheduling and socket close
+References:
+Notes:
+ carnil> Introduced in a42055e8d2c3 ("net/tls: Add support for async encryption of
+ carnil> records for performance"). Vulnerable versions: 4.20-rc1.
+Bugs:
+upstream: released (6.8-rc5) [e01e3934a1b2d122919f73bc6ddbe1cdafc4bbdb]
+6.7-upstream-stable: released (6.7.6) [e327ed60bff4a991cd7a709c47c4f0c5b4a4fd57]
+6.6-upstream-stable: released (6.6.18) [6db22d6c7a6dc914b12c0469b94eb639b6a8a146]
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26586 b/active/CVE-2024-26586
new file mode 100644
index 00000000..201c1436
--- /dev/null
+++ b/active/CVE-2024-26586
@@ -0,0 +1,14 @@
+Description: mlxsw: spectrum_acl_tcam: Fix stack corruption
+References:
+Notes:
+ carnil> Introduced by c3ab435466d5 ("mlxsw: spectrum: Extend to support
+ carnil> Spectrum-2 ASIC") 4.19-rc1.
+Bugs:
+upstream: released (6.8-rc1) [483ae90d8f976f8339cf81066312e1329f2d3706]
+6.1-upstream-stable: released (6.1.79) [6fd24675188d354b1cad47462969afa2ab09d819]
+5.10-upstream-stable: released (5.10.209) [56750ea5d15426b5f307554e7699e8b5f76c3182]
+4.19-upstream-stable: needed
+sid: released (6.6.15-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: released (5.10.209-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26589 b/active/CVE-2024-26589
new file mode 100644
index 00000000..af35b771
--- /dev/null
+++ b/active/CVE-2024-26589
@@ -0,0 +1,16 @@
+Description: bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS
+References:
+Notes:
+ carnil> Introduced in d58e468b1112 ("flow_dissector: implements flow dissector BPF
+ carnil> hook"). Vulnerable versions: 4.20-rc1.
+Bugs:
+upstream: released (6.8-rc1) [22c7fa171a02d310e3a3f6ed46a698ca8a0060ed]
+6.7-upstream-stable: released (6.7.2) [1b500d5d6cecf98dd6ca88bc9e7ae1783c83e6d3]
+6.6-upstream-stable: released (6.6.14) [e8d3872b617c21100c5ee4f64e513997a68c2e3d]
+6.1-upstream-stable: released (6.1.75) [4108b86e324da42f7ed425bd71632fd844300dc8]
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26590 b/active/CVE-2024-26590
new file mode 100644
index 00000000..1027127a
--- /dev/null
+++ b/active/CVE-2024-26590
@@ -0,0 +1,17 @@
+Description: erofs: fix inconsistent per-file compression format
+References:
+Notes:
+ carnil> Introduced in 8f89926290c4 ("erofs: get compression algorithms directly on
+ carnil> mapping")
+ carnil> 622ceaddb764 ("erofs: lzma compression support"). Vulnerable versions: 5.16-rc1.
+Bugs:
+upstream: released (6.8-rc1) [118a8cf504d7dfa519562d000f423ee3ca75d2c4]
+6.7-upstream-stable: released (6.7.2) [eed24b816e50c6cd18cbee0ff0d7218c8fced199]
+6.6-upstream-stable: released (6.6.14) [823ba1d2106019ddf195287ba53057aee33cf724]
+6.1-upstream-stable: released (6.1.80) [47467e04816cb297905c0f09bc2d11ef865942d9]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26593 b/active/CVE-2024-26593
new file mode 100644
index 00000000..6b523a3b
--- /dev/null
+++ b/active/CVE-2024-26593
@@ -0,0 +1,16 @@
+Description: i2c: i801: Fix block process call transactions
+References:
+Notes:
+ carnil> Introduced in 315cd67c9453 ("i2c: i801: Add Block Write-Block Read Process Call
+ carnil> support"). Vulnerable versions: 5.3-rc1.
+Bugs:
+upstream: released (6.8-rc5) [c1c9d0f6f7f1dbf29db996bd8e166242843a5f21]
+6.7-upstream-stable: released (6.7.6) [609c7c1cc976e740d0fed4dbeec688b3ecb5dce2]
+6.6-upstream-stable: released (6.6.18) [6be99c51829b24c914cef5bff6164877178e84d9]
+6.1-upstream-stable: released (6.1.79) [491528935c9c48bf341d8b40eabc6c4fc5df6f2c]
+5.10-upstream-stable: released (5.10.210) [7a14b8a477b88607d157c24aeb23e7389ec3319f]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26595 b/active/CVE-2024-26595
new file mode 100644
index 00000000..647dcc52
--- /dev/null
+++ b/active/CVE-2024-26595
@@ -0,0 +1,16 @@
+Description: mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path
+References:
+Notes:
+ carnil> Commit fixes 22a677661f56 ("mlxsw: spectrum: Introduce ACL core
+ carnil> with simple TCAM implementation") 4.11-rc1.
+Bugs:
+upstream: released (6.8-rc1) [efeb7dfea8ee10cdec11b6b6ba4e405edbe75809]
+6.7-upstream-stable: released (6.7.2) [d0a1efe417c97a1e9b914056ee6b86f1ef75fe1f]
+6.6-upstream-stable: released (6.6.14) [817840d125a370626895df269c50c923b79b0a39]
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26596 b/active/CVE-2024-26596
new file mode 100644
index 00000000..4211084d
--- /dev/null
+++ b/active/CVE-2024-26596
@@ -0,0 +1,16 @@
+Description: net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events
+References:
+Notes:
+ carnil> Introduced in 4c3f80d22b2e ("net: dsa: walk through all changeupper notifier
+ carnil> functions"). Vulnerable versions: 6.1-rc1.
+Bugs:
+upstream: released (6.8-rc1) [844f104790bd69c2e4dbb9ee3eba46fde1fcea7b]
+6.7-upstream-stable: released (6.7.2) [dbd909c20c11f0d29c0054d41e0d1f668a60e8c8]
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26597 b/active/CVE-2024-26597
new file mode 100644
index 00000000..44d09034
--- /dev/null
+++ b/active/CVE-2024-26597
@@ -0,0 +1,15 @@
+Description: net: qualcomm: rmnet: fix global oob in rmnet_policy
+References:
+Notes:
+ bwh> Driver is not enabled in any suite.
+Bugs:
+upstream: released (6.8-rc1) [b33fb5b801c6db408b774a68e7c8722796b59ecc]
+6.7-upstream-stable: released (6.7.2) [17d06a5c44d8fd2e8e61bac295b09153496f87e1]
+6.6-upstream-stable: released (6.6.14) [c4734535034672f59f2652e1e0058c490da62a5c]
+6.1-upstream-stable: released (6.1.75) [ee1dc3bf86f2df777038506b139371a9add02534]
+5.10-upstream-stable: released (5.10.209) [2295c22348faf795e1ccdf618f6eb7afdb2f7447]
+4.19-upstream-stable: released (4.19.306) [093dab655808207f7a9f54cf156240aeafc70590]
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: released (5.10.209-1)
+4.19-buster-security: pending (4.19.309-1)
diff --git a/active/CVE-2024-26598 b/active/CVE-2024-26598
new file mode 100644
index 00000000..37839647
--- /dev/null
+++ b/active/CVE-2024-26598
@@ -0,0 +1,14 @@
+Description: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache
+References:
+Notes:
+Bugs:
+upstream: released (6.8-rc1) [ad362fe07fecf0aba839ff2cc59a3617bd42c33f]
+6.7-upstream-stable: released (6.7.2) [dd3956a1b3dd11f46488c928cb890d6937d1ca80]
+6.6-upstream-stable: released (6.6.14) [65b201bf3e9af1b0254243a5881390eda56f72d1]
+6.1-upstream-stable: released (6.1.75) [dba788e25f05209adf2b0175eb1691dc89fb1ba6]
+5.10-upstream-stable: released (5.10.209) [ba7be666740847d967822bed15500656b26bc703]
+4.19-upstream-stable:
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: released (5.10.209-1)
+4.19-buster-security:
diff --git a/active/CVE-2024-26600 b/active/CVE-2024-26600
new file mode 100644
index 00000000..9564d479
--- /dev/null
+++ b/active/CVE-2024-26600
@@ -0,0 +1,16 @@
+Description: phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP
+References:
+Notes:
+ carnil> Introduced in 657b306a7bdf ("usb: phy: add a new driver for omap usb2 phy").
+ carnil> Vulnerable versions: 3.7-rc1.
+Bugs:
+upstream: released (6.8-rc3) [7104ba0f1958adb250319e68a15eff89ec4fd36d]
+6.7-upstream-stable: released (6.7.5) [396e17af6761b3cc9e6e4ca94b4de7f642bfece1]
+6.6-upstream-stable: released (6.6.17) [14ef61594a5a286ae0d493b8acbf9eac46fd04c4]
+6.1-upstream-stable: released (6.1.78) [0430bfcd46657d9116a26cd377f112cbc40826a4]
+5.10-upstream-stable: released (5.10.210) [be3b82e4871ba00e9b5d0ede92d396d579d7b3b3]
+4.19-upstream-stable: released (4.19.307) [486218c11e8d1c8f515a3bdd70d62203609d4b6b]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: pending (4.19.309-1)
diff --git a/active/CVE-2024-26601 b/active/CVE-2024-26601
new file mode 100644
index 00000000..bd28626d
--- /dev/null
+++ b/active/CVE-2024-26601
@@ -0,0 +1,16 @@
+Description: ext4: regenerate buddy after block freeing failed if under fc replay
+References:
+Notes:
+ carnil> Introduced in 6bd97bf273bd ("ext4: remove redundant mb_regenerate_buddy()").
+ carnil> Vulnerable versions: 5.10.181 5.11-rc1.
+Bugs:
+upstream: released (6.8-rc3) [c9b528c35795b711331ed36dc3dbee90d5812d4e]
+6.7-upstream-stable: released (6.7.5) [6b0d48647935e4b8c7b75d1eccb9043fcd4ee581]
+6.6-upstream-stable: released (6.6.17) [ea42d6cffb0dd27a417f410b9d0011e9859328cb]
+6.1-upstream-stable: released (6.1.78) [78327acd4cdc4a1601af718b781eece577b6b7d4]
+5.10-upstream-stable: released (5.10.211) [94ebf71bddbcd4ab1ce43ae32c6cb66396d2d51a]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26602 b/active/CVE-2024-26602
new file mode 100644
index 00000000..de0ce911
--- /dev/null
+++ b/active/CVE-2024-26602
@@ -0,0 +1,17 @@
+Description: sched/membarrier: reduce the ability to hammer on sys_membarrier
+References:
+Notes:
+ carnil> Introduced in 22e4ebb97582 ("membarrier: Provide expedited private command")
+ carnil> c5f58bd58f43 ("membarrier: Provide GLOBAL_EXPEDITED command"). Vulnerable
+ carnil> versions: 4.14-rc1 4.16-rc1.
+Bugs:
+upstream: released (6.8-rc6) [944d5fe50f3f03daacfea16300e656a1691c4a23]
+6.7-upstream-stable: released (6.7.6) [c5b2063c65d05e79fad8029324581d86cfba7eea]
+6.6-upstream-stable: released (6.6.18) [b6a2a9cbb67545c825ec95f06adb7ff300a2ad71]
+6.1-upstream-stable: released (6.1.79) [24ec7504a08a67247fbe798d1de995208a8c128a]
+5.10-upstream-stable: released (5.10.210) [db896bbe4a9c67cee377e5f6a743350d3ae4acf6]
+4.19-upstream-stable: released (4.19.307) [3cd139875e9a7688b3fc715264032620812a5fa3]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: pending (4.19.309-1)
diff --git a/active/CVE-2024-26603 b/active/CVE-2024-26603
new file mode 100644
index 00000000..7c44a912
--- /dev/null
+++ b/active/CVE-2024-26603
@@ -0,0 +1,16 @@
+Description: x86/fpu: Stop relying on userspace for info to fault in xsave buffer
+References:
+Notes:
+ carnil> Introduced in fcb3635f5018 ("x86/fpu/signal: Handle #PF in the direct restore
+ carnil> path"). Vulnerable versions: 5.14-rc1.
+Bugs:
+upstream: released (6.8-rc4) [d877550eaf2dc9090d782864c96939397a3c6835]
+6.7-upstream-stable: released (6.7.6) [627e28cbb65564e55008315d9e02fbb90478beda]
+6.6-upstream-stable: released (6.6.18) [b2479ab426cef7ab79a13005650eff956223ced2]
+6.1-upstream-stable: released (6.1.79) [627339cccdc9166792ecf96bc3c9f711a60ce996]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26605 b/active/CVE-2024-26605
new file mode 100644
index 00000000..3d5335d4
--- /dev/null
+++ b/active/CVE-2024-26605
@@ -0,0 +1,16 @@
+Description: PCI/ASPM: Fix deadlock when enabling ASPM
+References:
+Notes:
+ carnil> Introduced in f93e71aea6c6 ("Revert "PCI/ASPM: Remove
+ carnil> pcie_aspm_pm_state_change()""). Vulnerable versions: 5.15.147 6.1.72 6.6.11 6.7.
+Bugs:
+upstream: released (6.8-rc3) [1e560864159d002b453da42bd2c13a1805515a20]
+6.7-upstream-stable: released (6.7.5) [ef90508574d7af48420bdc5f7b9a4f1cdd26bc70]
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26606 b/active/CVE-2024-26606
new file mode 100644
index 00000000..bda66a69
--- /dev/null
+++ b/active/CVE-2024-26606
@@ -0,0 +1,16 @@
+Description: binder: signal epoll threads of self-work
+References:
+Notes:
+ carnil> Introduced in 457b9a6f09f0 ("Staging: android: add binder driver"). Vulnerable
+ carnil> versions: 2.6.29-rc1.
+Bugs:
+upstream: released (6.8-rc3) [97830f3c3088638ff90b20dfba2eb4d487bf14d7]
+6.7-upstream-stable: released (6.7.6) [93b372c39c40cbf179e56621e6bc48240943af69]
+6.6-upstream-stable: released (6.6.18) [a7ae586f6f6024f490b8546c8c84670f96bb9b68]
+6.1-upstream-stable: released (6.1.79) [90e09c016d72b91e76de25f71c7b93d94cc3c769]
+5.10-upstream-stable: released (5.10.210) [a423042052ec2bdbf1e552e621e6a768922363cc]
+4.19-upstream-stable: released (4.19.307) [dd64bb8329ce0ea27bc557e4160c2688835402ac]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: pending (4.19.309-1)
diff --git a/active/CVE-2024-26607 b/active/CVE-2024-26607
new file mode 100644
index 00000000..524349e0
--- /dev/null
+++ b/active/CVE-2024-26607
@@ -0,0 +1,16 @@
+Description: drm/bridge: sii902x: Fix probing race issue
+References:
+Notes:
+ carnil> Introduced in 21d808405fe4 ("drm/bridge/sii902x: Fix EDID readback").
+ carnil> Vulnerable versions: 5.0-rc1.
+Bugs:
+upstream: released (6.8-rc2) [08ac6f132dd77e40f786d8af51140c96c6d739c9]
+6.7-upstream-stable: released (6.7.3) [2a4c6af7934a7b4c304542c38fee35e09cc1770c]
+6.6-upstream-stable: released (6.6.15) [56f96cf6eb11a1c2d594367c3becbfb06a855ec1]
+6.1-upstream-stable: released (6.1.76) [e0f83c234ea7a3dec1f84e5d02caa1c51664a076]
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26610 b/active/CVE-2024-26610
new file mode 100644
index 00000000..ea80152c
--- /dev/null
+++ b/active/CVE-2024-26610
@@ -0,0 +1,16 @@
+Description: wifi: iwlwifi: fix a memory corruption
+References:
+Notes:
+ carnil> Introduced in cf29c5b66b9f ("iwlwifi: dbg_ini: implement time point handling").
+ carnil> Vulnerable versions: 5.5-rc1.
+Bugs:
+upstream: released (6.8-rc2) [cf4a0d840ecc72fcf16198d5e9c505ab7d5a5e4d]
+6.7-upstream-stable: released (6.7.3) [f32a81999d0b8e5ce60afb5f6a3dd7241c17dd67]
+6.6-upstream-stable: released (6.6.15) [870171899d75d43e3d14360f3a4850e90a9c289b]
+6.1-upstream-stable: released (6.1.76) [aa2cc9363926991ba74411e3aa0a0ea82c1ffe32]
+5.10-upstream-stable: released (5.10.210) [05dd9facfb9a1e056752c0901c6e86416037d15a]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26614 b/active/CVE-2024-26614
new file mode 100644
index 00000000..c9abfd45
--- /dev/null
+++ b/active/CVE-2024-26614
@@ -0,0 +1,18 @@
+Description: tcp: make sure init the accept_queue's spinlocks once
+References:
+Notes:
+ carnil> Introduced in fff1f3001cc5 ("tcp: add a spinlock to protect struct
+ carnil> request_sock_queue")
+ carnil> 168a8f58059a ("tcp: TCP Fast Open Server - main code path"). Vulnerable
+ carnil> versions: 3.7-rc1 4.4-rc1 4.19.207 5.4.148 5.10.67 5.13.19 5.14.6.
+Bugs:
+upstream: released (6.8-rc2) [198bc90e0e734e5f98c3d2833e8390cac3df61b2]
+6.7-upstream-stable: released (6.7.3) [3982fe726a63fb3de6005e534e2ac8ca7e0aca2a]
+6.6-upstream-stable: released (6.6.15) [168e7e599860654876c2a1102a82610285c02f02]
+6.1-upstream-stable: released (6.1.76) [b1e0a68a0cd2a83259c444f638b417a8fffc6855]
+5.10-upstream-stable: released (5.10.210) [bc99dcedd2f422d602516762b96c8ef1ae6b2882]
+4.19-upstream-stable: needed
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26615 b/active/CVE-2024-26615
new file mode 100644
index 00000000..af17147f
--- /dev/null
+++ b/active/CVE-2024-26615
@@ -0,0 +1,16 @@
+Description: net/smc: fix illegal rmb_desc access in SMC-D connection dump
+References:
+Notes:
+ carnil> Introduced in 4b1b7d3b30a6 ("net/smc: add SMC-D diag support"). Vulnerable
+ carnil> versions: 4.19-rc1.
+Bugs:
+upstream: released (6.8-rc2) [dbc153fd3c142909e564bb256da087e13fbf239c]
+6.7-upstream-stable: released (6.7.3) [8f3f9186e5bb96a9c9654c41653210e3ea7e48a6]
+6.6-upstream-stable: released (6.6.15) [a164c2922675d7051805cdaf2b07daffe44f20d9]
+6.1-upstream-stable: released (6.1.76) [6994dba06321e3c48fdad0ba796a063d9d82183a]
+5.10-upstream-stable: released (5.10.210) [5fed92ca32eafbfae8b6bee8ca34cca71c6a8b6d]
+4.19-upstream-stable: released (4.19.307) [27aea64838914c6122db5b8bd4bed865c9736f22]
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: needed
+4.19-buster-security: pending (4.19.309-1)
diff --git a/active/CVE-2024-26618 b/active/CVE-2024-26618
new file mode 100644
index 00000000..d5bae55f
--- /dev/null
+++ b/active/CVE-2024-26618
@@ -0,0 +1,16 @@
+Description: arm64/sme: Always exit sme_alloc() early with existing storage
+References:
+Notes:
+ carnil> Introduced in 5d0a8d2fba50 ("arm64/ptrace: Ensure that SME is set up for target
+ carnil> when writing SSVE state"). Vulnerable versions: 6.1.47 6.4.12 6.5-rc7.
+Bugs:
+upstream: released (6.8-rc1) [dc7eb8755797ed41a0d1b5c0c39df3c8f401b3d9]
+6.7-upstream-stable: released (6.7.3) [814af6b4e6000e574e74d92197190edf07cc3680]
+6.6-upstream-stable: released (6.6.15) [569156e4fa347237f8fa2a7e935d860109c55ac4]
+6.1-upstream-stable: needed
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26621 b/active/CVE-2024-26621
new file mode 100644
index 00000000..38bf5f5c
--- /dev/null
+++ b/active/CVE-2024-26621
@@ -0,0 +1,17 @@
+Description: mm: huge_memory: don't force huge page alignment on 32 bit
+References:
+ https://lore.kernel.org/all/CAMj1kXGMPeFE_JAKBhAkh9eqmvEJjucsXru2bjc6oa35oyK4=A@mail.gmail.com/
+Notes:
+ carnil> Introduced in 1854bc6e2420 ("mm/readahead: Align file mappings
+ carnil> for non-DAX"). Vulnerable versions: 5.18-rc1.
+Bugs: 1024149
+upstream: released (6.8-rc3) [4ef9ad19e17676b9ef071309bc62020e2373705d]
+6.7-upstream-stable: released (6.7.6) [7432376c913381c5f24d373a87ff629bbde94b47]
+6.6-upstream-stable: needed
+6.1-upstream-stable: released (6.1.81) [87632bc9ecff5ded93433bc0fca428019bdd1cfe]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26622 b/active/CVE-2024-26622
new file mode 100644
index 00000000..dc76dbb4
--- /dev/null
+++ b/active/CVE-2024-26622
@@ -0,0 +1,16 @@
+Description: tomoyo: fix UAF write bug in tomoyo_write_control()
+References:
+Notes:
+ carnil> Introduced in bd03a3e4c9a9 ("TOMOYO: Add policy namespace support.").
+ carnil> Vulnerable versions: 3.1-rc1.
+Bugs:
+upstream: released (6.8-rc7) [2f03fc340cac9ea1dc63cbf8c93dd2eb0f227815]
+6.7-upstream-stable: released (6.7.9) [6edefe1b6c29a9932f558a898968a9fcbeec5711]
+6.6-upstream-stable: released (6.6.21) [2caa605079488da9601099fbda460cfc1702839f]
+6.1-upstream-stable: released (6.1.81) [3bfe04c1273d30b866f4c7c238331ed3b08e5824]
+5.10-upstream-stable: released (5.10.212) [a23ac1788e2c828c097119e9a3178f0b7e503fee]
+4.19-upstream-stable: needed
+sid: released (6.7.9-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26625 b/active/CVE-2024-26625
new file mode 100644
index 00000000..facc1a52
--- /dev/null
+++ b/active/CVE-2024-26625
@@ -0,0 +1,16 @@
+Description: llc: call sock_orphan() at release time
+References:
+Notes:
+ carnil> Introduced in 43815482370c ("net: sock_def_readable() and friends RCU
+ carnil> conversion"). Vulnerable versions: 2.6.35-rc1.
+Bugs:
+upstream: released (6.8-rc3) [aa2b2eb3934859904c287bf5434647ba72e14c1c]
+6.7-upstream-stable: released (6.7.4) [8e51f084b5716653f19e291ed5f026791d4b3ed4]
+6.6-upstream-stable: released (6.6.16) [3151051b787f7cd7e3329ea0016eb9113c248812]
+6.1-upstream-stable: released (6.1.77) [9c333d9891f34cea8af1b229dc754552304c8eee]
+5.10-upstream-stable: released (5.10.210) [d0b5b1f12429df3cd9751ab8b2f53729b77733b7]
+4.19-upstream-stable: released (4.19.307) [6b950c712a9a05cdda4aea7fcb2848766576c11b]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: pending (4.19.309-1)
diff --git a/active/CVE-2024-26626 b/active/CVE-2024-26626
new file mode 100644
index 00000000..4d4c9d8a
--- /dev/null
+++ b/active/CVE-2024-26626
@@ -0,0 +1,16 @@
+Description: ipmr: fix kernel panic when forwarding mcast packets
+References:
+Notes:
+ carnil> Introduced in bb7403655b3c ("ipmr: support IP_PKTINFO on cache report IGMP
+ carnil> msg"). Vulnerable versions: 6.1.75 6.6.14 6.7.2 6.8-rc1.
+Bugs:
+upstream: released (6.8-rc3) [e622502c310f1069fd9f41cd38210553115f610a]
+6.7-upstream-stable: released (6.7.4) [2e8c9ae40adda2be1ba41c05fd3cd1e61cce3207]
+6.6-upstream-stable: released (6.6.16) [dcaafdba6c6162bb49f1192850bc3bbc3707738c]
+6.1-upstream-stable: released (6.1.77) [d2f1b7fe74afd66298dbb3c7b39e7b62e4df1724]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26627 b/active/CVE-2024-26627
new file mode 100644
index 00000000..c7496c3d
--- /dev/null
+++ b/active/CVE-2024-26627
@@ -0,0 +1,16 @@
+Description: scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler
+References:
+Notes:
+ carnil> Introduced in 6eb045e092ef ("scsi: core: avoid host-wide host_busy counter for
+ carnil> scsi_mq"). Vulnerable versions: 5.5-rc1.
+Bugs:
+upstream: released (6.8-rc3) [4373534a9850627a2695317944898eb1283a2db0]
+6.7-upstream-stable: released (6.7.4) [07e3ca0f17f579491b5f54e9ed05173d6c1d6fcb]
+6.6-upstream-stable: released (6.6.16) [65ead8468c21c2676d4d06f50b46beffdea69df1]
+6.1-upstream-stable: released (6.1.77) [db6338f45971b4285ea368432a84033690eaf53c]
+5.10-upstream-stable: released (5.10.210) [f5944853f7a961fedc1227dc8f60393f8936d37c]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26629 b/active/CVE-2024-26629
new file mode 100644
index 00000000..38cccf2f
--- /dev/null
+++ b/active/CVE-2024-26629
@@ -0,0 +1,17 @@
+Description: nfsd: fix RELEASE_LOCKOWNER
+References:
+Notes:
+ carnil> Introduced in ce3c4ad7f4ce ("NFSD: Fix possible sleep during
+ carnil> nfsd4_release_lockowner()"). Vulnerable versions: 4.9.317 4.14.282 4.19.246
+ carnil> 4.19.306 5.4.197 5.10.120 5.15.45 5.17.13 5.18.2 5.19-rc1.
+Bugs:
+upstream: released (6.8-rc2) [edcf9725150e42beeca42d085149f4c88fa97afd]
+6.7-upstream-stable: released (6.7.3) [8f5b860de87039b007e84a28a5eefc888154e098]
+6.6-upstream-stable: released (6.6.15) [b7d2eee1f53899b53f069bba3a59a419fc3d331b]
+6.1-upstream-stable: released (6.1.79) [e4cf8941664cae2f89f0189c29fe2ce8c6be0d03]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.6.15-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26633 b/active/CVE-2024-26633
new file mode 100644
index 00000000..fe33d7a5
--- /dev/null
+++ b/active/CVE-2024-26633
@@ -0,0 +1,17 @@
+Description: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()
+References:
+Notes:
+ carnil> Introduced in fbfa743a9d2a ("ipv6: fix ip6_tnl_parse_tlv_enc_lim()").
+ carnil> Vulnerable versions: 3.2.87 3.10.106 3.12.71 3.16.42 3.18.49 4.4.50 4.9.11
+ carnil> 4.10-rc6.
+Bugs:
+upstream: released (6.8-rc1) [d375b98e0248980681e5e56b712026174d617198]
+6.7-upstream-stable: released (6.7.2) [ba8d904c274268b18ef3dc11d3ca7b24a96cb087]
+6.6-upstream-stable: released (6.6.14) [687c5d52fe53e602e76826dbd4d7af412747e183]
+6.1-upstream-stable: released (6.1.75) [62a1fedeb14c7ac0947ef33fadbabd35ed2400a2]
+5.10-upstream-stable: released (5.10.209) [da23bd709b46168f7dfc36055801011222b076cd]
+4.19-upstream-stable: released (4.19.306) [135414f300c5db995e2a2f3bf0f455de9d014aee]
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: released (5.10.209-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26635 b/active/CVE-2024-26635
new file mode 100644
index 00000000..f96c9602
--- /dev/null
+++ b/active/CVE-2024-26635
@@ -0,0 +1,16 @@
+Description: llc: Drop support for ETH_P_TR_802_2.
+References:
+Notes:
+ carnil> Introduced in 211ed865108e ("net: delete all instances of special processing
+ carnil> for token ring"). Vulnerable versions: 3.5-rc1.
+Bugs:
+upstream: released (6.8-rc2) [e3f9bed9bee261e3347131764e42aeedf1ffea61]
+6.7-upstream-stable: released (6.7.3) [df57fc2f2abf548aa889a36ab0bdcc94a75399dc]
+6.6-upstream-stable: released (6.6.15) [f1f34a515fb1e25e85dee94f781e7869ae351fb8]
+6.1-upstream-stable: released (6.1.76) [660c3053d992b68fee893a0e9ec9159228cffdc6]
+5.10-upstream-stable: released (5.10.210) [9ccdef19cf9497c2803b005369668feb91cacdfd]
+4.19-upstream-stable: released (4.19.307) [165ad1e22779685c3ed3dd349c6c4c632309cc62]
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26636 b/active/CVE-2024-26636
new file mode 100644
index 00000000..a7f69f71
--- /dev/null
+++ b/active/CVE-2024-26636
@@ -0,0 +1,16 @@
+Description: llc: make llc_ui_sendmsg() more robust against bonding changes
+References:
+Notes:
+ carnil> Introduced in 1da177e4c3f4 ("Linux-2.6.12-rc2"). Vulnerable versions:
+ carnil> 2.6.12-rc2^0.
+Bugs:
+upstream: released (6.8-rc2) [dad555c816a50c6a6a8a86be1f9177673918c647]
+6.7-upstream-stable: released (6.7.3) [c451c008f563d56d5e676c9dcafae565fcad84bb]
+6.6-upstream-stable: released (6.6.15) [cafd3ad3fe03ef4d6632747be9ee15dc0029db4b]
+6.1-upstream-stable: released (6.1.76) [6d53b813ff8b177f86f149c2f744442681f720e4]
+5.10-upstream-stable: released (5.10.210) [04f2a74b562f3a7498be0399309669f342793d8c]
+4.19-upstream-stable: released (4.19.307) [84e9d10419f6f4f3f3cd8f9aaf44a48719aa4b1b]
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26639 b/active/CVE-2024-26639
new file mode 100644
index 00000000..6641b3e0
--- /dev/null
+++ b/active/CVE-2024-26639
@@ -0,0 +1,17 @@
+Description: mm, kmsan: fix infinite recursion due to RCU critical section
+References:
+Notes:
+ carnil> Introduced in 5ec8e8ea8b77 ("mm/sparsemem: fix race in accessing
+ carnil> memory_section->usage"). Vulnerable versions: 5.10.210 5.15.149 6.1.76 6.6.15
+ carnil> 6.7.3 6.8-rc1.
+Bugs:
+upstream: released (6.8-rc3) [f6564fce256a3944aa1bc76cb3c40e792d97c1eb]
+6.7-upstream-stable: released (6.7.4) [5a33420599fa0288792537e6872fd19cc8607ea6]
+6.6-upstream-stable: released (6.6.16) [6335c0cdb2ea0ea02c999e04d34fd84f69fb27ff]
+6.1-upstream-stable: released (6.1.77) [dc904345e3771aa01d0b8358b550802fdc6fe00b]
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26640 b/active/CVE-2024-26640
new file mode 100644
index 00000000..0d04635c
--- /dev/null
+++ b/active/CVE-2024-26640
@@ -0,0 +1,16 @@
+Description: tcp: add sanity checks to rx zerocopy
+References:
+Notes:
+ carnil> Introduced in 93ab6cc69162 ("tcp: implement mmap() for zero copy receive").
+ carnil> Vulnerable versions: 4.18-rc1.
+Bugs:
+upstream: released (6.8-rc3) [577e4432f3ac810049cb7e6b71f4d96ec7c6e894]
+6.7-upstream-stable: released (6.7.4) [1b8adcc0e2c584fec778add7777fe28e20781e60]
+6.6-upstream-stable: released (6.6.16) [d15cc0f66884ef2bed28c7ccbb11c102aa3a0760]
+6.1-upstream-stable: released (6.1.77) [b383d4ea272fe5795877506dcce5aad1f6330e5e]
+5.10-upstream-stable: released (5.10.210) [f48bf9a83b1666d934247cb58a9887d7b3127b6f]
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26641 b/active/CVE-2024-26641
new file mode 100644
index 00000000..bfc28395
--- /dev/null
+++ b/active/CVE-2024-26641
@@ -0,0 +1,16 @@
+Description: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()
+References:
+Notes:
+ carnil> Introduced in 0d3c703a9d17 ("ipv6: Cleanup IPv6 tunnel receive path").
+ carnil> Vulnerable versions: 4.7-rc1.
+Bugs:
+upstream: released (6.8-rc3) [8d975c15c0cd744000ca386247432d57b21f9df0]
+6.7-upstream-stable: released (6.7.4) [c835df3bcc14858ae9b27315dd7de76370b94f3a]
+6.6-upstream-stable: released (6.6.16) [350a6640fac4b53564ec20aa3f4a0922cb0ba5e6]
+6.1-upstream-stable: released (6.1.77) [d54e4da98bbfa8c257bdca94c49652d81d18a4d8]
+5.10-upstream-stable: released (5.10.210) [a9bc32879a08f23cdb80a48c738017e39aea1080]
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26642 b/active/CVE-2024-26642
new file mode 100644
index 00000000..d5108d27
--- /dev/null
+++ b/active/CVE-2024-26642
@@ -0,0 +1,16 @@
+Description: netfilter: nf_tables: disallow anonymous set with timeout flag
+References:
+Notes:
+ carnil> Introduced in 761da2935d6e ("netfilter: nf_tables: add set timeout API
+ carnil> support"). Vulnerable versions: 4.1-rc1.
+Bugs:
+upstream: released (6.8) [16603605b667b70da974bea8216c93e7db043bf1]
+6.7-upstream-stable: needed
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26643 b/active/CVE-2024-26643
new file mode 100644
index 00000000..c6bbee18
--- /dev/null
+++ b/active/CVE-2024-26643
@@ -0,0 +1,17 @@
+Description: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout
+References:
+Notes:
+ carnil> Introduced in 5f68718b34a5 ("netfilter: nf_tables: GC transaction API to avoid
+ carnil> race with control plane"). Vulnerable versions: 5.4.262 5.10.198 5.15.134
+ carnil> 6.1.56 6.4.11 6.5-rc6.
+Bugs:
+upstream: released (6.8) [552705a3650bbf46a22b1adedc1b04181490fc36]
+6.7-upstream-stable: needed
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26644 b/active/CVE-2024-26644
new file mode 100644
index 00000000..cd5178bb
--- /dev/null
+++ b/active/CVE-2024-26644
@@ -0,0 +1,15 @@
+Description: btrfs: don't abort filesystem when attempting to snapshot deleted subvolume
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc2) [7081929ab2572920e94d70be3d332e5c9f97095a]
+6.7-upstream-stable: released (6.7.3) [d8680b722f0ff6d7a01ddacc1844e0d52354d6ff]
+6.6-upstream-stable: released (6.6.15) [ec794a7528199e1be6d47bec03f4755aa75df256]
+6.1-upstream-stable: released (6.1.76) [6e6bca99e8d88d989a7cde4c064abea552d5219b]
+5.10-upstream-stable: released (5.10.210) [2bdf872bcfe629a6202ffd6641615a8ed00e8464]
+4.19-upstream-stable: needed
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26645 b/active/CVE-2024-26645
new file mode 100644
index 00000000..b8375d40
--- /dev/null
+++ b/active/CVE-2024-26645
@@ -0,0 +1,16 @@
+Description: tracing: Ensure visibility when inserting an element into tracing_map
+References:
+Notes:
+ carnil> Introduced in c193707dde77 ("tracing: Remove code which merges duplicates").
+ carnil> Vulnerable versions: 4.17-rc1.
+Bugs:
+upstream: released (6.8-rc2) [2b44760609e9eaafc9d234a6883d042fc21132a7]
+6.7-upstream-stable: released (6.7.3) [bf4aeff7da85c3becd39fb73bac94122331c30fb]
+6.6-upstream-stable: released (6.6.15) [a1eebe76e187dbe11ca299f8dbb6e45d5b1889e7]
+6.1-upstream-stable: released (6.1.76) [f4f7e696db0274ff560482cc52eddbf0551d4b7a]
+5.10-upstream-stable: released (5.10.210) [ef70dfa0b1e5084f32635156c9a5c795352ad860]
+4.19-upstream-stable: released (4.19.307) [5022b331c041e8c54b9a6a3251579bd1e8c0fc0b]
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26646 b/active/CVE-2024-26646
new file mode 100644
index 00000000..b8d8034a
--- /dev/null
+++ b/active/CVE-2024-26646
@@ -0,0 +1,15 @@
+Description: thermal: intel: hfi: Add syscore callbacks for system-wide PM
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [97566d09fd02d2ab329774bb89a2cdf2267e86d9]
+6.7-upstream-stable: released (6.7.3) [c9d6d63b6c03afaa6f185df249af693a7939577c]
+6.6-upstream-stable: released (6.6.15) [019ccc66d56a696a4dfee3bfa2f04d0a7c3d89ee]
+6.1-upstream-stable: released (6.1.76) [28f010dc50df0f7987c04112114fcfa7e0803566]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26647 b/active/CVE-2024-26647
new file mode 100644
index 00000000..7f97d663
--- /dev/null
+++ b/active/CVE-2024-26647
@@ -0,0 +1,15 @@
+Description: drm/amd/display: Fix late derefrence 'dsc' check in 'link_set_dsc_pps_packet()'
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [3bb9b1f958c3d986ed90a3ff009f1e77e9553207]
+6.7-upstream-stable: released (6.7.3) [cf656fc7276e5b3709a81bc9d9639459be2b2647]
+6.6-upstream-stable: released (6.6.15) [6aa5ede6665122f4c8abce3c6eba06b49e54d25c]
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.6.15-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26648 b/active/CVE-2024-26648
new file mode 100644
index 00000000..e383cf1b
--- /dev/null
+++ b/active/CVE-2024-26648
@@ -0,0 +1,15 @@
+Description: drm/amd/display: Fix variable deferencing before NULL check in edp_setup_replay()
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [7073934f5d73f8b53308963cee36f0d389ea857c]
+6.7-upstream-stable: released (6.7.3) [c02d257c654191ecda1dc1af6875d527e85310e7]
+6.6-upstream-stable: released (6.6.15) [22ae604aea14756954e1c00ae653e34d2afd2935]
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.6.15-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26651 b/active/CVE-2024-26651
new file mode 100644
index 00000000..5b8b8f51
--- /dev/null
+++ b/active/CVE-2024-26651
@@ -0,0 +1,16 @@
+Description: sr9800: Add check for usbnet_get_endpoints
+References:
+Notes:
+ carnil> Introduced in 19a38d8e0aa3 ("USB2NET : SR9800 : One chip USB2.0 USB2NET SR9800
+ carnil> Device Driver Support"). Vulnerable versions: 3.14-rc3.
+Bugs:
+upstream: released (6.9-rc1) [07161b2416f740a2cb87faa5566873f401440a61]
+6.7-upstream-stable: released (6.7.11) [efba65777f98457773c5b65e3135c6132d3b015f]
+6.6-upstream-stable: released (6.6.23) [e39a3a14eafcf17f03c037290b78c8f483529028]
+6.1-upstream-stable: released (6.1.83) [9c402819620a842cbfe39359a3ddfaac9adc8384]
+5.10-upstream-stable: released (5.10.214) [6b4a39acafaf0186ed8e97c16e0aa6fca0e52009]
+4.19-upstream-stable: released (4.19.311) [424eba06ed405d557077339edb19ce0ebe39e7c7]
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26652 b/active/CVE-2024-26652
new file mode 100644
index 00000000..be76ef1d
--- /dev/null
+++ b/active/CVE-2024-26652
@@ -0,0 +1,16 @@
+Description: net: pds_core: Fix possible double free in error handling path
+References:
+Notes:
+ carnil> Introduced in 4569cce43bc6 ("pds_core: add auxiliary_bus devices"). Vulnerable
+ carnil> versions: 6.4-rc1.
+Bugs:
+upstream: released (6.8) [ba18deddd6d502da71fd6b6143c53042271b82bd]
+6.7-upstream-stable: released (6.7.10) [ffda0e962f270b3ec937660afd15b685263232d3]
+6.6-upstream-stable: released (6.6.22) [995f802abff209514ac2ee03b96224237646cec3]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/dsa-texts/4.19.232-1 b/dsa-texts/4.19.232-1
new file mode 100644
index 00000000..74084619
--- /dev/null
+++ b/dsa-texts/4.19.232-1
@@ -0,0 +1,387 @@
+From: Ben Hutchings <benh@debian.org>
+To: debian-security-announce@lists.debian.org
+Subject: [SECURITY] [DSA XXXX-1] linux security update
+
+-------------------------------------------------------------------------
+Debian Security Advisory DSA-XXXX-1 security@debian.org
+https://www.debian.org/security/ Ben Hutchings
+March 08, 2022 https://www.debian.org/security/faq
+-------------------------------------------------------------------------
+
+Package : linux
+CVE ID : CVE-2020-29374 CVE-2020-36322 CVE-2021-3640 CVE-2021-3744
+ CVE-2021-3752 CVE-2021-3760 CVE-2021-3764 CVE-2021-3772
+ CVE-2021-4002 CVE-2021-4083 CVE-2021-4135 CVE-2021-4155
+ CVE-2021-4203 CVE-2021-20317 CVE-2021-20321 CVE-2021-20322
+ CVE-2021-22600 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713
+ CVE-2021-28714 CVE-2021-28715 CVE-2021-28950 CVE-2021-38300
+ CVE-2021-39685 CVE-2021-39686 CVE-2021-39698 CVE-2021-39713
+ CVE-2021-41864 CVE-2021-42739 CVE-2021-43389 CVE-2021-43975
+ CVE-2021-43976 CVE-2021-44733 CVE-2021-45095 CVE-2021-45469
+ CVE-2021-45480 CVE-2022-0001 CVE-2022-0002 CVE-2022-0322
+ CVE-2022-0330 CVE-2022-0435 CVE-2022-0487 CVE-2022-0492
+ CVE-2022-0617 CVE-2022-0644 CVE-2022-22942 CVE-2022-24448
+ CVE-2022-24959 CVE-2022-25258 CVE-2022-25375
+Debian Bug : 988044 989285 990411 994050
+
+Several vulnerabilities have been discovered in the Linux kernel that
+may lead to a privilege escalation, denial of service or information
+leaks.
+
+CVE-2020-29374
+
+ Jann Horn of Google reported a flaw in Linux's virtual memory
+ management. A parent and child process initially share all their
+ memory, but when either writes to a shared page, the page is
+ duplicated and unshared (copy-on-write). However, in case an
+ operation such as vmsplice() required the kernel to take an
+ additional reference to a shared page, and a copy-on-write occurs
+ during this operation, the kernel might have accessed the wrong
+ process's memory. For some programs, this could lead to an
+ information leak or data corruption.
+
+ This issue was already fixed for most architectures, but not on
+ MIPS and System z. This update corrects that.
+
+CVE-2020-36322, CVE-2021-28950
+
+ The syzbot tool found that the FUSE (filesystem-in-user-space)
+ implementation did not correctly handle a FUSE server returning
+ invalid attributes for a file. A local user permitted to run a
+ FUSE server could use this to cause a denial of service (crash).
+
+ The original fix for this introduced a different potential denial
+ of service (infinite loop in kernel space), which has also been
+ fixed.
+
+CVE-2021-3640
+
+ Lin Ma discovered a race condiiton in the Bluetooth protocol
+ implementation that can lead to a use-after-free. A local
+ user could exploit this to cause a denial of service (memory
+ corruption or crash) or possibly for privilege escalation.
+
+CVE-2021-3744, CVE-2021-3764
+
+ minihanshen reported bugs in the ccp driver for AMD
+ Cryptographic Coprocessors that could lead to a resource leak.
+ On systems using this driver, a local user could exploit this to
+ cause a denial of service.
+
+CVE-2021-3752
+
+ Likang Luo of NSFOCUS Security Team discovered a flaw in the
+ Bluetooth L2CAP implementation that can lead to a user-after-free.
+ A local user could exploit this to cause a denial of service
+ (memory corruption or crash) or possibly for privilege escalation.
+
+CVE-2021-3760, CVE-2021-4202
+
+ Lin Ma discovered race conditions in the NCI (NFC Controller
+ Interface) driver, which could lead to a use-after-free. A local
+ user could exploit this to cause a denial of service (memory
+ corruption or crash) or possibly for privilege escalation.
+
+ This driver is not enabled in Debian's official kernel
+ configurations.
+
+CVE-2021-3772
+
+ A flaw was found in the SCTP protocol implementation, which would
+ allow a networked attacker to break an SCTP association. The
+ attacker would only need to know or guess the IP addresses and
+ ports for the association.
+
+CVE-2021-4002
+
+ It was discovered that hugetlbfs, the virtual filesystem used by
+ applications to allocate huge pages in RAM, did not flush the
+ CPU's TLB in one case where it was necessary. In some
+ circumstances a local user would be able to read and write huge
+ pages after they are freed and reallocated to a different process.
+ This could lead to privilege escalation, denial of service or
+ information leaks.
+
+CVE-2021-4083
+
+ Jann Horn reported a race condition in the local (Unix) sockets
+ garbage collector, that can lead to use-after-free. A local user
+ could exploit this to cause a denial of service (memory corruption
+ or crash) or possibly for privilege escalation.
+
+CVE-2021-4135
+
+ A flaw was found in the netdevsim driver which would lead to an
+ information leak.
+
+ This driver is not enabled in Debian's official kernel
+ configurations.
+
+CVE-2021-4155
+
+ Kirill Tkhai discovered a data leak in the way the XFS_IOC_ALLOCSP
+ IOCTL in the XFS filesystem allowed for a size increase of files
+ with unaligned size. A local attacker can take advantage of this
+ flaw to leak data on the XFS filesystem.
+
+CVE-2021-4203
+
+ Jann Horn reported a race condition in the local (Unix) sockets
+ implementation that can lead to a use-after-free. A local user
+ could exploit this to leak sensitive information from the kernel.
+
+CVE-2021-20317
+
+ It was discovered that the timer queue structure could become
+ corrupt, leading to waiting tasks never being woken up. A local
+ user with certain privileges could exploit this to cause a denial
+ of service (system hang).
+
+CVE-2021-20321
+
+ A race condition was discovered in the overlayfs filesystem
+ driver. A local user with access to an overlayfs mount and to its
+ underlying upper directory could exploit this for privilege
+ escalation.
+
+CVE-2021-20322
+
+ An information leak was discovered in the IPv4 implementation. A
+ remote attacker could exploit this to quickly discover which UDP
+ ports a system is using, making it easier for them to carry out a
+ DNS poisoning attack against that system.
+
+CVE-2021-22600
+
+ The syzbot tool found a flaw in the packet socket (AF_PACKET)
+ implementation which could lead to incorrectly freeing memory. A
+ local user with CAP_NET_RAW capability (in any user namespace)
+ could exploit this for denial of service (memory corruption or
+ crash) or possibly for privilege escalation.
+
+CVE-2021-28711, CVE-2021-28712, CVE-2021-28713 (XSA-391)
+
+ Juergen Gross reported that malicious PV backends can cause a denial
+ of service to guests being serviced by those backends via high
+ frequency events, even if those backends are running in a less
+ privileged environment.
+
+CVE-2021-28714, CVE-2021-28715 (XSA-392)
+
+ Juergen Gross discovered that Xen guests can force the Linux
+ netback driver to hog large amounts of kernel memory, resulting in
+ denial of service.
+
+CVE-2021-38300
+
+ Piotr Krysiuk discovered a flaw in the classic BPF (cBPF) JIT
+ compiler for MIPS architectures. A local user could exploit
+ this to excute arbitrary code in the kernel.
+
+ This issue is mitigated by setting sysctl
+ net.core.bpf_jit_enable=0, which is the default. It is *not*
+ mitigated by disabling unprivileged use of eBPF.
+
+CVE-2021-39685
+
+ Szymon Heidrich discovered a buffer overflow vulnerability in the
+ USB gadget subsystem, resulting in information disclosure, denial of
+ service or privilege escalation.
+
+CVE-2021-39686
+
+ A race condition was discovered in the Android binder driver, that
+ could lead to incorrect security checks. On systems where the
+ binder driver is loaded, a local user could exploit this for
+ privilege escalation.
+
+CVE-2021-39698
+
+ Linus Torvalds reported a flaw in the file polling implementation,
+ which could lead to a use-after-free. A local user could exploit
+ this for denial of service (memory corruption or crash) or
+ possibly for privilege escalation.
+
+CVE-2021-39713
+
+ The syzbot tool found a race condition in the network scheduling
+ subsystem which could lead to a use-after-free. A local user
+ could exploit this for denial of service (memory corruption or
+ crash) or possibly for privilege escalation.
+
+CVE-2021-41864
+
+ An integer overflow was discovered in the Extended BPF (eBPF)
+ subsystem. A local user could exploit this for denial of service
+ (memory corruption or crash), or possibly for privilege
+ escalation.
+
+ This can be mitigated by setting sysctl
+ kernel.unprivileged_bpf_disabled=1, which disables eBPF use by
+ unprivileged users.
+
+CVE-2021-42739
+
+ A heap buffer overflow was discovered in the firedtv driver for
+ FireWire-connected DVB receivers. A local user with access to a
+ firedtv device could exploit this for denial of service (memory
+ corruption or crash), or possibly for privilege escalation.
+
+CVE-2021-43389
+
+ The Active Defense Lab of Venustech discovered a flaw in the CMTP
+ subsystem as used by Bluetooth, which could lead to an
+ out-of-bounds read and object type confusion. A local user with
+ CAP_NET_ADMIN capability in the initial user namespace could
+ exploit this for denial of service (memory corruption or crash),
+ or possibly for privilege escalation.
+
+CVE-2021-43975
+
+ Brendan Dolan-Gavitt reported a flaw in the
+ hw_atl_utils_fw_rpc_wait() function in the aQuantia AQtion ethernet
+ device driver which can result in denial of service or the execution
+ of arbitrary code.
+
+CVE-2021-43976
+
+ Zekun Shen and Brendan Dolan-Gavitt discovered a flaw in the
+ mwifiex_usb_recv() function of the Marvell WiFi-Ex USB Driver. An
+ attacker able to connect a crafted USB device can take advantage of
+ this flaw to cause a denial of service.
+
+CVE-2021-44733
+
+ A race condition was discovered in the Trusted Execution
+ Environment (TEE) subsystem for Arm processors, which could lead
+ to a use-after-free. A local user permitted to access a TEE
+ device could exploit this for denial of service (memory corruption
+ or crash) or possibly for privilege escalation.
+
+CVE-2021-45095
+
+ It was discovered that the Phone Network protocol (PhoNet) driver
+ has a reference count leak in the pep_sock_accept() function.
+
+CVE-2021-45469
+
+ Wenqing Liu reported an out-of-bounds memory access in the f2fs
+ implementation if an inode has an invalid last xattr entry. An
+ attacker able to mount a specially crafted image can take advantage
+ of this flaw for denial of service.
+
+CVE-2021-45480
+
+ A memory leak flaw was discovered in the __rds_conn_create()
+ function in the RDS (Reliable Datagram Sockets) protocol subsystem.
+
+CVE-2022-0001 (INTEL-SA-00598)
+
+ Researchers at VUSec discovered that the Branch History Buffer in
+ Intel processors can be exploited to create information side-
+ channels with speculative execution. This issue is similar to
+ Spectre variant 2, but requires additional mitigations on some
+ processors.
+
+ This can be exploited to obtain sensitive information from a
+ different security context, such as from user-space to the kernel,
+ or from a KVM guest to the kernel.
+
+CVE-2022-0002 (INTEL-SA-00598)
+
+ This is a similar issue to CVE-2022-0001, but covers exploitation
+ within a security context, such as from JIT-compiled code in a
+ sandbox to hosting code in the same process.
+
+ This can be partly mitigated by disabling eBPF for unprivileged
+ users with the sysctl: kernel.unprivileged_bpf_disabled=2. This
+ update does that by default.
+
+CVE-2022-0322
+
+ Eiichi Tsukata discovered a flaw in the sctp_make_strreset_req()
+ function in the SCTP network protocol implementation which can
+ result in denial of service.
+
+CVE-2022-0330
+
+ Sushma Venkatesh Reddy discovered a missing GPU TLB flush in the
+ i915 driver, resulting in denial of service or privilege escalation.
+
+CVE-2022-0435
+
+ Samuel Page and Eric Dumazet reported a stack overflow in the
+ networking module for the Transparent Inter-Process Communication
+ (TIPC) protocol, resulting in denial of service or potentially the
+ execution of arbitrary code.
+
+CVE-2022-0487
+
+ A use-after-free was discovered in the MOXART SD/MMC Host Controller
+ support driver. This flaw does not impact the Debian binary packages
+ as CONFIG_MMC_MOXART is not set.
+
+CVE-2022-0492
+
+ Yiqi Sun and Kevin Wang reported that the cgroup-v1 subsystem does
+ not properly restrict access to the release-agent feature. A local
+ user can take advantage of this flaw for privilege escalation and
+ bypass of namespace isolation.
+
+CVE-2022-0617
+
+ butt3rflyh4ck discovered a NULL pointer dereference in the UDF
+ filesystem. A local user that can mount a specially crafted UDF
+ image can use this flaw to crash the system.
+
+CVE-2022-0644
+
+ Hao Sun reported a missing check for file read permission in the
+ finit_module() and kexec_file_load() system calls. The security
+ impact of this is unclear, since these system calls are usually
+ only available to the root user.
+
+CVE-2022-22942
+
+ It was discovered that wrong file file descriptor handling in the
+ VMware Virtual GPU driver (vmwgfx) could result in information leak
+ or privilege escalation.
+
+CVE-2022-24448
+
+ Lyu Tao reported a flaw in the NFS implementation in the Linux
+ kernel when handling requests to open a directory on a regular file,
+ which could result in a information leak.
+
+CVE-2022-24959
+
+ A memory leak was discovered in the yam_siocdevprivate() function of
+ the YAM driver for AX.25, which could result in denial of service.
+
+CVE-2022-25258
+
+ Szymon Heidrich reported the USB Gadget subsystem lacks certain
+ validation of interface OS descriptor requests, resulting in memory
+ corruption.
+
+CVE-2022-25375
+
+ Szymon Heidrich reported that the RNDIS USB gadget lacks validation
+ of the size of the RNDIS_MSG_SET command, resulting in information
+ leak from kernel memory.
+
+For the oldstable distribution (buster), these problems have been
+fixed in version 4.19.232-1. This update additionally includes many
+more bug fixes from stable updates 4.19.209-4.19.232 inclusive.
+
+We recommend that you upgrade your linux packages.
+
+For the detailed security status of linux please refer to
+its security tracker page at:
+https://security-tracker.debian.org/tracker/linux
+
+Further information about Debian Security Advisories, how to apply
+these updates to your system and frequently asked questions can be
+found at: https://www.debian.org/security/
+
+Mailing list: debian-security-announce@lists.debian.org
diff --git a/dsa-texts/4.19.249-2 b/dsa-texts/4.19.249-2
new file mode 100644
index 00000000..141170f1
--- /dev/null
+++ b/dsa-texts/4.19.249-2
@@ -0,0 +1,304 @@
+From: Ben Hutchings <benh@debian.org>
+Sender: Salvatore Bonaccorso <carnil@debian.org>
+To: debian-security-announce@lists.debian.org
+Subject: [SECURITY] [DSA 5173-1] linux security update
+
+-------------------------------------------------------------------------
+Debian Security Advisory DSA-5173-1 security@debian.org
+https://www.debian.org/security/ Ben Hutchings
+July 03, 2022 https://www.debian.org/security/faq
+-------------------------------------------------------------------------
+
+Package : linux
+CVE ID : CVE-2021-4197 CVE-2022-0494 CVE-2022-0812 CVE-2022-0854
+ CVE-2022-1011 CVE-2022-1012 CVE-2022-1016 CVE-2022-1048
+ CVE-2022-1184 CVE-2022-1195 CVE-2022-1198 CVE-2022-1199
+ CVE-2022-1204 CVE-2022-1205 CVE-2022-1353 CVE-2022-1419
+ CVE-2022-1516 CVE-2022-1652 CVE-2022-1729 CVE-2022-1734
+ CVE-2022-1974 CVE-2022-1975 CVE-2022-2153 CVE-2022-21123
+ CVE-2022-21125 CVE-2022-21166 CVE-2022-23960 CVE-2022-26490
+ CVE-2022-27666 CVE-2022-28356 CVE-2022-28388 CVE-2022-28389
+ CVE-2022-28390 CVE-2022-29581 CVE-2022-30594 CVE-2022-32250
+ CVE-2022-32296 CVE-2022-33981
+Debian Bug : 922204 1006346 1013299
+
+Several vulnerabilities have been discovered in the Linux kernel that
+may lead to a privilege escalation, denial of service or information
+leaks.
+
+CVE-2021-4197
+
+ Eric Biederman reported that incorrect permission checks in the
+ cgroup process migration implementation can allow a local attacker
+ to escalate privileges.
+
+CVE-2022-0494
+
+ The scsi_ioctl() was susceptible to an information leak only
+ exploitable by users with CAP_SYS_ADMIN or CAP_SYS_RAWIO
+ capabilities.
+
+CVE-2022-0812
+
+ It was discovered that the RDMA transport for NFS (xprtrdma)
+ miscalculated the size of message headers, which could lead to a
+ leak of sensitive information between NFS servers and clients.
+
+CVE-2022-0854
+
+ Ali Haider discovered a potential information leak in the DMA
+ subsystem. On systems where the swiotlb feature is needed, this
+ might allow a local user to read sensitive information.
+
+CVE-2022-1011
+
+ Jann Horn discovered a flaw in the FUSE (Filesystem in User-Space)
+ implementation. A local user permitted to mount FUSE filesystems
+ could exploit this to cause a use-after-free and read sensitive
+ information.
+
+CVE-2022-1012, CVE-2022-32296
+
+ Moshe Kol, Amit Klein, and Yossi Gilad discovered a weakness
+ in randomisation of TCP source port selection.
+
+CVE-2022-1016
+
+ David Bouman discovered a flaw in the netfilter subsystem where
+ the nft_do_chain function did not initialize register data that
+ nf_tables expressions can read from and write to. A local attacker
+ can take advantage of this to read sensitive information.
+
+CVE-2022-1048
+
+ Hu Jiahui discovered a race condition in the sound subsystem that
+ can result in a use-after-free. A local user permitted to access a
+ PCM sound device can take advantage of this flaw to crash the
+ system or potentially for privilege escalation.
+
+CVE-2022-1184
+
+ A flaw was discovered in the ext4 filesystem driver which can lead
+ to a use-after-free. A local user permitted to mount arbitrary
+ filesystems could exploit this to cause a denial of service (crash
+ or memory corruption) or possibly for privilege escalation.
+
+CVE-2022-1195
+
+ Lin Ma discovered race conditions in the 6pack and mkiss hamradio
+ drivers, which could lead to a use-after-free. A local user could
+ exploit these to cause a denial of service (memory corruption or
+ crash) or possibly for privilege escalation.
+
+CVE-2022-1198
+
+ Duoming Zhou discovered a race condition in the 6pack hamradio
+ driver, which could lead to a use-after-free. A local user could
+ exploit this to cause a denial of service (memory corruption or
+ crash) or possibly for privilege escalation.
+
+CVE-2022-1199, CVE-2022-1204, CVE-2022-1205
+
+ Duoming Zhou discovered race conditions in the AX.25 hamradio
+ protocol, which could lead to a use-after-free or null pointer
+ dereference. A local user could exploit this to cause a denial of
+ service (memory corruption or crash) or possibly for privilege
+ escalation.
+
+CVE-2022-1353
+
+ The TCS Robot tool found an information leak in the PF_KEY
+ subsystem. A local user can receive a netlink message when an
+ IPsec daemon registers with the kernel, and this could include
+ sensitive information.
+
+CVE-2022-1419
+
+ Minh Yuan discovered a race condition in the vgem virtual GPU
+ driver that can lead to a use-after-free. A local user permitted
+ to access the GPU device can exploit this to cause a denial of
+ service (crash or memory corruption) or possibly for privilege
+ escalation.
+
+CVE-2022-1516
+
+ A NULL pointer dereference flaw in the implementation of the X.25
+ set of standardized network protocols, which can result in denial
+ of service.
+
+ This driver is not enabled in Debian's official kernel
+ configurations.
+
+CVE-2022-1652
+
+ Minh Yuan discovered a race condition in the floppy driver that
+ can lead to a use-after-free. A local user permitted to access a
+ floppy drive device can exploit this to cause a denial of service
+ (crash or memory corruption) or possibly for privilege escalation.
+
+CVE-2022-1729
+
+ Norbert Slusarek discovered a race condition in the perf subsystem
+ which could result in local privilege escalation to root. The
+ default settings in Debian prevent exploitation unless more
+ permissive settings have been applied in the
+ kernel.perf_event_paranoid sysctl.
+
+CVE-2022-1734
+
+ Duoming Zhou discovered race conditions in the nfcmrvl NFC driver
+ that could lead to a use-after-free, double-free or null pointer
+ dereference. A local user might be able to exploit these for
+ denial of service (crash or memory corruption) or possibly for
+ privilege escalation.
+
+ This driver is not enabled in Debian's official kernel
+ configurations.
+
+CVE-2022-1974, CVE-2022-1975
+
+ Duoming Zhou discovered that the NFC netlink interface was
+ suspectible to denial of service.
+
+CVE-2022-2153
+
+ "kangel" reported a flaw in the KVM implementation for x86
+ processors which could lead to a null pointer dereference. A local
+ user permitted to access /dev/kvm could exploit this to cause a
+ denial of service (crash).
+
+CVE-2022-21123, CVE-2022-21125, CVE-2022-21166
+
+ Various researchers discovered flaws in Intel x86 processors,
+ collectively referred to as MMIO Stale Data vulnerabilities.
+ These are similar to the previously published Microarchitectural
+ Data Sampling (MDS) issues and could be exploited by local users
+ to leak sensitive information.
+
+ For some CPUs, the mitigations for these issues require updated
+ microcode. An updated intel-microcode package may be provided at
+ a later date. The updated CPU microcode may also be available as
+ part of a system firmware ("BIOS") update.
+
+ Further information on the mitigation can be found at
+ <https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/processor_mmio_stale_data.html>
+ or in the linux-doc-4.19 package.
+
+CVE-2022-23960
+
+ Researchers at VUSec discovered that the Branch History Buffer in
+ Arm processors can be exploited to create information side-
+ channels with speculative execution. This issue is similar to
+ Spectre variant 2, but requires additional mitigations on some
+ processors.
+
+ This was previously mitigated for 32-bit Arm (armel and armhf)
+ architectures and is now also mitigated for 64-bit Arm (arm64).
+
+ This can be exploited to obtain sensitive information from a
+ different security context, such as from user-space to the kernel,
+ or from a KVM guest to the kernel.
+
+CVE-2022-26490
+
+ Buffer overflows in the STMicroelectronics ST21NFCA core driver
+ can result in denial of service or privilege escalation.
+
+ This driver is not enabled in Debian's official kernel
+ configurations.
+
+CVE-2022-27666
+
+ "valis" reported a possible buffer overflow in the IPsec ESP
+ transformation code. A local user can take advantage of this flaw
+ to cause a denial of service or for privilege escalation.
+
+CVE-2022-28356
+
+ "Beraphin" discovered that the ANSI/IEEE 802.2 LLC type 2 driver did
+ not properly perform reference counting on some error paths. A
+ local attacker can take advantage of this flaw to cause a denial
+ of service.
+
+CVE-2022-28388
+
+ A double free vulnerability was discovered in the 8 devices
+ USB2CAN interface driver.
+
+CVE-2022-28389
+
+ A double free vulnerability was discovered in the Microchip CAN
+ BUS Analyzer interface driver.
+
+CVE-2022-28390
+
+ A double free vulnerability was discovered in the EMS CPC-USB/ARM7
+ CAN/USB interface driver.
+
+CVE-2022-29581
+
+ Kyle Zeng discovered a reference-counting bug in the cls_u32
+ network classifier which can lead to a use-after-free. A local
+ user can exploit this to cause a denial of service (crash or
+ memory corruption) or possibly for privilege escalation.
+
+CVE-2022-30594
+
+ Jann Horn discovered a flaw in the interaction between ptrace and
+ seccomp subsystems. A process sandboxed using seccomp() but still
+ permitted to use ptrace() could exploit this to remove the seccomp
+ restrictions.
+
+CVE-2022-32250
+
+ Aaron Adams discovered a use-after-free in Netfilter which may
+ result in local privilege escalation to root.
+
+CVE-2022-33981
+
+ Yuan Ming from Tsinghua University reported a race condition in
+ the floppy driver involving use of the FDRAWCMD ioctl, which could
+ lead to a use-after-free. A local user with access to a floppy
+ drive device could exploit this to cause a denial of service
+ (crash or memory corruption) or possibly for privilege escalation.
+ This ioctl is now disabled by default.
+
+For the oldstable distribution (buster), these problems have been
+fixed in version 4.19.249-2.
+
+Due to an issue in the signing service (Cf. Debian bug #1012741), the
+vport-vxlan module cannot be loaded for the signed kernel for amd64 in
+this update.
+
+This update also corrects a regression in the network scheduler
+subsystem (bug #1013299).
+
+For the 32-bit Arm (armel and armhf) architectures, this update
+enables optimised implementations of several cryptographic and CRC
+algorithms. For at least AES, this should remove a timing side-
+channel that could lead to a leak of sensitive information.
+
+This update includes many more bug fixes from stable updates
+4.19.236-4.19.249 inclusive, including for bug #1006346. The random
+driver has been backported from Linux 5.19, fixing numerous
+performance and correctness issues. Some changes will be visible:
+
+- The entropy pool size is now 256 bits instead of 4096. You may need
+ to adjust the configuration of system monitoring or user-space
+ entropy gathering services to allow for this.
+
+- On systems without a hardware RNG, the kernel may log more uses of
+ /dev/urandom before it is fully initialised. These uses were
+ previously under-counted and this is not a regression.
+
+We recommend that you upgrade your linux packages.
+
+For the detailed security status of linux please refer to
+its security tracker page at:
+https://security-tracker.debian.org/tracker/linux
+
+Further information about Debian Security Advisories, how to apply
+these updates to your system and frequently asked questions can be
+found at: https://www.debian.org/security/
+
+Mailing list: debian-security-announce@lists.debian.org
diff --git a/dsa-texts/4.9.303-1 b/dsa-texts/4.9.303-1
new file mode 100644
index 00000000..926c028b
--- /dev/null
+++ b/dsa-texts/4.9.303-1
@@ -0,0 +1,233 @@
+From: Ben Hutchings <benh@debian.org>
+To: debian-lts-announce@lists.debian.org
+Subject: [SECURITY] [DLA XXXX-1] linux security update
+
+-------------------------------------------------------------------------
+Debian LTS Advisory DLA-XXXX-1 debian-lts@lists.debian.org
+https://www.debian.org/lts/security/ Ben Hutchings
+March 08, 2022 https://wiki.debian.org/LTS
+-------------------------------------------------------------------------
+
+Package : linux
+Version : 4.9.303-1
+CVE ID : CVE-2021-3640 CVE-2021-3752 CVE-2021-4002 CVE-2021-4083
+ CVE-2021-4155 CVE-2021-4202 CVE-2021-28711 CVE-2021-28712
+ CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-29264
+ CVE-2021-33033 CVE-2021-39685 CVE-2021-39686 CVE-2021-39698
+ CVE-2021-39714 CVE-2021-43976 CVE-2021-45095 CVE-2022-0001
+ CVE-2022-0002 CVE-2022-0330 CVE-2022-0435 CVE-2022-0487
+ CVE-2022-0492 CVE-2022-0617 CVE-2022-24448 CVE-2022-25258
+ CVE-2022-25375
+Debian Bug : 990411
+
+Several vulnerabilities have been discovered in the Linux kernel that
+may lead to a privilege escalation, denial of service or information
+leaks.
+
+CVE-2021-3640
+
+ LinMa of BlockSec Team discovered a race condition in the
+ Bluetooth SCO implementation that can lead to a use-after-free. A
+ local user could exploit this to cause a denial of service (memory
+ corruption or crash) or possibly for privilege escalation.
+
+CVE-2021-3752
+
+ Likang Luo of NSFOCUS Security Team discovered a flaw in the
+ Bluetooth L2CAP implementation that can lead to a user-after-free.
+ A local user could exploit this to cause a denial of service
+ (memory corruption or crash) or possibly for privilege escalation.
+
+CVE-2021-4002
+
+ It was discovered that hugetlbfs, the virtual filesystem used by
+ applications to allocate huge pages in RAM, did not flush the
+ CPU's TLB in one case where it was necessary. In some
+ circumstances a local user would be able to read and write huge
+ pages after they are freed and reallocated to a different process.
+ This could lead to privilege escalation, denial of service or
+ information leaks.
+
+CVE-2021-4083
+
+ Jann Horn reported a race condition in the local (Unix) sockets
+ garbage collector, that can lead to use-after-free. A local user
+ could exploit this to cause a denial of service (memory corruption
+ or crash) or possibly for privilege escalation.
+
+CVE-2021-4155
+
+ Kirill Tkhai discovered a data leak in the way the XFS_IOC_ALLOCSP
+ IOCTL in the XFS filesystem allowed for a size increase of files
+ with unaligned size. A local attacker can take advantage of this
+ flaw to leak data on the XFS filesystem.
+
+CVE-2021-4202
+
+ Lin Ma discovered a race condition in the NCI (NFC Controller
+ Interface) driver, which could lead to a use-after-free. A local
+ user could exploit this to cause a denial of service (memory
+ corruption or crash) or possibly for privilege escalation.
+
+ This protocol is not enabled in Debian's official kernel
+ configurations.
+
+CVE-2021-28711, CVE-2021-28712, CVE-2021-28713 (XSA-391)
+
+ Juergen Gross reported that malicious PV backends can cause a denial
+ of service to guests being serviced by those backends via high
+ frequency events, even if those backends are running in a less
+ privileged environment.
+
+CVE-2021-28714, CVE-2021-28715 (XSA-392)
+
+ Juergen Gross discovered that Xen guests can force the Linux
+ netback driver to hog large amounts of kernel memory, resulting in
+ denial of service.
+
+CVE-2021-29264
+
+ It was discovered that the "gianfar" Ethernet driver used with
+ some Freescale SoCs did not correctly handle a Rx queue overrun
+ when jumbo packets were enabled. On systems using this driver and
+ jumbo packets, an attacker on the network could exploit this to
+ cause a denial of service (crash).
+
+ This driver is not enabled in Debian's official kernel
+ configurations.
+
+CVE-2021-33033
+
+ The syzbot tool found a reference counting bug in the CIPSO
+ implementation that can lead to a use-after-free.
+
+ This protocol is not enabled in Debian's official kernel
+ configurations.
+
+CVE-2021-39685
+
+ Szymon Heidrich discovered a buffer overflow vulnerability in the
+ USB gadget subsystem, resulting in information disclosure, denial of
+ service or privilege escalation.
+
+CVE-2021-39686
+
+ A race condition was discovered in the Android binder driver, that
+ could lead to incorrect security checks. On systems where the
+ binder driver is loaded, a local user could exploit this for
+ privilege escalation.
+
+ This driver is not enabled in Debian's official kernel
+ configurations.
+
+CVE-2021-39698
+
+ Linus Torvalds reported a flaw in the file polling implementation,
+ which could lead to a use-after-free. A local user could exploit
+ this for denial of service (memory corruption or crash) or
+ possibly for privilege escalation.
+
+CVE-2021-39714
+
+ A potential reference count overflow was found in the Android Ion
+ driver. On systems where the Ion driver is loaded, a local user
+ could exploit this for denial of service (memory corruption or
+ crash) or possibly for privilege escalation.
+
+ This driver is not enabled in Debian's official kernel
+ configurations.
+
+CVE-2021-43976
+
+ Zekun Shen and Brendan Dolan-Gavitt discovered a flaw in the
+ mwifiex_usb_recv() function of the Marvell WiFi-Ex USB Driver. An
+ attacker able to connect a crafted USB device can take advantage of
+ this flaw to cause a denial of service.
+
+CVE-2021-45095
+
+ It was discovered that the Phone Network protocol (PhoNet) driver
+ has a reference count leak in the pep_sock_accept() function.
+
+CVE-2022-0001 (INTEL-SA-00598)
+
+ Researchers at VUSec discovered that the Branch History Buffer in
+ Intel processors can be exploited to create information side-
+ channels with speculative execution. This issue is similar to
+ Spectre variant 2, but requires additional mitigations on some
+ processors.
+
+ This can be exploited to obtain sensitive information from a
+ different security context, such as from user-space to the kernel,
+ or from a KVM guest to the kernel.
+
+CVE-2022-0002 (INTEL-SA-00598)
+
+ This is a similar issue to CVE-2022-0001, but covers exploitation
+ within a security context, such as from JIT-compiled code in a
+ sandbox to hosting code in the same process.
+
+ This can be partly mitigated by disabling eBPF for unprivileged
+ users with the sysctl: kernel.unprivileged_bpf_disabled=2. This
+ update does that by default.
+
+CVE-2022-0330
+
+ Sushma Venkatesh Reddy discovered a missing GPU TLB flush in the
+ i915 driver, resulting in denial of service or privilege escalation.
+
+CVE-2022-0435
+
+ Samuel Page and Eric Dumazet reported a stack overflow in the
+ networking module for the Transparent Inter-Process Communication
+ (TIPC) protocol, resulting in denial of service or potentially the
+ execution of arbitrary code.
+
+CVE-2022-0487
+
+ A use-after-free was discovered in the MOXART SD/MMC Host Controller
+ support driver. This flaw does not impact the Debian binary packages
+ as CONFIG_MMC_MOXART is not set.
+
+CVE-2022-0492
+
+ Yiqi Sun and Kevin Wang reported that the cgroup-v1 subsystem does
+ not properly restrict access to the release-agent feature. A local
+ user can take advantage of this flaw for privilege escalation and
+ bypass of namespace isolation.
+
+CVE-2022-0617
+
+ butt3rflyh4ck discovered a NULL pointer dereference in the UDF
+ filesystem. A local user that can mount a specially crafted UDF
+ image can use this flaw to crash the system.
+
+CVE-2022-24448
+
+ Description
+
+CVE-2022-25258
+
+ Szymon Heidrich reported the USB Gadget subsystem lacks certain
+ validation of interface OS descriptor requests, resulting in memory
+ corruption.
+
+CVE-2022-25375
+
+ Szymon Heidrich reported that the RNDIS USB gadget lacks validation
+ of the size of the RNDIS_MSG_SET command, resulting in information
+ leak from kernel memory.
+
+For Debian 9 stretch, these problems have been fixed in version
+4.9.303-1. This update additionally includes many more bug fixes from
+stable updates 4.9.291-4.9.303 inclusive.
+
+We recommend that you upgrade your linux packages.
+
+For the detailed security status of linux please refer to
+its security tracker page at:
+https://security-tracker.debian.org/tracker/linux
+
+Further information about Debian LTS security advisories, how to apply
+these updates to your system and frequently asked questions can be
+found at: https://wiki.debian.org/LTS
diff --git a/dsa-texts/4.9.320-2 b/dsa-texts/4.9.320-2
new file mode 100644
index 00000000..b8bfdc34
--- /dev/null
+++ b/dsa-texts/4.9.320-2
@@ -0,0 +1,285 @@
+From: Ben Hutchings <benh@debian.org>
+To: debian-lts-announce@lists.debian.org
+Subject: [SECURITY] [DLA 3065-1] linux security update
+
+-------------------------------------------------------------------------
+Debian LTS Advisory DLA-3065-1 debian-lts@lists.debian.org
+https://www.debian.org/lts/security/ Ben Hutchings
+June 30, 2022 https://wiki.debian.org/LTS
+-------------------------------------------------------------------------
+
+Package : linux
+Version : 4.9.320-2
+CVE ID : CVE-2018-1108 CVE-2021-4149 CVE-2021-39713 CVE-2022-0494
+ CVE-2022-0812 CVE-2022-0854 CVE-2022-1011 CVE-2022-1012
+ CVE-2022-1016 CVE-2022-1198 CVE-2022-1199 CVE-2022-1353
+ CVE-2022-1516 CVE-2022-1729 CVE-2022-1734 CVE-2022-1974
+ CVE-2022-1975 CVE-2022-2153 CVE-2022-21123 CVE-2022-21125
+ CVE-2022-21166 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038
+ CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042
+ CVE-2022-23960 CVE-2022-24958 CVE-2022-26490 CVE-2022-26966
+ CVE-2022-27223 CVE-2022-28356 CVE-2022-28390 CVE-2022-30594
+ CVE-2022-32250 CVE-2022-32296 CVE-2022-33981
+Debian Bug : 922204
+
+Several vulnerabilities have been discovered in the Linux kernel that
+may lead to a privilege escalation, denial of service or information
+leaks.
+
+CVE-2018-1108
+
+ It was discovered that the random driver could generate random
+ bytes through /dev/random and the getrandom() system call before
+ gathering enough entropy that these would be unpredictable. This
+ could compromise the confidentiality and integrity of encrypted
+ communications.
+
+ The original fix for this issue had to be reverted because it
+ caused the boot process to hang on many systems. In this version,
+ the random driver has been updated, making it more effective in
+ gathering entropy without needing a hardware RNG.
+
+CVE-2021-4149
+
+ Hao Sun reported a flaw in the Btrfs fileysstem driver. There
+ is a potential lock imbalance in an error path. A local user
+ might be able to exploit this for denial of service.
+
+CVE-2021-39713
+
+ The syzbot tool found a race condition in the network scheduling
+ subsystem which could lead to a use-after-free. A local user
+ could exploit this for denial of service (memory corruption or
+ crash) or possibly for privilege escalation.
+
+CVE-2022-0494
+
+ The scsi_ioctl() was susceptible to an information leak only
+ exploitable by users with CAP_SYS_ADMIN or CAP_SYS_RAWIO
+ capabilities.
+
+CVE-2022-0812
+
+ It was discovered that the RDMA transport for NFS (xprtrdma)
+ miscalculated the size of message headers, which could lead to a
+ leak of sensitive information between NFS servers and clients.
+
+CVE-2022-0854
+
+ Ali Haider discovered a potential information leak in the DMA
+ subsystem. On systems where the swiotlb feature is needed, this
+ might allow a local user to read sensitive information.
+
+CVE-2022-1011
+
+ Jann Horn discovered a flaw in the FUSE (Filesystem in User-Space)
+ implementation. A local user permitted to mount FUSE filesystems
+ could exploit this to cause a use-after-free and read sensitive
+ information.
+
+CVE-2022-1012, CVE-2022-32296
+
+ Moshe Kol, Amit Klein, and Yossi Gilad discovered a weakness
+ in randomisation of TCP source port selection.
+
+CVE-2022-1016
+
+ David Bouman discovered a flaw in the netfilter subsystem where
+ the nft_do_chain function did not initialize register data that
+ nf_tables expressions can read from and write to. A local attacker
+ can take advantage of this to read sensitive information.
+
+CVE-2022-1198
+
+ Duoming Zhou discovered a race condition in the 6pack hamradio
+ driver, which could lead to a use-after-free. A local user could
+ exploit this to cause a denial of service (memory corruption or
+ crash) or possibly for privilege escalation.
+
+CVE-2022-1199
+
+ Duoming Zhou discovered race conditions in the AX.25 hamradio
+ protocol, which could lead to a use-after-free or null pointer
+ dereference. A local user could exploit this to cause a denial of
+ service (memory corruption or crash) or possibly for privilege
+ escalation.
+
+CVE-2022-1353
+
+ The TCS Robot tool found an information leak in the PF_KEY
+ subsystem. A local user can receive a netlink message when an
+ IPsec daemon registers with the kernel, and this could include
+ sensitive information.
+
+CVE-2022-1516
+
+ A NULL pointer dereference flaw in the implementation of the X.25
+ set of standardized network protocols, which can result in denial
+ of service.
+
+ This driver is not enabled in Debian's official kernel
+ configurations.
+
+CVE-2022-1729
+
+ Norbert Slusarek discovered a race condition in the perf subsystem
+ which could result in local privilege escalation to root. The
+ default settings in Debian prevent exploitation unless more
+ permissive settings have been applied in the
+ kernel.perf_event_paranoid sysctl.
+
+CVE-2022-1734
+
+ Duoming Zhou discovered race conditions in the nfcmrvl NFC driver
+ that could lead to a use-after-free, double-free or null pointer
+ dereference. A local user might be able to exploit these for
+ denial of service (crash or memory corruption) or possibly for
+ privilege escalation.
+
+ This driver is not enabled in Debian's official kernel
+ configurations.
+
+CVE-2022-1974, CVE-2022-1975
+
+ Duoming Zhou discovered that the NFC netlink interface was
+ suspectible to denial of service.
+
+CVE-2022-2153
+
+ "kangel" reported a flaw in the KVM implementation for x86
+ processors which could lead to a null pointer dereference. A local
+ user permitted to access /dev/kvm could exploit this to cause a
+ denial of service (crash).
+
+CVE-2022-21123, CVE-2022-21125, CVE-2022-21166
+
+ Various researchers discovered flaws in Intel x86 processors,
+ collectively referred to as MMIO Stale Data vulnerabilities.
+ These are similar to the previously published Microarchitectural
+ Data Sampling (MDS) issues and could be exploited by local users
+ to leak sensitive information.
+
+ For some CPUs, the mitigations for these issues require updated
+ microcode. An updated intel-microcode package may be provided at
+ a later date. The updated CPU microcode may also be available as
+ part of a system firmware ("BIOS") update.
+
+ Further information on the mitigation can be found at
+ <https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/processor_mmio_stale_data.html>
+ or in the linux-doc-4.9 package.
+
+CVE-2022-23036, CVE-2022-23037, CVE-2022-23038, CVE-2022-23039,
+CVE-2022-23040, CVE-2022-23041, CVE-2022-23042 (XSA-396)
+
+ Demi Marie Obenour and Simon Gaiser of Invisible Things Lab
+ discovered flaws in several Xen PV device frontends. These drivers
+ misused the Xen grant table API in a way that could be exploited
+ by a malicious device backend to cause data corruption, leaks of
+ sensitive information, or a denial of service (crash).
+
+CVE-2022-23960
+
+ Researchers at VUSec discovered that the Branch History Buffer in
+ Arm processors can be exploited to create information side-
+ channels with speculative execution. This issue is similar to
+ Spectre variant 2, but requires additional mitigations on some
+ processors.
+
+ This can be exploited to obtain sensitive information from a
+ different security context, such as from user-space to the kernel,
+ or from a KVM guest to the kernel.
+
+CVE-2022-24958
+
+ A flaw was discovered that the USB gadget subsystem that could
+ lead to a use-after-free. A local user permitted to configure USB
+ gadgets could exploit this to cause a denial of service (crash or
+ memory corruption) or possibly for privilege escalation.
+
+CVE-2022-26490
+
+ Buffer overflows in the STMicroelectronics ST21NFCA core driver
+ can result in denial of service or privilege escalation.
+
+ This driver is not enabled in Debian's official kernel
+ configurations.
+
+CVE-2022-26966
+
+ A flaw was discovered in the sr9700 USB networking driver. A local
+ user able to attach a specially designed USB device could use this
+ to leak sensitive information.
+
+CVE-2022-27223
+
+ A flaw was discovered in the udc-xilinx USB gadget-mode controller
+ driver. On systems using this driver, a malicious USB host could
+ exploit this to cause a denial of service (crash or memory
+ corruption) or possibly to execute arbitrary code.
+
+ This driver is not enabled in Debian's official kernel
+ configurations.
+
+CVE-2022-28356
+
+ "Beraphin" discovered that the ANSI/IEEE 802.2 LLC type 2 driver did
+ not properly perform reference counting on some error paths. A
+ local attacker can take advantage of this flaw to cause a denial
+ of service.
+
+CVE-2022-28390
+
+ A double free vulnerability was discovered in the EMS CPC-USB/ARM7
+ CAN/USB interface driver.
+
+CVE-2022-30594
+
+ Jann Horn discovered a flaw in the interaction between ptrace and
+ seccomp subsystems. A process sandboxed using seccomp() but still
+ permitted to use ptrace() could exploit this to remove the seccomp
+ restrictions.
+
+CVE-2022-32250
+
+ Aaron Adams discovered a use-after-free in Netfilter which may
+ result in local privilege escalation to root.
+
+CVE-2022-33981
+
+ Yuan Ming from Tsinghua University reported a a race condition in
+ the floppy driver involving use of the FDRAWCMD ioctl, which could
+ lead to a use-after-free. A local user with access to a floppy
+ drive device could exploit this to cause a denial of service
+ (crash or memory corruption) or possibly for privilege escalation.
+ This ioctl is now disabled by default.
+
+For Debian 9 stretch, these problems have been fixed in version
+4.9.320-2.
+
+For the 32-bit Arm (armel and armhf) architectures, this update
+enables optimised implementations of several cryptographic and CRC
+algorithms. For at least AES, this should remove a timing side-
+channel that could lead to a leak of sensitive information.
+
+This update includes many more bug fixes from stable updates
+4.9.304-4.9.320 inclusive. The random driver has been backported from
+Linux 5.19, fixing numerous performance and correctness issues. Some
+changes will be visible:
+
+- The entropy pool size is now 256 bits instead of 4096. You may need
+ to adjust the configuration of system monitoring or user-space
+ entropy gathering services to allow for this.
+
+- On systems without a hardware RNG, the kernel will log many more
+ uses of /dev/urandom before it is fully initialised. These uses
+ were previously under-counted and this is not a regression.
+
+We recommend that you upgrade your linux packages.
+
+For the detailed security status of linux please refer to
+its security tracker page at:
+https://security-tracker.debian.org/tracker/linux
+
+Further information about Debian LTS security advisories, how to apply
+these updates to your system and frequently asked questions can be
+found at: https://wiki.debian.org/LTS
diff --git a/dsa-texts/5.10.103-1 b/dsa-texts/5.10.103-1
new file mode 100644
index 00000000..f0df4baa
--- /dev/null
+++ b/dsa-texts/5.10.103-1
@@ -0,0 +1,87 @@
+From: Ben Hutchings <benh@debian.org>
+To: debian-security-announce@lists.debian.org
+Subject: [SECURITY] [DSA XXXX-1] linux security update
+
+-------------------------------------------------------------------------
+Debian Security Advisory DSA-XXXX-1 security@debian.org
+https://www.debian.org/security/ Ben Hutchings
+March 08, 2022 https://www.debian.org/security/faq
+-------------------------------------------------------------------------
+
+Package : linux
+CVE ID : CVE-2020-36310 CVE-2022-0001 CVE-2022-0002 CVE-2022-0487
+ CVE-2022-0492 CVE-2022-0617 CVE-2022-25636
+Debian Bug : 990279
+
+Several vulnerabilities have been discovered in the Linux kernel that
+may lead to a privilege escalation, denial of service or information
+leaks.
+
+CVE-2020-36310
+
+ A flaw was discovered in the KVM implementation for AMD processors,
+ which could lead to an infinite loop. A malicious VM guest could
+ exploit this to cause a denial of service.
+
+CVE-2022-0001 (INTEL-SA-00598)
+
+ Researchers at VUSec discovered that the Branch History Buffer in
+ Intel processors can be exploited to create information side-
+ channels with speculative execution. This issue is similar to
+ Spectre variant 2, but requires additional mitigations on some
+ processors.
+
+ This can be exploited to obtain sensitive information from a
+ different security context, such as from user-space to the kernel,
+ or from a KVM guest to the kernel.
+
+CVE-2022-0002 (INTEL-SA-00598)
+
+ This is a similar issue to CVE-2022-0001, but covers exploitation
+ within a security context, such as from JIT-compiled code in a
+ sandbox to hosting code in the same process.
+
+ This is partly mitigated by disabling eBPF for unprivileged users
+ with the sysctl: kernel.unprivileged_bpf_disabled=2. This is
+ already the default in Debian 11 "bullseye".
+
+CVE-2022-0487
+
+ A use-after-free was discovered in the MOXART SD/MMC Host Controller
+ support driver. This flaw does not impact the Debian binary packages
+ as CONFIG_MMC_MOXART is not set.
+
+CVE-2022-0492
+
+ Yiqi Sun and Kevin Wang reported that the cgroup-v1 subsystem does
+ not properly restrict access to the release-agent feature. A local
+ user can take advantage of this flaw for privilege escalation and
+ bypass of namespace isolation.
+
+CVE-2022-0617
+
+ butt3rflyh4ck discovered a NULL pointer dereference in the UDF
+ filesystem. A local user that can mount a specially crafted UDF
+ image can use this flaw to crash the system.
+
+CVE-2022-25636
+
+ Nick Gregory reported a heap out-of-bounds write flaw in the
+ netfilter subsystem. A user with the CAP_NET_ADMIN capability could
+ use this for denial of service or possibly for privilege escalation.
+
+For the stable distribution (bullseye), these problems have been fixed
+in version 5.10.103-1. This update additionally includes many more
+bug fixes from stable updates 5.10.93-5.10.103 inclusive.
+
+We recommend that you upgrade your linux packages.
+
+For the detailed security status of linux please refer to
+its security tracker page at:
+https://security-tracker.debian.org/tracker/linux
+
+Further information about Debian Security Advisories, how to apply
+these updates to your system and frequently asked questions can be
+found at: https://www.debian.org/security/
+
+Mailing list: debian-security-announce@lists.debian.org
diff --git a/dsa-texts/5.10.113-1 b/dsa-texts/5.10.113-1
new file mode 100644
index 00000000..d184029c
--- /dev/null
+++ b/dsa-texts/5.10.113-1
@@ -0,0 +1,123 @@
+Package: linux
+CVE ID: CVE-2021-4197 CVE-2022-0168 CVE-2022-1016 CVE-2022-1048 CVE-2022-1158 CVE-2022-1195 CVE-2022-1198 CVE-2022-1199 CVE-2022-1204 CVE-2022-1205 CVE-2022-1353 CVE-2022-1516 CVE-2022-26490 CVE-2022-27666 CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVE-2022-29582
+
+Several vulnerabilities have been discovered in the Linux kernel that
+may lead to a privilege escalation, denial of service or information
+leaks.
+
+CVE-2021-4197
+
+ Eric Biederman reported that incorrect permission checks in the
+ cgroup process migration implementation can allow a local attacker
+ to escalate privileges.
+
+CVE-2022-0168
+
+ A NULL pointer dereference flaw was found in the CIFS client
+ implementation which can allow a local attacker with CAP_SYS_ADMIN
+ privileges to crash the system. The security impact is negligible as
+ CAP_SYS_ADMIN inherently gives the ability to deny service.
+
+CVE-2022-1016
+
+ David Bouman discovered a flaw in the netfilter subsystem where the
+ nft_do_chain function did not initialize register data that
+ nf_tables expressions can read from and write to. A local attacker
+ can take advantage of this to read sensitive information.
+
+CVE-2022-1048
+
+ Hu Jiahui discovered a race condition in the sound subsystem that
+ can result in a use-after-free. A local user permitted to access a
+ PCM sound device can take advantage of this flaw to crash the
+ system or potentially for privilege escalation.
+
+CVE-2022-1158
+
+ Qiuhao Li, Gaoning Pan, and Yongkang Jia discovered a bug in the
+ KVM implementation for x86 processors. A local user with access to
+ /dev/kvm could cause the MMU emulator to update page table entry
+ flags at the wrong address. They could exploit this to cause a
+ denial of service (memory corruption or crash) or possibly for
+ privilege escalation.
+
+CVE-2022-1195
+
+ Lin Ma discovered race conditions in the 6pack and mkiss hamradio
+ drivers, which could lead to a use-after-free. A local user could
+ exploit these to cause a denial of service (memory corruption or
+ crash) or possibly for privilege escalation.
+
+CVE-2022-1198
+
+ Duoming Zhou discovered a race condition in the 6pack hamradio
+ driver, which could lead to a use-after-free. A local user could
+ exploit this to cause a denial of service (memory corruption or
+ crash) or possibly for privilege escalation.
+
+CVE-2022-1199, CVE-2022-1204, CVE-2022-1205
+
+ Duoming Zhou discovered race conditions in the AX.25 hamradio
+ protocol, which could lead to a use-after-free or null pointer
+ dereference. A local user could exploit this to cause a denial of
+ service (memory corruption or crash) or possibly for privilege
+ escalation.
+
+CVE-2022-1353
+
+ The TCS Robot tool found an information leak in the PF_KEY
+ subsystem. A local user can receive a netlink message when an
+ IPsec daemon reegisters with the kernel, and this could include
+ sensitive information.
+
+CVE-2022-1516
+
+ A NULL pointer dereference flaw in the implementation of the X.25
+ set of standardized network protocols, which can result in denial
+ of service.
+
+ This driver is not enabled in Debian's official kernel
+ configurations.
+
+CVE-2022-26490
+
+ Buffer overflows in the STMicroelectronics ST21NFCA core driver can
+ result in denial of service or privilege escalation.
+
+ This driver is not enabled in Debian's official kernel
+ configurations.
+
+CVE-2022-27666
+
+ "valis" reported a possible buffer overflow in the IPsec ESP
+ transformation code. A local user can take advantage of this flaw to
+ cause a denial of service or for privilege escalation.
+
+CVE-2022-28356
+
+ Beraphin discovered that the ANSI/IEEE 802.2 LLC type 2 driver did
+ not properly perform reference counting on some error paths. A
+ local attacker can take advantage of this flaw to cause a denial
+ of service.
+
+CVE-2022-28388
+
+ A double free vulnerability was discovered in the 8 devices USB2CAN
+ interface driver.
+
+CVE-2022-28389
+
+ A double free vulnerability was discovered in the Microchip CAN BUS
+ Analyzer interface driver.
+
+CVE-2022-28390
+
+ A double free vulnerability was discovered in the EMS CPC-USB/ARM7
+ CAN/USB interface driver.
+
+CVE-2022-29582
+
+ Jayden Rivers and David Bouman discovered a user-after-free
+ vulnerability in the io_uring subystem due to a race condition in
+ io_uring timeouts. A local unprivileged user can take advantage of
+ this flaw for privilege escalation.
diff --git a/dsa-texts/5.10.120-1 b/dsa-texts/5.10.120-1
new file mode 100644
index 00000000..0bc6e1c7
--- /dev/null
+++ b/dsa-texts/5.10.120-1
@@ -0,0 +1,72 @@
+Package: linux
+CVE ID: CVE-2022-0494 CVE-2022-0854 CVE-2022-1012 CVE-2022-1729 CVE-2022-1786 CVE-2022-1789 CVE-2022-1852 CVE-2022-1966 CVE-2022-1972 CVE-2022-1974 CVE-2022-1975 CVE-2022-21499 CVE-2022-28893
+
+Several vulnerabilities have been discovered in the Linux kernel that
+may lead to a privilege escalation, denial of service or information
+leaks.
+
+CVE-2022-0494
+
+ The scsi_ioctl() was susceptible to an information leak only
+ exploitable by users with CAP_SYS_ADMIN or CAP_SYS_RAWIO
+ capabilities.
+
+CVE-2022-0854
+
+ Ali Haider discovered a potential information leak in the DMA
+ subsystem. On systems where the swiotlb feature is needed, this
+ might allow a local user to read sensitive information.
+
+CVE-2022-1012
+
+ The randomisation when calculating port offsets in the IP
+ implementation was enhanced.
+
+CVE-2022-1729
+
+ Norbert Slusarek discovered a race condition in the perf subsystem
+ which could result in local privilege escalation to root. The
+ default settings in Debian prevent exploitation unless more
+ permissive settings have been applied in the
+ kernel.perf_event_paranoid sysctl.
+
+CVE-2022-1786
+
+ Kyle Zeng discovered a use-after-free in the io_uring subsystem
+ which way result in local privilege escalation to root.
+
+CVE-2022-1789 / CVE-2022-1852
+
+ Yongkang Jia, Gaoning Pan and Qiuhao Li discovered two NULL pointer
+ dereferences in KVM's CPU instruction handling, resulting in denial
+ of service.
+
+CVE-2022-1966
+
+ Aaron Adams discovered a use-after-free in Netfilter which may
+ result in local privilege escalation to root.
+
+CVE-2022-1972
+
+ Ziming Zhang discovered an out-of-bound write in Netfilter which may
+ result in local privilege escalation to root.
+
+CVE-2022-1974 / CVE-2022-1975
+
+ Duoming Zhou discovered that the NFC netlink interface was
+ suspectible to denial of service.
+
+CVE-2022-21499
+
+ It was discovered that the kernel debugger could be used to bypass
+ UEFI Secure Boot restrictions.
+
+CVE-2022-28893
+
+ Felix Fu discovered a use-after-free in the implementation of the
+ Remote Procedure Call (SunRPC) protocol, which could in denial of
+ service or an information leak.
+
+
+TODO: CVE-2022-1734 in data/CVE/list with '[bullseye] - linux 5.10.120-1'
+without mentioning in the DSA advisory.
diff --git a/dsa-texts/5.10.127-2 b/dsa-texts/5.10.127-2
new file mode 100644
index 00000000..a7374808
--- /dev/null
+++ b/dsa-texts/5.10.127-2
@@ -0,0 +1,37 @@
+Package: linux
+CVE ID: CVE-2021-33655 CVE-2022-2318 CVE-2022-26365 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33743 CVE-2022-33744 CVE-2022-34918
+
+Several vulnerabilities have been discovered in the Linux kernel that
+may lead to a privilege escalation, denial of service or information
+leaks.
+
+CVE-2021-33655
+
+ A user with access to a framebuffer console driver could cause a memory out-of-bounds write via the
+ FBIOPUT_VSCREENINFO ioctl
+
+CVE-2022-2318
+
+ A use-after-free in the Amateur Radio X.25 PLP (Rose) support may result in denial of service.
+
+CVE-2022-26365 / CVE-2022-33740 / CVE-2022-33741 / CVE-2022-33742
+
+ Roger Pau Monne discovered that Xen block and network PV device frontends don't zero out
+ memory regions before sharing them with the backend, which may result in information disclosure.
+ Additionally it was discovered that the granularity of the grant table doesn't permit sharing
+ less than a 4k page, which may also result in information disclosure.
+
+CVE-2022-33743
+
+ Jan Beulich discovered that incorrect memory handling in the Xen network backend may lead
+ to denial of service.
+
+CVE-2022-33744
+
+ Oleksandr Tyshchenko discovered ARM Xen guests can cause a denial of service to the Dom0
+ via paravirtual devices.
+
+CVE-2022-34918
+
+ Arthur Mongodin discovered a heap buffer overflow in the Netfilter subsystem which may result
+ in local privilege escalation.
diff --git a/dsa-texts/5.10.136-1 b/dsa-texts/5.10.136-1
new file mode 100644
index 00000000..fdc19acc
--- /dev/null
+++ b/dsa-texts/5.10.136-1
@@ -0,0 +1,66 @@
+Package: linux
+CVE ID: CVE-2022-2585 CVE-2022-2586 CVE-2022-2588 CVE-2022-26373 CVE-2022-29900 CVE-2022-29901 CVE-2022-36879 CVE-2022-36946
+
+Several vulnerabilities have been discovered in the Linux kernel that
+may lead to a privilege escalation, denial of service or information
+leaks.
+
+CVE-2022-2585
+
+ A use-after-free flaw in the implementation of POSIX CPU timers may
+ result in denial of service or in local privilege escalation.
+
+CVE-2022-2586
+
+ A use-after-free in the Netfilter subsystem may result in local
+ privilege escalation for a user with the CAP_NET_ADMIN capability in
+ any user or network namespace.
+
+CVE-2022-2588
+
+ Zhenpeng Lin discovered a use-after-free flaw in the cls_route
+ filter implementation which may result in local privilege escalation
+ for a user with the CAP_NET_ADMIN capability in any user or network
+ namespace.
+
+CVE-2022-26373
+
+ It was discovered that on certain processors with Intel's Enhanced
+ Indirect Branch Restricted Speculation (eIBRS) capabilities there
+ are exceptions to the documented properties in some situations,
+ which may result in information disclosure.
+
+ Intel's explanation of the issue can be found at
+ <https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/post-barrier-return-stack-buffer-predictions.html>
+
+CVE-2022-29900
+
+ Johannes Wikner and Kaveh Razavi reported that for AMD/Hygon
+ processors, mis-trained branch predictions for return instructions
+ may allow arbitrary speculative code execution under certain
+ microarchitecture-dependent conditions.
+
+ A list of affected AMD CPU types can be found at
+ <https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037>
+
+CVE-2022-29901
+
+ Johannes Wikner and Kaveh Razavi reported that for Intel processors
+ (Intel Core generation 6, 7 and 8), protections against speculative
+ branch target injection attacks were insufficient in some
+ circumstances, which may allow arbitrary speculative code execution
+ under certain microarchitecture-dependent conditions.
+
+ More information can be found at
+ <https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/return-stack-buffer-underflow.html>
+
+CVE-2022-36879
+
+ A flaw was discovered in xfrm_expand_policies in the xfrm subsystem
+ which can cause a reference count to be dropped twice.
+
+CVE-2022-36946
+
+ Domingo Dirutigliano and Nicola Guerrera reported a memory
+ corruption flaw in the Netfilter subsystem which may result in
+ denial of service.
diff --git a/dsa-texts/5.10.149-1 b/dsa-texts/5.10.149-1
new file mode 100644
index 00000000..ebb991fb
--- /dev/null
+++ b/dsa-texts/5.10.149-1
@@ -0,0 +1,104 @@
+Package : linux
+CVE ID : CVE-2021-4037 CVE-2022-0171 CVE-2022-1184 CVE-2022-2602
+ CVE-2022-2663 CVE-2022-3061 CVE-2022-3176 CVE-2022-3303
+ CVE-2022-20421 CVE-2022-39188 CVE-2022-39842 CVE-2022-40307
+ CVE-2022-41674 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721
+ CVE-2022-42722
+
+Several vulnerabilities have been discovered in the Linux kernel that
+may lead to a privilege escalation, denial of service or information
+leaks.
+
+CVE-2021-4037
+
+ Christian Brauner reported that the inode_init_owner function for
+ the XFS filesystem in the Linux kernel allows local users to create
+ files with an unintended group ownership allowing attackers to
+ escalate privileges by making a plain file executable and SGID.
+
+CVE-2022-0171
+
+ Mingwei Zhang reported that a cache incoherence issue in the SEV API
+ in the KVM subsystem may result in denial of service.
+
+CVE-2022-1184
+
+ A flaw was discovered in the ext4 filesystem driver which can lead
+ to a use-after-free. A local user permitted to mount arbitrary
+ filesystems could exploit this to cause a denial of service (crash
+ or memory corruption) or possibly for privilege escalation.
+
+CVE-2022-2602
+
+ A race between handling an io_uring request and the Unix socket
+ garbage collector was discovered. An attacker can take advantage of
+ this flaw for local privilege escalation.
+
+CVE-2022-2663
+
+ David Leadbeater reported flaws in the nf_conntrack_irc
+ connection-tracking protocol module. When this module is enabled
+ on a firewall, an external user on the same IRC network as an
+ internal user could exploit its lax parsing to open arbitrary TCP
+ ports in the firewall, to reveal their public IP address, or to
+ block their IRC connection at the firewall.
+
+CVE-2022-3061
+
+ A flaw was discovered in the i740 driver which may result in denial
+ of service.
+
+ This driver is not enabled in Debian's official kernel
+ configurations.
+
+CVE-2022-3176
+
+ A use-after-free flaw was discovered in the io_uring subsystem which
+ may result in local privilege escalation to root.
+
+CVE-2022-3303
+
+ A race condition in the snd_pcm_oss_sync function in the sound
+ subsystem in the Linux kernel due to improper locking may result in
+ denial of service.
+
+CVE-2022-20421
+
+ A use-after-free vulnerability was discovered in the
+ binder_inc_ref_for_node function in the Android binder driver. On
+ systems where the binder driver is loaded, a local user could
+ exploit this for privilege escalation.
+
+CVE-2022-39188
+
+ Jann Horn reported a race condition in the kernel's handling of
+ unmapping of certain memory ranges. When a driver created a
+ memory mapping with the VM_PFNMAP flag, which many GPU drivers do,
+ the memory mapping could be removed and freed before it was
+ flushed from the CPU TLBs. This could result in a page use-after-
+ free. A local user with access to such a device could exploit
+ this to cause a denial of service (crash or memory corruption) or
+ possibly for privilege escalation.
+
+CVE-2022-39842
+
+ An integer overflow was discovered in the pxa3xx-gcu video driver
+ which could lead to a heap out-of-bounds write.
+
+ This driver is not enabled in Debian's official kernel
+ configurations.
+
+CVE-2022-40307
+
+ A race condition was discovered in the EFI capsule-loader driver,
+ which could lead to use-after-free. A local user permitted to
+ access this device (/dev/efi_capsule_loader) could exploit this to
+ cause a denial of service (crash or memory corruption) or possibly
+ for privilege escalation. However, this device is normally only
+ accessible by the root user.
+
+CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722
+
+ Soenke Huster discovered several vulnerabilities in the mac80211
+ subsystem triggered by WLAN frames which may result in denial of
+ service or the execution or arbitrary code.
diff --git a/dsa-texts/5.10.162-1 b/dsa-texts/5.10.162-1
new file mode 100644
index 00000000..6da302ac
--- /dev/null
+++ b/dsa-texts/5.10.162-1
@@ -0,0 +1,88 @@
+Package : linux
+CVE ID : CVE-2022-2873 CVE-2022-3545 CVE-2022-3623 CVE-2022-4696
+ CVE-2022-36280 CVE-2022-41218 CVE-2022-45934 CVE-2022-47929
+ CVE-2023-0179 CVE-2023-0266 CVE-2023-0394 CVE-2023-23454
+ CVE-2023-23455
+
+Several vulnerabilities have been discovered in the Linux kernel that
+may lead to a privilege escalation, denial of service or information
+leaks.
+
+CVE-2022-2873
+
+ Zheyu Ma discovered that an out-of-bounds memory access flaw in the
+ Intel iSMT SMBus 2.0 host controller driver may result in denial of
+ service (system crash).
+
+CVE-2022-3545
+
+ It was discovered that the Netronome Flow Processor (NFP) driver
+ contained a use-after-free flaw in area_cache_get(), which may
+ result in denial of service or the execution of arbitrary code.
+
+CVE-2022-3623
+
+ A race condition when looking up a CONT-PTE/PMD size hugetlb page
+ may result in denial of service or an information leak.
+
+CVE-2022-4696
+
+ A use-after-free vulnerability was discovered in the io_uring
+ subsystem.
+
+CVE-2022-36280
+
+ An out-of-bounds memory write vulnerability was discovered in the
+ vmwgfx driver, which may allow a local unprivileged user to cause a
+ denial of service (system crash).
+
+CVE-2022-41218
+
+ Hyunwoo Kim reported a use-after-free flaw in the Media DVB core
+ subsystem caused by refcount races, which may allow a local user to
+ cause a denial of service or escalate privileges.
+
+CVE-2022-45934
+
+ An integer overflow in l2cap_config_req() in the Bluetooth subsystem
+ was discovered, which may allow a physically proximate attacker to
+ cause a denial of service (system crash).
+
+CVE-2022-47929
+
+ Frederick Lawler reported a NULL pointer dereference in the traffic
+ control subsystem allowing an unprivileged user to cause a denial of
+ service by setting up a specially crafted traffic control
+ configuration.
+
+CVE-2023-0179
+
+ Davide Ornaghi discovered incorrect arithmetics when fetching VLAN
+ header bits in the netfilter subsystem, allowing a local user to
+ leak stack and heap addresses or potentially local privilege
+ escalation to root.
+
+CVE-2023-0266
+
+ A use-after-free flaw in the sound subsystem due to missing locking
+ may result in denial of service or privilege escalation.
+
+CVE-2023-0394
+
+ Kyle Zeng discovered a NULL pointer dereference flaw in
+ rawv6_push_pending_frames() in the network subsystem allowing a
+ local user to cause a denial of service (system crash).
+
+CVE-2023-23454
+
+ Kyle Zeng reported that the Class Based Queueing (CBQ) network
+ scheduler was prone to denial of service due to interpreting
+ classification results before checking the classification
+ return code.
+
+CVE-2023-23455
+
+ Kyle Zeng reported that the ATM Virtual Circuits (ATM) network
+ scheduler was prone to a denial of service due to interpreting
+ classification results before checking the classification
+ return code.
diff --git a/dsa-texts/5.10.179-1 b/dsa-texts/5.10.179-1
new file mode 100644
index 00000000..341c7fa1
--- /dev/null
+++ b/dsa-texts/5.10.179-1
@@ -0,0 +1,28 @@
+Package : linux
+CVE ID : CVE-2023-0386 CVE-2023-31436 CVE-2023-32233
+
+Several vulnerabilities have been discovered in the Linux kernel that
+may lead to a privilege escalation, denial of service or information
+leaks.
+
+CVE-2023-0386
+
+ It was discovered that under certain conditions the overlayfs
+ filesystem implementation did not properly handle copy up
+ operations. A local user permitted to mount overlay mounts in user
+ namespaces can take advantage of this flaw for local privilege
+ escalation.
+
+CVE-2023-31436
+
+ Gwangun Jung reported a a flaw causing heap out-of-bounds read/write
+ errors in the traffic control subsystem for the Quick Fair Queueing
+ scheduler (QFQ) which may result in information leak, denial of
+ service or privilege escalation.
+
+CVE-2023-32233
+
+ Patryk Sondej and Piotr Krysiuk discovered a use-after-free flaw in
+ the Netfilter nf_tables implementation when processing batch
+ requests, which may result in local privilege escalation for a user
+ with the CAP_NET_ADMIN capability in any user or network namespace.
diff --git a/dsa-texts/5.10.179-2 b/dsa-texts/5.10.179-2
new file mode 100644
index 00000000..b7de640e
--- /dev/null
+++ b/dsa-texts/5.10.179-2
@@ -0,0 +1,27 @@
+Package : linux
+CVE ID : CVE-2023-2156 CVE-2023-31248 CVE-2023-35001
+
+Several vulnerabilities have been discovered in the Linux kernel that
+may lead to a privilege escalation, denial of service or information
+leaks.
+
+CVE-2023-2156
+
+ It was discovered that a flaw in the handling of the RPL protocol
+ may allow an unauthenticated remote attacker to cause a denial of
+ service if RPL is enabled (not by default in Debian).
+
+CVE-2023-31248
+
+ Mingi Cho discovered a use-after-free flaw in the Netfilter
+ nf_tables implementation when using nft_chain_lookup_byid, which may
+ result in local privilege escalation for a user with the
+ CAP_NET_ADMIN capability in any user or network namespace.
+
+CVE-2023-35001
+
+ Tanguy DUBROCA discovered an out-of-bounds reads and write flaw in
+ the Netfilter nf_tables implementation when processing an
+ nft_byteorder expression, which may result in local privilege
+ escalation for a user with the CAP_NET_ADMIN capability in any user
+ or network namespace.
diff --git a/dsa-texts/5.10.179-3 b/dsa-texts/5.10.179-3
new file mode 100644
index 00000000..32477d28
--- /dev/null
+++ b/dsa-texts/5.10.179-3
@@ -0,0 +1,36 @@
+Package linux
+CVE ID: CVE-2023-3390 CVE-2023-3610 CVE-2023-20593
+
+Several vulnerabilities have been discovered in the Linux kernel that
+may lead to a privilege escalation, denial of service or information
+leaks.
+
+CVE-2023-3390
+
+ A use-after-free flaw in the netfilter subsystem caused by incorrect
+ error path handling may result in denial of service or privilege
+ escalation.
+
+CVE-2023-3610
+
+ A use-after-free flaw in the netfilter subsystem caused by incorrect
+ refcount handling on the table and chain destroy path may result in
+ denial of service or privilege escalation.
+
+CVE-2023-20593
+
+ Tavis Ormandy discovered that under specific microarchitectural
+ circumstances, a vector register in AMD "Zen 2" CPUs may not be
+ written to 0 correctly. This flaw allows an attacker to leak
+ sensitive information across concurrent processes, hyper threads
+ and virtualized guests.
+
+ For details please refer to
+ <https://lock.cmpxchg8b.com/zenbleed.html> and
+ <https://github.com/google/security-research/security/advisories/GHSA-v6wh-rxpg-cmm8>.
+
+ This issue can also be mitigated by a microcode update through the
+ amd64-microcode package or a system firmware (BIOS/UEFI) update.
+ However, the initial microcode release by AMD only provides
+ updates for second generation EPYC CPUs. Various Ryzen CPUs are
+ also affected, but no updates are available yet.
diff --git a/dsa-texts/5.10.191-1 b/dsa-texts/5.10.191-1
new file mode 100644
index 00000000..35d6346e
--- /dev/null
+++ b/dsa-texts/5.10.191-1
@@ -0,0 +1,207 @@
+# Geneate with
+# bin/gen-DSA --save linux CVE-2022-39189 CVE-2022-4269 CVE-2023-1206 CVE-2023-20588 CVE-2023-2124 CVE-2023-2898 CVE-2023-3212 CVE-2023-34319 CVE-2023-3609 CVE-2023-3611 CVE-2023-3776 CVE-2023-3863 CVE-2023-4004 CVE-2023-40283 CVE-2023-4128 CVE-2023-4132 CVE-2023-4147 CVE-2023-4194 CVE-2023-4273 CVE-2023-1380 CVE-2023-2002 CVE-2023-2007 CVE-2023-21255 CVE-2023-21400 CVE-2023-2269 CVE-2023-3090 CVE-2023-31084 CVE-2023-3111 CVE-2023-3268 CVE-2023-3338 CVE-2023-3389 CVE-2023-35788
+
+Package : linux
+CVE ID : CVE-2022-4269 CVE-2022-39189 CVE-2023-1206 CVE-2023-1380
+ CVE-2023-2002 CVE-2023-2007 CVE-2023-2124 CVE-2023-2269
+ CVE-2023-2898 CVE-2023-3090 CVE-2023-3111
+ CVE-2023-3212 CVE-2023-3268 CVE-2023-3338 CVE-2023-3389
+ CVE-2023-3609 CVE-2023-3611 CVE-2023-3776 CVE-2023-3863
+ CVE-2023-4004 CVE-2023-4128 CVE-2023-4132 CVE-2023-4147
+ CVE-2023-4194 CVE-2023-4273 CVE-2023-20588 CVE-2023-21255
+ CVE-2023-21400 CVE-2023-31084 CVE-2023-34319 CVE-2023-35788
+ CVE-2023-40283
+
+Several vulnerabilities have been discovered in the Linux kernel that
+may lead to a privilege escalation, denial of service or information
+leaks.
+
+CVE-2022-4269
+
+ William Zhao discovered that a flaw in the Traffic Control (TC)
+ subsystem when using a specific networking configuration
+ (redirecting egress packets to ingress using TC action "mirred"),
+ may allow a local unprivileged user to cause a denial of service
+ (triggering a CPU soft lockup).
+
+CVE-2022-39189
+
+ Jann Horn discovered that TLB flush operations are mishandled in the
+ KVM subsystem in certain KVM_VCPU_PREEMPTED situations, which may
+ allow an unprivileged guest user to compromise the guest kernel.
+
+CVE-2023-1206
+
+ It was discovered that the networking stack permits attackers to
+ force hash collisions in the IPv6 connection lookup table, which may
+ result in denial of service (significant increase in the cost of
+ lookups, increased CPU utilization).
+
+CVE-2023-1380
+
+ Jisoo Jang reported a heap out-of-bounds read in the brcmfmac Wi-Fi
+ driver. On systems using this driver, a local user could exploit
+ this to read sensitive information or to cause a denial of service.
+
+CVE-2023-2002
+
+ Ruiahn Li reported an incorrect permissions check in the Bluetooth
+ subsystem. A local user could exploit this to reconfigure local
+ Bluetooth interfaces, resulting in information leaks, spoofing, or
+ denial of service (loss of connection).
+
+CVE-2023-2007
+
+ Lucas Leong and Reno Robert discovered a time-of-check-to-time-of-
+ use flaw in the dpt_i2o SCSI controller driver. A local user with
+ access to a SCSI device using this driver could exploit this for
+ privilege escalation.
+
+ This flaw has been mitigated by removing support for the I2OUSRCMD
+ operation.
+
+CVE-2023-2124
+
+ Kyle Zeng, Akshay Ajayan and Fish Wang discovered that missing
+ metadata validation may result in denial of service or potential
+ privilege escalation if a corrupted XFS disk image is mounted.
+
+CVE-2023-2269
+
+ Zheng Zhang reported that improper handling of locking in the device
+ mapper implementation may result in denial of service.
+
+CVE-2023-2898
+
+ It was discovered that missing sanitising in the f2fs file
+ system may result in denial of service if a malformed file
+ system is accessed.
+
+CVE-2023-3090
+
+ It was discovered that missing initialization in ipvlan networking
+ may lead to an out-of-bounds write vulnerability, resulting in
+ denial of service or potentially the execution of arbitrary code.
+
+CVE-2023-3111
+
+ The TOTE Robot tool found a flaw in the Btrfs filesystem driver that
+ can lead to a use-after-free. It's unclear whether an unprivileged
+ user can exploit this.
+
+CVE-2023-3212
+
+ Yang Lan that missing validation in the GFS2 filesystem could result
+ in denial of service via a NULL pointer dereference when mounting a
+ malformed GFS2 filesystem.
+
+CVE-2023-3268
+
+ It was discovered that an out-of-bounds memory access in relayfs
+ could result in denial of service or an information leak.
+
+CVE-2023-3338
+
+ Davide Ornaghi discovered a flaw in the DECnet protocol
+ implementation which could lead to a null pointer dereference or
+ use-after-free. A local user can exploit this to cause a denial of service
+ (crash or memory corruption) and probably for privilege escalation.
+
+ This flaw has been mitigated by removing the DECnet protocol
+ implementation.
+
+CVE-2023-3389
+
+ Querijn Voet discovered a use-after-free in the io_uring subsystem,
+ which may result in denial of service or privilege escalation.
+
+CVE-2023-3611
+
+ It was discovered that an out-of-bounds write in the traffic control
+ subsystem for the Quick Fair Queueing scheduler (QFQ) may result in
+ denial of service or privilege escalation.
+
+CVE-2023-3609 / CVE-2023-3776 / CVE-2023-4128
+
+ It was discovered that a use-after-free in the cls_fw, cls_u32,
+ cls_route and network classifiers may result in denial of service or
+ potential local privilege escalation.
+
+CVE-2023-3863
+
+ It was discovered that a use-after-free in the NFC implementation
+ may result in denial of service, an information leak or potential
+ local privilege escalation.
+
+CVE-2023-4004
+
+ It was discovered that a use-after-free in Netfilter's
+ implementation of PIPAPO (PIle PAcket POlicies) may result in denial
+ of service or potential local privilege escalation for a user with
+ the CAP_NET_ADMIN capability in any user or network namespace.
+
+CVE-2023-4132
+
+ A use-after-free in the driver for Siano SMS1xxx based MDTV
+ receivers may result in local denial of service.
+
+CVE-2023-4147
+
+ Kevin Rich discovered a use-after-free in Netfilter when adding a
+ rule with NFTA_RULE_CHAIN_ID, which may result in local privilege
+ escalation for a user with the CAP_NET_ADMIN capability in any user
+ or network namespace.
+
+CVE-2023-4194
+
+ A type confusion in the implementation of TUN/TAP network devices
+ may allow a local user to bypass network filters.
+
+CVE-2023-4273
+
+ Maxim Suhanov discovered a stack overflow in the exFAT driver, which
+ may result in local denial of service via a malformed file system.
+
+CVE-2023-20588
+
+ Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Koepf and
+ Oleksii Oleksenko discovered that on some AMD CPUs with the Zen1
+ micro architecture an integer division by zero may leave stale
+ quotient data from a previous division, resulting in a potential
+ leak of sensitive data.
+
+CVE-2023-21255
+
+ A use-after-free was discovered in the in the Android binder driver,
+ which may result in local privilege escalation on systems where the
+ binder driver is loaded.
+
+CVE-2023-21400
+
+ Ye Zhang and Nicolas Wu discovered a double-free in the io_uring
+ subsystem, which may result in denial of service or privilege
+ escalation.
+
+CVE-2023-31084
+
+ It was discovered that the DVB Core driver does not properly handle
+ locking of certain events, allowing a local user to cause a denial
+ of service.
+
+CVE-2023-34319
+
+ Ross Lagerwall discovered a buffer overrun in Xen's netback driver
+ which may allow a Xen guest to cause denial of service to the
+ virtualisation host my sending malformed packets.
+
+CVE-2023-35788
+
+ Hangyu Hua that an off-by-one in the Flower traffic classifier may
+ result in local of service or the execution of privilege escalation.
+
+CVE-2023-40283
+
+ A use-after-free was discovered in Bluetooth L2CAP socket handling.
+
+For the oldstable distribution (bullseye), these problems have been fixed
+in version 5.10.191-1.
diff --git a/dsa-texts/5.10.205-1 b/dsa-texts/5.10.205-1
new file mode 100644
index 00000000..831a3baa
--- /dev/null
+++ b/dsa-texts/5.10.205-1
@@ -0,0 +1,119 @@
+Package : linux
+CVE ID : CVE-2021-44879 CVE-2023-5178 CVE-2023-5197 CVE-2023-5717 CVE-2023-6121 CVE-2023-6531 CVE-2023-6817 CVE-2023-6931 CVE-2023-6932 CVE-2023-25775 CVE-2023-34324 CVE-2023-35827 CVE-2023-45863 CVE-2023-46813 CVE-2023-46862 CVE-2023-51780 CVE-2023-51781 CVE-2023-51782
+
+Several vulnerabilities have been discovered in the Linux kernel that
+may lead to a privilege escalation, denial of service or information
+leaks.
+
+CVE-2021-44879
+
+ Wenqing Liu reported a NULL pointer dereference in the f2fs
+ implementation. An attacker able to mount a specially crafted image
+ can take advantage of this flaw for denial of service.
+
+CVE-2023-5178
+
+ Alon Zahavi reported a use-after-free flaw in the NVMe-oF/TCP
+ subsystem in the queue initialization setup, which may result in
+ denial of service or privilege escalation.
+
+CVE-2023-5197
+
+ Kevin Rich discovered a use-after-free flaw in the netfilter
+ subsystem which may result in denial of service or privilege
+ escalation for a user with the CAP_NET_ADMIN capability in any user
+ or network namespace.
+
+CVE-2023-5717
+
+ Budimir Markovic reported a heap out-of-bounds write vulnerability
+ in the Linux kernel's Performance Events system caused by improper
+ handling of event groups, which may result in denial of service or
+ privilege escalation. The default settings in Debian prevent
+ exploitation unless more permissive settings have been applied in
+ the kernel.perf_event_paranoid sysctl.
+
+CVE-2023-6121
+
+ Alon Zahavi reported an out-of-bounds read vulnerability in the
+ NVMe-oF/TCP which may result in an information leak.
+
+CVE-2023-6531
+
+ Jann Horn discovered a use-after-free flaw due to a race condition
+ when the unix garbage collector's deletion of a SKB races
+ with unix_stream_read_generic() on the socket that the SKB is
+ queued on.
+
+CVE-2023-6817
+
+ Xingyuan Mo discovered that a use-after-free in Netfilter's
+ implementation of PIPAPO (PIle PAcket POlicies) may result in denial
+ of service or potential local privilege escalation for a user with
+ the CAP_NET_ADMIN capability in any user or network namespace.
+
+CVE-2023-6931
+
+ Budimir Markovic reported a heap out-of-bounds write vulnerability
+ in the Linux kernel's Performance Events system which may result in
+ denial of service or privilege escalation. The default settings in
+ Debian prevent exploitation unless more permissive settings have
+ been applied in the kernel.perf_event_paranoid sysctl.
+
+CVE-2023-6932
+
+ A use-after-free vulnerability in the IPv4 IGMP implementation may
+ result in denial of service or privilege escalation.
+
+CVE-2023-25775
+
+ Ivan D Barrera, Christopher Bednarz, Mustafa Ismail and Shiraz
+ Saleem discovered that improper access control in the Intel Ethernet
+ Controller RDMA driver may result in privilege escalation.
+
+CVE-2023-34324
+
+ Marek Marczykowski-Gorecki reported a possible deadlock in the Xen
+ guests event channel code which may allow a malicious guest
+ administrator to cause a denial of service.
+
+CVE-2023-35827
+
+ Zheng Wang reported a use-after-free flaw in the Renesas Ethernet
+ AVB support driver.
+
+CVE-2023-45863
+
+ A race condition in library routines for handling generic kernel
+ objects may result in an out-of-bounds write in the
+ fill_kobj_path() function.
+
+CVE-2023-46813
+
+ Tom Dohrmann reported that a race condition in the Secure Encrypted
+ Virtualization (SEV) implementation when accessing MMIO registers
+ may allow a local attacker in a SEV guest VM to cause a denial of
+ service or potentially execute arbitrary code.
+
+CVE-2023-46862
+
+ It was discovered that a race condition in the io_uring
+ subsystem may result in a NULL pointer dereference, causing a
+ denial of service.
+
+CVE-2023-51780
+
+ It was discovered that a race condition in the ATM (Asynchronous
+ Transfer Mode) subsystem may lead to a use-after-free.
+
+CVE-2023-51781
+
+ It was discovered that a race condition in the Appletalk subsystem
+ may lead to a use-after-free.
+
+CVE-2023-51782
+
+ It was discovered that a race condition in the Amateur Radio X.25
+ PLP (Rose) support may lead to a use-after-free. This module is not
+ auto-loaded on Debian systems, so this issue only affects systems
+ where it is explicitly loaded.
diff --git a/dsa-texts/5.10.92-1 b/dsa-texts/5.10.92-1
new file mode 100644
index 00000000..b9b49cca
--- /dev/null
+++ b/dsa-texts/5.10.92-1
@@ -0,0 +1,72 @@
+Package : linux
+CVE ID : CVE-2021-4155 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713
+ CVE-2021-28714 CVE-2021-28715 CVE-2021-39685 CVE-2021-45095
+ CVE-2021-45469 CVE-2021-45480 CVE-2022-0185 CVE-2022-23222
+Debian Bug : 988044 996974
+
+Several vulnerabilities have been discovered in the Linux kernel that
+may lead to a privilege escalation, denial of service or information
+leaks.
+
+CVE-2021-4155
+
+ Kirill Tkhai discovered a data leak in the way the XFS_IOC_ALLOCSP
+ IOCTL in the XFS filesystem allowed for a size increase of files
+ with unaligned size. A local attacker can take advantage of this
+ flaw to leak data on the XFS filesystem.
+
+CVE-2021-28711, CVE-2021-28712, CVE-2021-28713 (XSA-391)
+
+ Juergen Gross reported that malicious PV backends can cause a denial
+ of service to guests being serviced by those backends via high
+ frequency events, even if those backends are running in a less
+ privileged environment.
+
+CVE-2021-28714, CVE-2021-28715 (XSA-392)
+
+ Juergen Gross discovered that Xen guests can force the Linux
+ netback driver to hog large amounts of kernel memory, resulting in
+ denial of service.
+
+CVE-2021-39685
+
+ Szymon Heidrich discovered a buffer overflow vulnerability in the
+ USB gadget subsystem, resulting in information disclosure, denial of
+ service or privilege escalation.
+
+CVE-2021-45095
+
+ It was discovered that the Phone Network protocol (PhoNet) driver
+ has a reference count leak in the pep_sock_accept() function.
+
+CVE-2021-45469
+
+ Wenqing Liu reported an out-of-bounds memory access in the f2fs
+ implementation if an inode has an invalid last xattr entry. An
+ attacker able to mount a specially crafted image can take advantage
+ of this flaw for denial of service.
+
+CVE-2021-45480
+
+ A memory leak flaw was discovered in the __rds_conn_create()
+ function in the RDS (Reliable Datagram Sockets) protocol subsystem.
+
+CVE-2022-0185
+
+ William Liu, Jamie Hill-Daniel, Isaac Badipe, Alec Petridis, Hrvoje
+ Misetic and Philip Papurt discovered a heap-based buffer overflow
+ flaw in the legacy_parse_param function in the Filesystem Context
+ functionality, allowing an local user (with CAP_SYS_ADMIN capability
+ in the current namespace) to escalate privileges.
+
+CVE-2022-23222
+
+ 'tr3e' discovered that the BPF verifier does not properly restrict
+ several *_OR_NULL pointer types allowing these types to do pointer
+ arithmetic. A local user with the ability to call bpf(), can take
+ advantage of this flaw to excalate privileges. Unprivileged calls to
+ bpf() are disabled by default in Debian, mitigating this flaw.
+
+For the stable distribution (bullseye), these problems have been fixed in
+version 5.10.92-1. This version includes changes which were aimed to
+land in the next Debian bullseye point release.
diff --git a/dsa-texts/5.10.92-2 b/dsa-texts/5.10.92-2
new file mode 100644
index 00000000..d459b9e4
--- /dev/null
+++ b/dsa-texts/5.10.92-2
@@ -0,0 +1,68 @@
+Package : linux
+CVE ID : CVE-2021-43976 CVE-2022-0330 CVE-2022-0435 CVE-2022-0516 CVE-2022-0847 CVE-2022-22942 CVE-2022-24448 CVE-2022-24959 CVE-2022-25258 CVE-2022-25375
+
+Several vulnerabilities have been discovered in the Linux kernel that
+may lead to a privilege escalation, denial of service or information
+leaks.
+
+CVE-2021-43976
+
+ Zekun Shen and Brendan Dolan-Gavitt discovered a flaw in the
+ mwifiex_usb_recv() function of the Marvell WiFi-Ex USB Driver. An
+ attacker able to connect a crafted USB device can take advantage of
+ this flaw to cause a denial of service.
+
+CVE-2022-0330
+
+ Sushma Venkatesh Reddy discovered a missing GPU TLB flush in the
+ i915 driver, resulting in denial of service or privilege escalation.
+
+CVE-2022-0435
+
+ Samuel Page and Eric Dumazet reported a stack overflow in the
+ networking module for the Transparent Inter-Process Communication
+ (TIPC) protocol, resulting in denial of service or potentially the
+ execution of arbitrary code.
+
+CVE-2022-0516
+
+ It was discovered that an insufficient check in the KVM subsystem
+ for s390x could allow unauthorized memory read or write access.
+
+CVE-2022-0847
+
+ Max Kellermann discovered a flaw in the handling of pipe buffer
+ flags. An attacker can take advantage of this flaw for local
+ privilege escalation.
+
+CVE-2022-22942
+
+ It was discovered that wrong file file descriptor handling in the
+ VMware Virtual GPU driver (vmwgfx) could result in information leak
+ or privilege escalation.
+
+CVE-2022-24448
+
+ Lyu Tao reported a flaw in the NFS implementation in the Linux
+ kernel when handling requests to open a directory on a regular file,
+ which could result in a information leak.
+
+CVE-2022-24959
+
+ A memory leak was discovered in the yam_siocdevprivate() function of
+ the YAM driver for AX.25, which could result in denial of service.
+
+CVE-2022-25258
+
+ Szymon Heidrich reported the USB Gadget subsystem lacks certain
+ validation of interface OS descriptor requests, resulting in memory
+ corruption.
+
+CVE-2022-25375
+
+ Szymon Heidrich reported that the RNDIS USB gadget lacks validation
+ of the size of the RNDIS_MSG_SET command, resulting in information
+ leak from kernel memory.
+
+For the stable distribution (bullseye), these problems have been fixed in
+version 5.10.92-2.
diff --git a/dsa-texts/6.1.37-1 b/dsa-texts/6.1.37-1
new file mode 100644
index 00000000..56aa3005
--- /dev/null
+++ b/dsa-texts/6.1.37-1
@@ -0,0 +1,71 @@
+Package : linux
+CVE ID : CVE-2023-2124 CVE-2023-2156 CVE-2023-2269 CVE-2023-3090 CVE-2023-3212 CVE-2023-3268 CVE-2023-3269 CVE-2023-3390 CVE-2023-31084 CVE-2023-32250 CVE-2023-32254 CVE-2023-35788
+
+Several vulnerabilities have been discovered in the Linux kernel that
+may lead to a privilege escalation, denial of service or information
+leaks.
+
+CVE-2023-2124
+
+ Kyle Zeng, Akshay Ajayan and Fish Wang discovered that missing
+ metadata validation may result in denial of service or potential
+ privilege escalation if a corrupted XFS disk image is mounted.
+
+CVE-2023-2156
+
+ It was discovered that the IPv6 RPL protocol implementation in the
+ Linux kernel did not properly handled user-supplied data, resulting
+ in a triggerable assertion. An unauthenticated remote attacker can
+ take advantage of this flaw for denial of service.
+
+CVE-2023-2269
+
+ Zheng Zhang reported that improper handling of locking in the device
+ mapper implementation may result in denial of service.
+
+CVE-2023-3090
+
+ It was discovered that missing initialization in ipvlan networking
+ may lead to an out-of-bounds write vulnerability, resulting in
+ denial of service or potentially the execution of arbitrary code.
+
+CVE-2023-3212
+
+ Yang Lan that missing validation in the GFS2 filesystem could result
+ in denial of service via a NULL pointer dereference when mounting a
+ malformed GFS2 filesystem.
+
+CVE-2023-3268
+
+ It was discovered that an out-of-bounds memory access in relayfs
+ could result in denial of service or an information leak.
+
+CVE-2023-3269
+
+ Ruihan Li discovered that incorrect lock handling for accessing and
+ updating virtual memory areas (VMAs) may result in privilege
+ escalation.
+
+CVE-2023-3390
+
+ A use-after-free flaw in the netfilter subsystem caused by incorrect
+ error path handling may result in denial of service or privilege
+ escalation.
+
+CVE-2023-31084
+
+ It was discovered that the DVB Core driver does not properly handle
+ locking of certain events, allowing a local user to cause a denial
+ of service.
+
+CVE-2023-32250 / CVE-2023-32254
+
+ Quentin Minster discovered two race conditions in KSMBD, a kernel
+ server which implements the SMB3 protocol, which could result in
+ denial of service or potentially the execution of arbitrary code.
+
+CVE-2023-35788
+
+ Hangyu Hua discovered an out-of-bounds write vulnerability in the
+ Flower classifier which may result in denial of service or the
+ execution of arbitrary code.
diff --git a/dsa-texts/6.1.52-1 b/dsa-texts/6.1.52-1
new file mode 100644
index 00000000..4c7fe9d9
--- /dev/null
+++ b/dsa-texts/6.1.52-1
@@ -0,0 +1,146 @@
+Package : linux
+CVE ID : CVE-2023-1206 CVE-2023-1989 CVE-2023-2430
+ CVE-2023-2898 CVE-2023-3611 CVE-2023-3772 CVE-2023-3773
+ CVE-2023-3776 CVE-2023-3777 CVE-2023-3863 CVE-2023-4004
+ CVE-2023-4015 CVE-2023-4128 CVE-2023-4132 CVE-2023-4147
+ CVE-2023-4155 CVE-2023-4194 CVE-2023-4206 CVE-2023-4207
+ CVE-2023-4208 CVE-2023-4273 CVE-2023-4569 CVE-2023-4622
+ CVE-2023-20588 CVE-2023-34319 CVE-2023-40283
+
+Several vulnerabilities have been discovered in the Linux kernel that
+may lead to a privilege escalation, denial of service or information
+leaks.
+
+CVE-2023-1206
+
+ It was discovered that the networking stack permits attackers to
+ force hash collisions in the IPv6 connection lookup table, which may
+ result in denial of service (significant increase in the cost of
+ lookups, increased CPU utilization).
+
+CVE-2023-1989
+
+ Zheng Wang reported a race condition in the btsdio Bluetooth adapter
+ driver that can lead to a use-after-free. An attacker able to insert
+ and remove SDIO devices can use this to cause a denial of service
+ (crash or memory corruption) or possibly to run arbitrary code in
+ the kernel.
+
+CVE-2023-2430
+
+ Xingyuan Mo discovered that the io_uring subsystem did not properly
+ handle locking when the target ring is configured with IOPOLL, which
+ may result in denial of service.
+
+CVE-2023-2898
+
+ It was discovered that missing sanitising in the f2fs file
+ system may result in denial of service if a malformed file
+ system is accessed.
+
+CVE-2023-3611
+
+ The TOTE Robot tool found a flaw in the Btrfs filesystem driver that
+ can lead to a use-after-free. It's unclear whether an unprivileged
+ user can exploit this.
+
+CVE-2023-3772
+
+ Lin Ma discovered a NULL pointer dereference flaw in the XFRM
+ subsystem which may result in denial of service.
+
+CVE-2023-3773
+
+ Lin Ma discovered a flaw in the the XFRM subsystem, which may result
+ in denial of service for a user with the CAP_NET_ADMIN capability in
+ any user or network namespace.
+
+CVE-2023-3776, CVE-2023-4128, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208
+
+ It was discovered that a use-after-free in the cls_fw, cls_u32 and
+ cls_route network classifiers may result in denial of service or
+ potential local privilege escalation.
+
+CVE-2023-3777
+
+ Kevin Rich discovered a use-after-free in Netfilter when flushing
+ table rules, which may result in local privilege escalation for a
+ user with the CAP_NET_ADMIN capability in any user or network
+ namespace.
+
+CVE-2023-3863
+
+ It was discovered that a use-after-free in the NFC implementation
+ may result in denial of service, an information leak or potential
+ local privilege escalation.
+
+CVE-2023-4004
+
+ It was discovered that a use-after-free in Netfilter's
+ implementation of PIPAPO (PIle PAcket POlicies) may result in denial
+ of service or potential local privilege escalation for a user with
+ the CAP_NET_ADMIN capability in any user or network namespace.
+
+CVE-2023-4015
+
+ Kevin Rich discovered a use-after-free in Netfilter when handling
+ bound chain deactivation in certain circumstances, may result in
+ denial of service or potential local privilege escalation for a user
+ with the CAP_NET_ADMIN capability in any user or network namespace.
+
+CVE-2023-4132
+
+ A use-after-free in the driver for Siano SMS1xxx based MDTV
+ receivers may result in local denial of service.
+
+CVE-2023-4147
+
+ Kevin Rich discovered a use-after-free in Netfilter when adding a
+ rule with NFTA_RULE_CHAIN_ID, which may result in local privilege
+ escalation for a user with the CAP_NET_ADMIN capability in any user
+ or network namespace.
+
+CVE-2023-4155
+
+ Andy Nguyen discovered a flaw in the KVM subsystem allowing a KVM
+ guest using EV-ES or SEV-SNP to cause a denial of service.
+
+CVE-2023-4194
+
+ A type confusion in the implementation of TUN/TAP network devices
+ may allow a local user to bypass network filters.
+
+CVE-2023-4273
+
+ Maxim Suhanov discovered a stack overflow in the exFAT driver, which
+ may result in local denial of service via a malformed file system.
+
+CVE-2023-4569
+
+ lonial con discovered flaw in the Netfilter subsystem, which may
+ allow a local attacher to cause a double-deactivations of catchall
+ elements, which results in a memory leak.
+
+CVE-2023-4622
+
+ Bing-Jhong Billy Jheng discovered a use-after-free within the Unix
+ domain sockets component, which may result in local privilege
+ escalation.
+
+CVE-2023-20588
+
+ Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Koepf and
+ Oleksii Oleksenko discovered that on some AMD CPUs with the Zen1
+ micro architecture an integer division by zero may leave stale
+ quotient data from a previous division, resulting in a potential
+ leak of sensitive data.
+
+CVE-2023-34319
+
+ Ross Lagerwall discovered a buffer overrun in Xen's netback driver
+ which may allow a Xen guest to cause denial of service to the
+ virtualisation host my sending malformed packets.
+
+CVE-2023-40283
+
+ A use-after-free was discovered in Bluetooth L2CAP socket handling.
diff --git a/dsa-texts/6.1.69-1 b/dsa-texts/6.1.69-1
new file mode 100644
index 00000000..68773fea
--- /dev/null
+++ b/dsa-texts/6.1.69-1
@@ -0,0 +1,53 @@
+Package : linux
+CVE ID : CVE-2023-6531 CVE-2023-6622 CVE-2023-6817 CVE-2023-6931 CVE-2023-51779 CVE-2023-51780 CVE-2023-51781 CVE-2023-51782
+
+Several vulnerabilities have been discovered in the Linux kernel that
+may lead to a privilege escalation, denial of service or information
+leaks.
+
+CVE-2023-6531
+
+ Jann Horn discovered a use-after-free flaw due to a race condition
+ problem when the unix garbage collector's deletion of a SKB races
+ with unix_stream_read_generic() on the socket that the SKB is
+ queued on.
+
+CVE-2023-6622
+
+ Xingyuan Mo discovered a flaw in the netfilter subsystem which may
+ result in denial of service or privilege escalation for a user with
+ the CAP_NET_ADMIN capability in any user or network namespace.
+
+CVE-2023-6817
+
+ Xingyuan Mo discovered that a use-after-free in Netfilter's
+ implementation of PIPAPO (PIle PAcket POlicies) may result in denial
+ of service or potential local privilege escalation for a user with
+ the CAP_NET_ADMIN capability in any user or network namespace.
+
+CVE-2023-6931
+
+ Budimir Markovic reported a heap out-of-bounds write vulnerability
+ in the Linux kernel's Performance Events system which may result in
+ denial of service or privilege escalation.
+
+CVE-2023-51779
+
+ It was discovered that a race condition in the Bluetooth subsystem
+ in the bt_sock_ioctl handling may lead to a use-after-free.
+
+CVE-2023-51780
+
+ It was discovered that a race condition in the ATM (Asynchronous
+ Transfer Mode) subsystem may lead to a use-after-free.
+
+CVE-2023-51781
+
+ It was discovered that a race condition in the Appletalk subsystem
+ may lead to a use-after-free.
+
+CVE-2023-51782
+
+ It was discovered that a race condition in the Amateur Radio X.25
+ PLP (Rose) support may lead to a use-after-free.
+
diff --git a/eol_releases b/eol_releases
index 26969856..d16583a4 100644
--- a/eol_releases
+++ b/eol_releases
@@ -2,3 +2,5 @@
3.2-wheezy-security
3.16-upstream-stable
3.16-jessie-security
+4.9-upstream-stable
+4.9-stretch-security
diff --git a/active/CVE-2018-12929 b/ignored/CVE-2018-12929
index ed631303..cf4d4f64 100644
--- a/active/CVE-2018-12929
+++ b/ignored/CVE-2018-12929
@@ -2,14 +2,18 @@ Description: use-after-free in ntfs_read_locked_inode()
References:
Notes:
carnil> Upload for Debian disables NTFS_FS and marks it as BROKEN
+ jmm> Setting as ignored for upstream since dead/unmaintained and
+ jmm> ignored for all suites where it's marked as BROKEN
Bugs:
-upstream: needed
-5.10-upstream-stable: needed
-4.19-upstream-stable: needed
-4.9-upstream-stable: needed
+upstream: ignored
+6.1-upstream-stable: ignored
+5.10-upstream-stable: ignored
+4.19-upstream-stable: ignored
+4.9-upstream-stable: ignored "EOL"
3.16-upstream-stable: ignored "ntfs is not supportable"
sid: released (4.19.37-1) [debian/ntfs-mark-it-as-broken.patch]
+6.1-bookworm-security: N/A "Fixed before branch point"
5.10-bullseye-security: N/A "Fixed before branching point"
4.19-buster-security: N/A "Fixed before branching point"
-4.9-stretch-security: needed
+4.9-stretch-security: ignored "EOL"
3.16-jessie-security: ignored "ntfs is not supportable"
diff --git a/active/CVE-2018-12930 b/ignored/CVE-2018-12930
index 7c28c0a3..46a79bab 100644
--- a/active/CVE-2018-12930
+++ b/ignored/CVE-2018-12930
@@ -3,14 +3,18 @@ References:
Notes:
jmm> Red Hat fixed that in RHSA-2019:0641
carnil> Upload for Debian disables NTFS_FS and marks it as BROKEN
+ jmm> Setting as ignored for upstream since dead/unmaintained and
+ jmm> ignored for all suites where it's marked as BROKEN
Bugs:
-upstream: needed
-5.10-upstream-stable: needed
-4.19-upstream-stable: needed
-4.9-upstream-stable: needed
+upstream: ignored
+6.1-upstream-stable: ignored
+5.10-upstream-stable: ignored
+4.19-upstream-stable: ignored
+4.9-upstream-stable: ignored "EOL"
3.16-upstream-stable: ignored "ntfs is not supportable"
sid: released (4.19.37-1) [debian/ntfs-mark-it-as-broken.patch]
+6.1-bookworm-security: N/A "Fixed before branch point"
5.10-bullseye-security: N/A "Fixed before branching point"
4.19-buster-security: N/A "Fixed before branching point"
-4.9-stretch-security: needed
+4.9-stretch-security: ignored "EOL"
3.16-jessie-security: ignored "ntfs is not supportable"
diff --git a/active/CVE-2018-12931 b/ignored/CVE-2018-12931
index fb992a43..73648271 100644
--- a/active/CVE-2018-12931
+++ b/ignored/CVE-2018-12931
@@ -3,14 +3,18 @@ References:
Notes:
jmm> Red Hat fixed that in RHSA-2019:0641
carnil> Upload for Debian disables NTFS_FS and marks it as BROKEN
+ jmm> Setting as ignored for upstream since dead/unmaintained and
+ jmm> ignored for all suites where it's marked as BROKEN
Bugs:
-upstream: needed
-5.10-upstream-stable: needed
-4.19-upstream-stable: needed
-4.9-upstream-stable: needed
+upstream: ignored
+6.1-upstream-stable: ignored
+5.10-upstream-stable: ignored
+4.19-upstream-stable: ignored
+4.9-upstream-stable: ignored "EOL"
3.16-upstream-stable: ignored "ntfs is not supportable"
sid: released (4.19.37-1) [debian/ntfs-mark-it-as-broken.patch]
+6.1-bookworm-security: N/A "Fixed before branch point"
5.10-bullseye-security: N/A "Fixed before branching point"
4.19-buster-security: N/A "Fixed before branching point"
-4.9-stretch-security: needed
+4.9-stretch-security: ignored "EOL"
3.16-jessie-security: ignored "ntfs is not supportable"
diff --git a/ignored/CVE-2022-41848 b/ignored/CVE-2022-41848
new file mode 100644
index 00000000..ecdb6a6c
--- /dev/null
+++ b/ignored/CVE-2022-41848
@@ -0,0 +1,15 @@
+Description: char: pcmcia: synclink_cs: Fix use-after-free in mgslpc_ops
+References:
+ https://lore.kernel.org/lkml/20220919040251.GA302541@ubuntu/T/#rc85e751f467b3e6f9ccef92cfa7fb8a6cc50c270
+Notes:
+ carnil> Negligible security impact, would need physical access to
+ carnil> "exploit"
+Bugs:
+upstream: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway"
+6.1-upstream-stable: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway"
+5.10-upstream-stable: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway"
+4.19-upstream-stable: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway"
+sid: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway"
+6.1-bookworm-security: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway"
+5.10-bullseye-security: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway"
+4.19-buster-security: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway"
diff --git a/ignored/CVE-2022-44032 b/ignored/CVE-2022-44032
new file mode 100644
index 00000000..0a5b4ee8
--- /dev/null
+++ b/ignored/CVE-2022-44032
@@ -0,0 +1,16 @@
+Description: char: pcmcia: cm4000_cs: Fix use-after-free in cm4000_fops
+References:
+ https://lore.kernel.org/lkml/20220915020834.GA110086@ubuntu/
+ https://lore.kernel.org/lkml/20220919040701.GA302806@ubuntu/
+Notes:
+ carnil> Negligible security impact, would need physical access to
+ carnil> "exploit"
+Bugs:
+upstream: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway"
+6.1-upstream-stable: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway"
+5.10-upstream-stable: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway"
+4.19-upstream-stable: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway"
+sid: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway"
+6.1-bookworm-security: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway"
+5.10-bullseye-security: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway"
+4.19-buster-security: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway"
diff --git a/ignored/CVE-2022-44033 b/ignored/CVE-2022-44033
new file mode 100644
index 00000000..fd8d99da
--- /dev/null
+++ b/ignored/CVE-2022-44033
@@ -0,0 +1,16 @@
+Description: char: pcmcia: cm4040_cs: Fix use-after-free in reader_fops
+References:
+ https://lore.kernel.org/lkml/20220915020834.GA110086@ubuntu/
+ https://lore.kernel.org/lkml/20220919040457.GA302681@ubuntu/
+Notes:
+ carnil> Negligible security impact, would need physical access to
+ carnil> "exploit"
+Bugs:
+upstream: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway"
+6.1-upstream-stable: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway"
+5.10-upstream-stable: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway"
+4.19-upstream-stable: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway"
+sid: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway"
+6.1-bookworm-security: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway"
+5.10-bullseye-security: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway"
+4.19-buster-security: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway"
diff --git a/ignored/CVE-2022-45884 b/ignored/CVE-2022-45884
new file mode 100644
index 00000000..ad9d2013
--- /dev/null
+++ b/ignored/CVE-2022-45884
@@ -0,0 +1,16 @@
+Description: media: dvb-core: Fix use-after-free due to race condition occurring in dvb_register_device()
+References:
+ https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel@gmail.com/
+ https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel@gmail.com/
+Notes:
+ carnil> Negligible security impact, would need physical access to
+ carnil> "exploit"
+Bugs:
+upstream: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway"
+6.1-upstream-stable: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway"
+5.10-upstream-stable: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway"
+4.19-upstream-stable: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway"
+sid: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway"
+6.1-bookworm-security: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway"
+5.10-bullseye-security: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway"
+4.19-buster-security: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway"
diff --git a/ignored/CVE-2022-45885 b/ignored/CVE-2022-45885
new file mode 100644
index 00000000..5980995f
--- /dev/null
+++ b/ignored/CVE-2022-45885
@@ -0,0 +1,16 @@
+Description: media: dvb-core: Fix use-after-free due to race condition occurring in dvb_frontend
+References:
+ https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel@gmail.com/
+ https://lore.kernel.org/linux-media/20221115131822.6640-2-imv4bel@gmail.com/
+Notes:
+ carnil> Negligible security impact, would need physical access to
+ carnil> "exploit"
+Bugs:
+upstream: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway"
+6.1-upstream-stable: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway"
+5.10-upstream-stable: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway"
+4.19-upstream-stable: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway"
+sid: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway"
+6.1-bookworm-security: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway"
+5.10-bullseye-security: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway"
+4.19-buster-security: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway"
diff --git a/active/CVE-2018-10322 b/retired/CVE-2018-10322
index 87a30bb2..0a51f2ec 100644
--- a/active/CVE-2018-10322
+++ b/retired/CVE-2018-10322
@@ -13,6 +13,6 @@ upstream: released (4.17-rc4) [b42db0860e13067fcc7cbfba3966c9e652668bbc]
sid: released (4.16.5-1) [bugfix/all/xfs-enhance-dinode-verifier.patch]
5.10-bullseye-security: N/A "Fixed before branching point"
4.19-buster-security: N/A "Fixed before branching point"
-4.9-stretch-security: needed
+4.9-stretch-security: ignored "EOL"
3.16-jessie-security: ignored "dinode verifier not implemented"
3.2-wheezy-security: ignored "dinode verifier not implemented"
diff --git a/retired/CVE-2018-1108 b/retired/CVE-2018-1108
index dbe962e9..56547cf4 100644
--- a/retired/CVE-2018-1108
+++ b/retired/CVE-2018-1108
@@ -8,6 +8,9 @@ Notes:
carnil> and 8ef35c866f8862df074a49a93b0309725812dea8 (needed for 4.8+)
carnil> CVE-2018-1108 itself has "Cc: stable@kernel.org # 4.8+"
carnil> 4.9.88-1+deb9u1 reverts the fix due to various reported regressions.
+ bwh> This is finally being fixed for 4.9 through a backport of the
+ bwh> random driver that includes improvements to entropy gathering and
+ bwh> so avoids the regression.
Bugs:
upstream: released (4.17-rc2) [43838a23a05fbd13e47d750d3dfd77001536dd33]
4.19-upstream-stable: N/A "Fixed before branch point"
@@ -16,6 +19,6 @@ upstream: released (4.17-rc2) [43838a23a05fbd13e47d750d3dfd77001536dd33]
3.2-upstream-stable: N/A "Vulnerable code not present"
sid: released (4.16.5-1)
4.19-buster-security: N/A "Fixed before branching point"
-4.9-stretch-security: ignored "Can't be fixed without many user-space changes"
+4.9-stretch-security: released (4.9.320-2)
3.16-jessie-security: N/A "Vulnerable code not present"
3.2-wheezy-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2018-13095 b/retired/CVE-2018-13095
index c586fec3..46e10760 100644
--- a/active/CVE-2018-13095
+++ b/retired/CVE-2018-13095
@@ -15,5 +15,5 @@ upstream: released (4.18-rc3) [23fcb3340d033d9f081e21e6c12c2db7eaa541d3]
sid: released (4.18.6-1)
5.10-bullseye-security: N/A "Fixed before branching point"
4.19-buster-security: N/A "Fixed before branching point"
-4.9-stretch-security: needed
+4.9-stretch-security: ignored "EOL"
3.16-jessie-security: ignored "Too risky to backport"
diff --git a/retired/CVE-2018-25020 b/retired/CVE-2018-25020
new file mode 100644
index 00000000..0ed4a509
--- /dev/null
+++ b/retired/CVE-2018-25020
@@ -0,0 +1,16 @@
+Description: bpf: fix truncated jump targets on heavy expansions
+References:
+Notes:
+ bwh> I'm not sure whether BPF in 4.9 can expand BPF programs enough
+ bwh> to trigger this bug, but I'd rather enforce that at run-time
+ bwh> than carry out an analyse which might be invalidated by later
+ bwh> changes. Therefore marking this as needed.
+Bugs:
+upstream: released (4.17-rc7) [050fad7c4534c13c8eb1d9c2ba66012e014773cb]
+5.10-upstream-stable: N/A "Fixed before branching point"
+4.19-upstream-stable: N/A "Fixed before branching point"
+4.9-upstream-stable: needed
+sid: released (4.17.3-1)
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Fixed before branching point"
+4.9-stretch-security: ignored "EOL"
diff --git a/active/CVE-2019-19036 b/retired/CVE-2019-19036
index ea177751..7ab73d15 100644
--- a/active/CVE-2019-19036
+++ b/retired/CVE-2019-19036
@@ -21,5 +21,5 @@ upstream: released (5.4-rc1) [62fdaa52a3d00a875da771719b6dc537ca79fce1]
sid: released (5.3.7-1)
5.10-bullseye-security: N/A "Fixed before branching point"
4.19-buster-security: released (4.19.131-1)
-4.9-stretch-security: needed
+4.9-stretch-security: ignored "EOL"
3.16-jessie-security: ignored "EOL"
diff --git a/active/CVE-2019-19039 b/retired/CVE-2019-19039
index 23b20f46..c5a144fc 100644
--- a/active/CVE-2019-19039
+++ b/retired/CVE-2019-19039
@@ -16,5 +16,5 @@ upstream: released (5.7-rc1) [b3ff8f1d380e65dddd772542aa9bff6c86bf715a]
sid: released (5.6.7-1)
5.10-bullseye-security: N/A "Fixed before branching point"
4.19-buster-security: released (4.19.160-1)
-4.9-stretch-security: needed
+4.9-stretch-security: ignored "EOL"
3.16-jessie-security: ignored "EOL"
diff --git a/active/CVE-2019-19377 b/retired/CVE-2019-19377
index 8f7532a0..57e43caf 100644
--- a/active/CVE-2019-19377
+++ b/retired/CVE-2019-19377
@@ -15,5 +15,5 @@ upstream: released (5.7-rc1) [b3ff8f1d380e65dddd772542aa9bff6c86bf715a]
sid: released (5.6.7-1)
5.10-bullseye-security: N/A "Fixed before branching point"
4.19-buster-security: released (4.19.160-1)
-4.9-stretch-security: needed
+4.9-stretch-security: ignored "EOL"
3.16-jessie-security: ignored "EOL"
diff --git a/active/CVE-2019-20811 b/retired/CVE-2019-20811
index 0fe7e227..0fe7e227 100644
--- a/active/CVE-2019-20811
+++ b/retired/CVE-2019-20811
diff --git a/active/CVE-2019-2213 b/retired/CVE-2019-2213
index a0ee1706..55b84056 100644
--- a/active/CVE-2019-2213
+++ b/retired/CVE-2019-2213
@@ -17,5 +17,5 @@ upstream: released (5.2-rc6) [a370003cc301d4361bae20c9ef615f89bf8d1e8a]
sid: released (5.2.6-1)
5.10-bullseye-security: N/A "Fixed before branching point"
4.19-buster-security: released (4.19.67-1)
-4.9-stretch-security: needed
+4.9-stretch-security: ignored "EOL"
3.16-jessie-security: ignored "Android drivers not supported"
diff --git a/retired/CVE-2019-25160 b/retired/CVE-2019-25160
new file mode 100644
index 00000000..8e7c7472
--- /dev/null
+++ b/retired/CVE-2019-25160
@@ -0,0 +1,17 @@
+Description: netlabel: fix out-of-bounds memory accesses
+References:
+Notes:
+ carnil> Introduced in 446fda4f2682 ("[NetLabel]: CIPSOv4 engine")
+ carnil> 3faa8f982f95 ("netlabel: Move bitmap manipulation functions to the NetLabel
+ carnil> core."). Vulnerable versions: 2.6.19-rc1.
+Bugs:
+upstream: released (5.0) [5578de4834fe0f2a34fedc7374be691443396d1f]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Fixed before branching point"
+4.19-upstream-stable: released (4.19.28) [e3713abc4248aa6bcc11173d754c418b02a62cbb]
+sid: released (4.19.28-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Fixed before branching point"
diff --git a/retired/CVE-2019-25162 b/retired/CVE-2019-25162
new file mode 100644
index 00000000..ed62f2a3
--- /dev/null
+++ b/retired/CVE-2019-25162
@@ -0,0 +1,16 @@
+Description: i2c: Fix a potential use after free
+References:
+Notes:
+ carnil> Introduced in 611e12ea0f12 ("i2c: core: manage i2c bus device refcount in
+ carnil> i2c_[get|put]_adapter"). Vulnerable versions: 4.3-rc1.
+Bugs:
+upstream: released (6.0-rc1) [e4c72c06c367758a14f227c847f9d623f1994ecf]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.137) [81cb31756888bb062e92d2dca21cd629d77a46a9]
+4.19-upstream-stable: released (4.19.256) [23a191b132cd87f746c62f3dc27da33683d85829]
+sid: released (5.19.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.140-1)
+4.19-buster-security: released (4.19.260-1)
diff --git a/active/CVE-2019-9245 b/retired/CVE-2019-9245
index c674330b..c674330b 100644
--- a/active/CVE-2019-9245
+++ b/retired/CVE-2019-9245
diff --git a/active/CVE-2019-9453 b/retired/CVE-2019-9453
index e1fa0174..e1fa0174 100644
--- a/active/CVE-2019-9453
+++ b/retired/CVE-2019-9453
diff --git a/active/CVE-2019-kvm-guest-xcr0 b/retired/CVE-2019-kvm-guest-xcr0
index 0b9b33fd..8bc98b6d 100644
--- a/active/CVE-2019-kvm-guest-xcr0
+++ b/retired/CVE-2019-kvm-guest-xcr0
@@ -17,5 +17,5 @@ upstream: released (5.1-rc6) [1811d979c71621aafc7b879477202d286f7e863b]
sid: released (5.2.6-1)
5.10-bullseye-security: N/A "Fixed before branching point"
4.19-buster-security: released (4.19.87-1)
-4.9-stretch-security: needed
+4.9-stretch-security: ignored "EOL"
3.16-jessie-security: ignored "EOL"
diff --git a/active/CVE-2020-0030 b/retired/CVE-2020-0030
index c22f65dc..c22f65dc 100644
--- a/active/CVE-2020-0030
+++ b/retired/CVE-2020-0030
diff --git a/active/CVE-2020-0067 b/retired/CVE-2020-0067
index 2c83195f..2c83195f 100644
--- a/active/CVE-2020-0067
+++ b/retired/CVE-2020-0067
diff --git a/retired/CVE-2020-12362 b/retired/CVE-2020-12362
new file mode 100644
index 00000000..fdeda45f
--- /dev/null
+++ b/retired/CVE-2020-12362
@@ -0,0 +1,24 @@
+Description: i915: Integer overflow in GuC firmware leading to priv-esc
+References:
+ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html
+Notes:
+ carnil> Claimed to affect versions before Linux kernel version 5.5.
+ carnil> Not adding fixed versions as wanting to try to pinpoint the
+ carnil> respective needed commits for correct tracking.
+ carnil> Per Intel, this was fixed by a firmware update. v49.0.1 of the
+ carnil> firmware is required. The new firmware requires a kernel patch
+ carnil> https://git.kernel.org/linus/c784e5249e773689e38d2bc1749f08b986621a26
+ carnil> So might not be treaded as Linux issue itself.
+ bwh> Let's treat it as both firmware and kernel, similar to CPU issues
+ bwh> that need both microcode and kernel changes.
+Bugs:
+upstream: released (5.11-rc1) [c784e5249e773689e38d2bc1749f08b986621a26]
+6.1-upstream-stable: N/A "Fixed before branch point"
+5.10-upstream-stable: ignored "too intrusive to backport"
+4.19-upstream-stable: ignored "too intrusive to backport"
+4.9-upstream-stable: ignored "EOL"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: ignored "too intrusive to backport"
+4.19-buster-security: ignored "too intrusive to backport"
+4.9-stretch-security: ignored "EOL"
diff --git a/active/CVE-2020-16119 b/retired/CVE-2020-16119
index 4eae27d7..2c5edbc8 100644
--- a/active/CVE-2020-16119
+++ b/retired/CVE-2020-16119
@@ -14,4 +14,4 @@ upstream: released (5.15-rc2) [d9ea761fdd197351890418acd462c51f241014a7]
sid: released (5.14.6-1) [bugfix/all/dccp-don-t-duplicate-ccid-when-cloning-dccp-sock.patch]
5.10-bullseye-security: released (5.10.46-5) [bugfix/all/dccp-don-t-duplicate-ccid-when-cloning-dccp-sock.patch]
4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: pending (4.9.290-1)
+4.9-stretch-security: released (4.9.290-1)
diff --git a/retired/CVE-2020-26140 b/retired/CVE-2020-26140
new file mode 100644
index 00000000..908c2fc0
--- /dev/null
+++ b/retired/CVE-2020-26140
@@ -0,0 +1,23 @@
+Description: Accepting plaintext data frames in protected networks
+References:
+ https://papers.mathyvanhoef.com/usenix2021.pdf
+ https://www.fragattacks.com/
+ https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
+Notes:
+ carnil> Needs to be checked if this really has a fix in Linux.
+ bwh> I don't think this bug was present in mac80211, but individual
+ bwh> drivers or firmware might be affected. The same issue was found
+ bwh> earlier in some vendor drivers which were assigned
+ bwh> CVE-2019-18989, CVE-2019-18990, and CVE-2019-18991:
+ bwh> https://www.synopsys.com/blogs/software-security/cyrc-advisory-sept2020/
+Bugs:
+upstream: N/A "Found in firmware, not kernel or drivers"
+6.1-upstream-stable: N/A "Found in firmware, not kernel or drivers"
+5.10-upstream-stable: N/A "Found in firmware, not kernel or drivers"
+4.19-upstream-stable: N/A "Found in firmware, not kernel or drivers"
+4.9-upstream-stable: N/A "Found in firmware, not kernel or drivers"
+sid: N/A "Found in firmware, not kernel or drivers"
+6.1-bookworm-security: N/A "Found in firmware, not kernel or drivers"
+5.10-bullseye-security: N/A "Found in firmware, not kernel or drivers"
+4.19-buster-security: N/A "Found in firmware, not kernel or drivers"
+4.9-stretch-security: N/A "Found in firmware, not kernel or drivers"
diff --git a/retired/CVE-2020-26142 b/retired/CVE-2020-26142
new file mode 100644
index 00000000..2733fcf8
--- /dev/null
+++ b/retired/CVE-2020-26142
@@ -0,0 +1,20 @@
+Description: Processing fragmented frames as full frames
+References:
+ https://papers.mathyvanhoef.com/usenix2021.pdf
+ https://www.fragattacks.com/
+ https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
+Notes:
+ carnil> Needs to be checked if this really has a fix in Linux.
+ bwh> I don't think this bug was present in mac80211, but individual
+ bwh> drivers or firmware might be affected.
+Bugs:
+upstream: N/A "Found in OpenBSD, not Linux"
+6.1-upstream-stable: N/A "Found in OpenBSD, not Linux"
+5.10-upstream-stable: N/A "Found in OpenBSD, not Linux"
+4.19-upstream-stable: N/A "Found in OpenBSD, not Linux"
+4.9-upstream-stable: N/A "Found in OpenBSD, not Linux"
+sid: N/A "Found in OpenBSD, not Linux"
+6.1-bookworm-security: N/A "Found in OpenBSD, not Linux"
+5.10-bullseye-security: N/A "Found in OpenBSD, not Linux"
+4.19-buster-security: N/A "Found in OpenBSD, not Linux"
+4.9-stretch-security: N/A "Found in OpenBSD, not Linux"
diff --git a/retired/CVE-2020-26143 b/retired/CVE-2020-26143
new file mode 100644
index 00000000..b4a183dd
--- /dev/null
+++ b/retired/CVE-2020-26143
@@ -0,0 +1,20 @@
+Description: Accepting fragmented plaintext frames in protected networks
+References:
+ https://papers.mathyvanhoef.com/usenix2021.pdf
+ https://www.fragattacks.com/
+ https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
+Notes:
+ carnil> Needs to be checked if this really has a fix in Linux.
+ bwh> I don't think this bug was present in mac80211, but individual
+ bwh> drivers or firmware might be affected.
+Bugs:
+upstream: N/A "Found in firmware, not kernel or drivers"
+6.1-upstream-stable: N/A "Found in firmware, not kernel or drivers"
+5.10-upstream-stable: N/A "Found in firmware, not kernel or drivers"
+4.19-upstream-stable: N/A "Found in firmware, not kernel or drivers"
+4.9-upstream-stable: N/A "Found in firmware, not kernel or drivers"
+sid: N/A "Found in firmware, not kernel or drivers"
+6.1-bookworm-security: N/A "Found in firmware, not kernel or drivers"
+5.10-bullseye-security: N/A "Found in firmware, not kernel or drivers"
+4.19-buster-security: N/A "Found in firmware, not kernel or drivers"
+4.9-stretch-security: N/A "Found in firmware, not kernel or drivers"
diff --git a/retired/CVE-2020-26556 b/retired/CVE-2020-26556
new file mode 100644
index 00000000..60be7fc6
--- /dev/null
+++ b/retired/CVE-2020-26556
@@ -0,0 +1,17 @@
+Description: malleable commitment Bluetooth Mesh Provisioning
+References:
+ https://kb.cert.org/vuls/id/799380
+ https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/malleable/
+ https://bugzilla.redhat.com/show_bug.cgi?id=1960012
+Notes:
+ bwh> Mesh provisioning seems to be handled in user-space.
+ bwh> This was addressed in bluez 5.50-1.1.
+Bugs:
+upstream: N/A "Not implemented in kernel"
+5.10-upstream-stable: N/A "Not implemented in kernel"
+4.19-upstream-stable: N/A "Not implemented in kernel"
+4.9-upstream-stable: N/A "Not implemented in kernel"
+sid: N/A "Not implemented in kernel"
+5.10-bullseye-security: N/A "Not implemented in kernel"
+4.19-buster-security: N/A "Not implemented in kernel"
+4.9-stretch-security: N/A "Not implemented in kernel"
diff --git a/retired/CVE-2020-26557 b/retired/CVE-2020-26557
new file mode 100644
index 00000000..4a86b8c4
--- /dev/null
+++ b/retired/CVE-2020-26557
@@ -0,0 +1,16 @@
+Description: predictable Authvalue in Bluetooth Mesh Provisioning Leads to MITM
+References:
+ https://kb.cert.org/vuls/id/799380
+ https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/predicatable-authvalue/
+ https://bugzilla.redhat.com/show_bug.cgi?id=1960009
+Notes:
+ bwh> Mesh provisioning seems to be handled in user-space.
+Bugs:
+upstream: N/A "Not implemented in kernel"
+5.10-upstream-stable: N/A "Not implemented in kernel"
+4.19-upstream-stable: N/A "Not implemented in kernel"
+4.9-upstream-stable: N/A "Not implemented in kernel"
+sid: N/A "Not implemented in kernel"
+5.10-bullseye-security: N/A "Not implemented in kernel"
+4.19-buster-security: N/A "Not implemented in kernel"
+4.9-stretch-security: N/A "Not implemented in kernel"
diff --git a/retired/CVE-2020-26559 b/retired/CVE-2020-26559
new file mode 100644
index 00000000..3112e2b1
--- /dev/null
+++ b/retired/CVE-2020-26559
@@ -0,0 +1,16 @@
+Description: Authvalue leak in Bluetooth Mesh Provisioning
+References:
+ https://kb.cert.org/vuls/id/799380
+ https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/authvalue-leak/
+ https://bugzilla.redhat.com/show_bug.cgi?id=1960011
+Notes:
+ bwh> Mesh provisioning seems to be handled in user-space.
+Bugs:
+upstream: N/A "Not implemented in kernel"
+5.10-upstream-stable: N/A "Not implemented in kernel"
+4.19-upstream-stable: N/A "Not implemented in kernel"
+4.9-upstream-stable: N/A "Not implemented in kernel"
+sid: N/A "Not implemented in kernel"
+5.10-bullseye-security: N/A "Not implemented in kernel"
+4.19-buster-security: N/A "Not implemented in kernel"
+4.9-stretch-security: N/A "Not implemented in kernel"
diff --git a/retired/CVE-2020-26560 b/retired/CVE-2020-26560
new file mode 100644
index 00000000..be0abd40
--- /dev/null
+++ b/retired/CVE-2020-26560
@@ -0,0 +1,16 @@
+Description: impersonation attack in Bluetooth Mesh Provisioning
+References:
+ https://kb.cert.org/vuls/id/799380
+ https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/impersonation-mesh/
+ https://bugzilla.redhat.com/show_bug.cgi?id=1959994
+Notes:
+ bwh> Mesh provisioning seems to be handled in user-space.
+Bugs:
+upstream: N/A "Not implemented in kernel"
+5.10-upstream-stable: N/A "Not implemented in kernel"
+4.19-upstream-stable: N/A "Not implemented in kernel"
+4.9-upstream-stable: N/A "Not implemented in kernel"
+sid: N/A "Not implemented in kernel"
+5.10-bullseye-security: N/A "Not implemented in kernel"
+4.19-buster-security: N/A "Not implemented in kernel"
+4.9-stretch-security: N/A "Not implemented in kernel"
diff --git a/retired/CVE-2020-27784 b/retired/CVE-2020-27784
new file mode 100644
index 00000000..ec229e66
--- /dev/null
+++ b/retired/CVE-2020-27784
@@ -0,0 +1,11 @@
+Description: usb: gadget: function: printer: fix use-after-free in __lock_acquire
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1901728
+Notes:
+Bugs:
+upstream: released (5.10-rc1) [e8d5f92b8d30bb4ade76494490c3c065e12411b1]
+5.10-upstream-stable: N/A "Fixed before branching point"
+4.19-upstream-stable: released (4.19.154) [cedb0187b8ba929c3f76f28e6bc25804d65f8a54]
+sid: released (5.9.6-1)
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.160-1)
diff --git a/active/CVE-2020-29374 b/retired/CVE-2020-29374
index 0182af32..888e85ea 100644
--- a/active/CVE-2020-29374
+++ b/retired/CVE-2020-29374
@@ -5,12 +5,15 @@ References:
https://lore.kernel.org/stable/20211012015244.693594-1-surenb@google.com/
Notes:
bwh> The issue is said to go back to "2.x kernels"
+ carnil> The backport for 4.9.y got reverted in 4.9.298, cf.
+ carnil> 6fbb8383884f2c89f4c7e2c8603b5ed1b90b815f, and then followed by
+ carnil> 0c29640bdecad332b9e2b884217c159f4aeb2556.
Bugs:
upstream: released (5.8-rc1) [17839856fd588f4ab6b789f482ed3ffd7c403e1f]
5.10-upstream-stable: N/A "Fixed before branch point"
-4.19-upstream-stable: released (4.19.189) [5e24029791e809d641e9ea46a1f99806484e53fc]
-4.9-upstream-stable: released (4.9.287) 9bbd42e79720122334226afad9ddcac1c3e6d373]
+4.19-upstream-stable: released (4.19.189) [5e24029791e809d641e9ea46a1f99806484e53fc], released (4.19.226) [294c7a9fb608c29a9e49010b515228e20ccbec8f]
+4.9-upstream-stable: released (4.9.298) [0c29640bdecad332b9e2b884217c159f4aeb2556]
sid: released (5.7.6-1)
5.10-bullseye-security: N/A "Fixed before branching point"
-4.19-buster-security: released (4.19.194-1)
+4.19-buster-security: released (4.19.194-1), released (4.19.232-1)
4.9-stretch-security: released (4.9.272-1) [bugfix/all/gup-document-and-work-around-cow-can-break-either-wa.patch]
diff --git a/active/CVE-2020-36322 b/retired/CVE-2020-36322
index 21084948..5aa1831c 100644
--- a/active/CVE-2020-36322
+++ b/retired/CVE-2020-36322
@@ -8,9 +8,9 @@ Notes:
Bugs:
upstream: released (5.11-rc1) [5d069dbe8aaf2a197142558b6fb2978189ba3454]
5.10-upstream-stable: released (5.10.6) [36cf9ae54b0ead0daab7701a994de3dcd9ef605d]
-4.19-upstream-stable: needed
-4.9-upstream-stable: needed
+4.19-upstream-stable: released (4.19.226) [1e1bb4933f1faafc68db8e0ecd5838a65dd1aae9]
+4.9-upstream-stable: released (4.9.298) [3a2f8823aa565cc67bdd00c4cd5e1d8ad81e8436]
sid: released (5.10.9-1)
5.10-bullseye-security: N/A "Fixed before branching point"
-4.19-buster-security: needed
+4.19-buster-security: released (4.19.232-1)
4.9-stretch-security: released (4.9.272-1) [bugfix/all/fuse-fix-bad-inode.patch]
diff --git a/retired/CVE-2020-36516 b/retired/CVE-2020-36516
new file mode 100644
index 00000000..70c24518
--- /dev/null
+++ b/retired/CVE-2020-36516
@@ -0,0 +1,18 @@
+Description: Off-Path TCP Exploits of the Mixed IPID Assignment
+References:
+ https://dl.acm.org/doi/10.1145/3372297.3417884
+ https://bugzilla.suse.com/show_bug.cgi?id=1196616#c9
+ https://github.com/SUSE/kernel-source/commit/1c066c91bf093a67f76468a0d3a074bb8d09e272
+Notes:
+ carnil> Few detailed information available, possibly related to the
+ carnil> commits from the merge of "ipv4-less-uses-of-shared-ip-
+ carnil> generator" in 3ede6465e756651ff5bd9b495d6cacd5ec8216e5.
+Bugs:
+upstream: released (5.17-rc2) [23f57406b82de51809d5812afd96f210f8b627f3]
+5.10-upstream-stable: released (5.10.96) [b26fed25e67bc09f28f998569ed14022e07b174b]
+4.19-upstream-stable: released (4.19.228) [eb04c6d1ec67e30f3aa5ef82112cbfdbddfd4f65]
+4.9-upstream-stable: released (4.9.300) [2b77927a8cb7f540ca2bccff4017745104fe371b]
+sid: released (5.16.7-1)
+5.10-bullseye-security: released (5.10.103-1)
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: released (4.9.303-1)
diff --git a/retired/CVE-2020-36557 b/retired/CVE-2020-36557
new file mode 100644
index 00000000..bfb81032
--- /dev/null
+++ b/retired/CVE-2020-36557
@@ -0,0 +1,11 @@
+Description: vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
+References:
+Notes:
+ carnil> for 5.5.y fixed already in 5.5.15.
+Bugs:
+upstream: released (5.7-rc1) [ca4463bf8438b403596edd0ec961ca0d4fbe0220]
+5.10-upstream-stable: N/A "fixed before branch point"
+4.19-upstream-stable: released (4.19.114) [54584f79579b9f6ed49b93cadcd2361223ecce28]
+sid: released (5.5.17-1)
+5.10-bullseye-security: N/A "fixed before branch point"
+4.19-buster-security: released (4.19.118-1)
diff --git a/retired/CVE-2020-36558 b/retired/CVE-2020-36558
new file mode 100644
index 00000000..dfc22fbf
--- /dev/null
+++ b/retired/CVE-2020-36558
@@ -0,0 +1,11 @@
+Description: vt: vt_ioctl: fix race in VT_RESIZEX
+References:
+Notes:
+ carnil> For 5.5.y fixed in 5.5.7.
+Bugs:
+upstream: released (5.6-rc3) [6cd1ed50efd88261298577cd92a14f2768eddeeb]
+5.10-upstream-stable: N/A "fixed before branch point"
+4.19-upstream-stable: released (4.19.107) [ec9645f1a77eab98951944273754307e192e69ae]
+sid: released (5.5.13-1)
+5.10-bullseye-security: N/A "fixed before branch point"
+4.19-buster-security: released (4.19.118-1)
diff --git a/retired/CVE-2020-36766 b/retired/CVE-2020-36766
new file mode 100644
index 00000000..47c4675c
--- /dev/null
+++ b/retired/CVE-2020-36766
@@ -0,0 +1,12 @@
+Description: cec-api: prevent leaking memory through hole in structure
+References:
+Notes:
+Bugs:
+upstream: released (5.9-rc1) [6c42227c3467549ddc65efe99c869021d2f4a570]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Fixed before branching point"
+4.19-upstream-stable: released (4.19.143) [da489549711e61bd43f3fd6fe19bb538eb575b39]
+sid: released (5.8.7-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.146-1)
diff --git a/retired/CVE-2020-36777 b/retired/CVE-2020-36777
new file mode 100644
index 00000000..c79eb4b6
--- /dev/null
+++ b/retired/CVE-2020-36777
@@ -0,0 +1,16 @@
+Description: media: dvbdev: Fix memory leak in dvb_media_device_free()
+References:
+Notes:
+ carnil> Introduced in 0230d60e4661 ("[media] dvbdev: Add RF connector if needed").
+ carnil> Vulnerable versions: 4.5-rc1.
+Bugs:
+upstream: released (5.13-rc1) [bf9a40ae8d722f281a2721779595d6df1c33a0bf]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.36) [43263fd43083e412311fa764cd04a727b0c6a749]
+4.19-upstream-stable: released (4.19.191) [cd89f79be5d553c78202f686e8e4caa5fbe94e98]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2020-36778 b/retired/CVE-2020-36778
new file mode 100644
index 00000000..0e99f9e4
--- /dev/null
+++ b/retired/CVE-2020-36778
@@ -0,0 +1,16 @@
+Description: i2c: xiic: fix reference leak when pm_runtime_get_sync fails
+References:
+Notes:
+ carnil> Introduced in 10b17004a74c ("i2c: xiic: Fix the clocking across bind unbind").
+ carnil> Vulnerable versions: 5.6-rc1.
+Bugs:
+upstream: released (5.13-rc1) [a85c5c7a3aa8041777ff691400b4046e56149fd3]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [c977426db644ba476938125597947979e8aba725]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2020-36779 b/retired/CVE-2020-36779
new file mode 100644
index 00000000..16719022
--- /dev/null
+++ b/retired/CVE-2020-36779
@@ -0,0 +1,16 @@
+Description: i2c: stm32f7: fix reference leak when pm_runtime_get_sync fails
+References:
+Notes:
+ carnil> Introduced in ea6dd25deeb5 ("i2c: stm32f7: add PM_SLEEP suspend/resume
+ carnil> support"). Vulnerable versions: 5.6-rc1.
+Bugs:
+upstream: released (5.13-rc1) [2c662660ce2bd3b09dae21a9a9ac9395e1e6c00b]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [c323b270a52a26aa8038a4d1fd9a850904a41166]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2020-36781 b/retired/CVE-2020-36781
new file mode 100644
index 00000000..5c48c726
--- /dev/null
+++ b/retired/CVE-2020-36781
@@ -0,0 +1,16 @@
+Description: i2c: imx: fix reference leak when pm_runtime_get_sync fails
+References:
+Notes:
+ carnil> Introduced in 3a5ee18d2a32 ("i2c: imx: implement master_xfer_atomic callback").
+ carnil> Vulnerable versions: 5.7-rc1.
+Bugs:
+upstream: released (5.13-rc1) [47ff617217ca6a13194fcb35c6c3a0c57c080693]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [3a0cdd336d92c429b51a79bf4f64b17eafa0325d]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2020-36785 b/retired/CVE-2020-36785
new file mode 100644
index 00000000..3bb8ca11
--- /dev/null
+++ b/retired/CVE-2020-36785
@@ -0,0 +1,16 @@
+Description: media: atomisp: Fix use after free in atomisp_alloc_css_stat_bufs()
+References:
+Notes:
+ carnil> Introduced in ad85094b293e ("Revert "media: staging: atomisp: Remove driver"").
+ carnil> Vulnerable versions: 5.8-rc1.
+Bugs:
+upstream: released (5.13-rc1) [ba11bbf303fafb33989e95473e409f6ab412b18d]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [d218c7a0284f6b92a7b82d2e19706e18663b4193]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2020-36786 b/retired/CVE-2020-36786
new file mode 100644
index 00000000..564dae55
--- /dev/null
+++ b/retired/CVE-2020-36786
@@ -0,0 +1,16 @@
+Description: media: [next] staging: media: atomisp: fix memory leak of object flash
+References:
+Notes:
+ carnil> Introduced in 9289cdf39992 ("staging: media: atomisp: Convert to GPIO
+ carnil> descriptors"). Vulnerable versions: 5.10-rc1.
+Bugs:
+upstream: released (5.13-rc1) [6045b01dd0e3cd3759eafe7f290ed04c957500b1]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [cc4cc2fb5aaf9adb83c02211eb13b16cfcb7ba64]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2020-36787 b/retired/CVE-2020-36787
new file mode 100644
index 00000000..f5e61012
--- /dev/null
+++ b/retired/CVE-2020-36787
@@ -0,0 +1,17 @@
+Description: media: aspeed: fix clock handling logic
+References:
+Notes:
+ carnil> Introduced in d2b4387f3bdf ("media: platform: Add Aspeed Video Engine driver")
+ carnil> d3d04f6c330a ("clk: Add support for AST2600 SoC"). Vulnerable versions: 5.0-rc1
+ carnil> 5.4-rc1.
+Bugs:
+upstream: released (5.13-rc1) [3536169f8531c2c5b153921dc7d1ac9fd570cda7]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [a59d01384c80a8a4392665802df57c3df20055f5]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2020-3702 b/retired/CVE-2020-3702
index c9db9499..1180a038 100644
--- a/active/CVE-2020-3702
+++ b/retired/CVE-2020-3702
@@ -12,4 +12,4 @@ upstream: released (5.12-rc1) [56c5485c9e444c2e85e11694b6c44f1338fc20fd, 73488cb
sid: released (5.14.6-1)
5.10-bullseye-security: released (5.10.46-5) [bugfix/all/ath-Use-safer-key-clearing-with-key-cache-entries.patch, bugfix/all/ath9k-Clear-key-cache-explicitly-on-disabling-hardwa.patch, bugfix/all/ath-Export-ath_hw_keysetmac.patch, bugfix/ath-Modify-ath_key_delete-to-not-need-full-key-entry.patch, bugfix/all/ath9k-Postpone-key-cache-entry-deletion-for-TXQ-fram.patch]
4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: pending (4.9.290-1)
+4.9-stretch-security: released (4.9.290-1)
diff --git a/retired/CVE-2021-0707 b/retired/CVE-2021-0707
new file mode 100644
index 00000000..626dec13
--- /dev/null
+++ b/retired/CVE-2021-0707
@@ -0,0 +1,16 @@
+Description: dmabuf: fix use-after-free of dmabuf's file->f_inode
+References:
+ https://source.android.com/security/bulletin/2022-04-01
+Notes:
+ carnil> Commit fixes 4ab59c3c638c ("dma-buf: Move dma_buf_release()
+ carnil> from fops to dentry_ops") in 5.8-rc1 (but backported as well to
+ carnil> 5.7.8 and 5.4.51).
+Bugs:
+upstream: released (5.11-rc3) [05cd84691eafcd7959a1e120d5e72c0dd98c5d91]
+5.10-upstream-stable: released (5.10.7) [a19dae4254c434a1ac8937a809fe08fd15ad3be5]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.9-1)
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-0920 b/retired/CVE-2021-0920
index 6d5c467c..ba629e13 100644
--- a/active/CVE-2021-0920
+++ b/retired/CVE-2021-0920
@@ -1,6 +1,8 @@
Description: af_unix: fix garbage collect vs MSG_PEEK
References:
https://source.android.com/security/bulletin/2021-11-01
+ https://googleprojectzero.blogspot.com/2022/08/the-quantum-state-of-linux-kernel.html
+ https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2021/CVE-2021-0920.html
Notes:
Bugs:
upstream: released (5.14-rc4) [cbcf01128d0a92e131bd09f1688fe032480b65ca]
@@ -10,4 +12,4 @@ upstream: released (5.14-rc4) [cbcf01128d0a92e131bd09f1688fe032480b65ca]
sid: released (5.14.6-1)
5.10-bullseye-security: released (5.10.70-1)
4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: pending (4.9.290-1)
+4.9-stretch-security: released (4.9.290-1)
diff --git a/retired/CVE-2021-1048 b/retired/CVE-2021-1048
new file mode 100644
index 00000000..2df1af2d
--- /dev/null
+++ b/retired/CVE-2021-1048
@@ -0,0 +1,13 @@
+Description: fix regression in "epoll: Keep a reference on files added to the check list"
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2031928
+Notes:
+Bugs:
+upstream: released (5.9-rc4) [77f4689de17c0887775bb77896f4cc11a39bf848]
+5.10-upstream-stable: N/A "Fixed before branching point"
+4.19-upstream-stable: released (4.19.144) [37d933e8b41b83bb8278815e366aec5a542b7e31]
+4.9-upstream-stable: released (4.9.236) [8238ee93a30a5ff6fc75751e122a28e0d92f3e12]
+sid: released (5.8.10-1)
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.146-1)
+4.9-stretch-security: released (4.9.240-1)
diff --git a/active/CVE-2021-20292 b/retired/CVE-2021-20292
index 7b6614f8..e2648933 100644
--- a/active/CVE-2021-20292
+++ b/retired/CVE-2021-20292
@@ -12,7 +12,7 @@ Bugs:
upstream: released (5.9-rc1) [5de5b6ecf97a021f29403aa272cb4e03318ef586]
5.10-upstream-stable: N/A "Fixed before branching point"
4.19-upstream-stable: released (4.19.140) [10c8a526b2db1fcdf9e2d59d4885377b91939c55]
-4.9-upstream-stable: needed
+4.9-upstream-stable: released (4.9.298) [70f44dfbde027f444412cfb4ea9b485a4c1dec0e]
sid: released (5.7.17-1)
5.10-bullseye-security: N/A "Fixed before branching point"
4.19-buster-security: released (4.19.146-1)
diff --git a/retired/CVE-2021-20317 b/retired/CVE-2021-20317
new file mode 100644
index 00000000..44ec6985
--- /dev/null
+++ b/retired/CVE-2021-20317
@@ -0,0 +1,17 @@
+Description: lib/timerqueue: Rely on rbtree semantics for next timer
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2005258
+Notes:
+ bwh> It's not totally clear what the bug is, but the code in 4.9 is
+ bwh> similar enough to 4.19 that I think it must also be affected.
+ bwh> For 4.9, commit cd9e61ed1eeb "rbtree: cache leftmost node internally"
+ bwh> needs to be applied first.
+Bugs:
+upstream: released (5.4-rc1) [511885d7061eda3eb1faf3f57dcc936ff75863f1]
+5.10-upstream-stable: N/A "Fixed before branching point"
+4.19-upstream-stable: released (4.19.210) [b9a1ac8e7c03fd09992352c7fb1a61cbbb9ad52b]
+4.9-upstream-stable: released (4.9.298) [ef2e64035f074bfeef14c28347aaec0b486a9e9f]
+sid: released (5.4.6-1)
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: released (4.9.290-1) [bugfix/all/lib-timerqueue-rely-on-rbtree-semantics-for-next-tim.patch]
diff --git a/retired/CVE-2021-20320 b/retired/CVE-2021-20320
index be42a3b8..6cd0339e 100644
--- a/retired/CVE-2021-20320
+++ b/retired/CVE-2021-20320
@@ -1,6 +1,7 @@
Description: s390 eBPF JIT miscompilation issues fixes
References:
https://lore.kernel.org/bpf/20210902185229.1840281-1-johan.almbladh@anyfinetworks.com/
+ https://bugzilla.redhat.com/show_bug.cgi?id=2010090
Notes:
Bugs:
upstream: released (5.15-rc3) [db7bee653859ef7179be933e7d1384644f795f26, 6e61dc9da0b7a0d91d57c2e20b5ea4fd2d4e7e53, 1511df6f5e9ef32826f20db2ee81f8527154dc14]
diff --git a/active/CVE-2021-20321 b/retired/CVE-2021-20321
index ad21fbc0..ecbcf558 100644
--- a/active/CVE-2021-20321
+++ b/retired/CVE-2021-20321
@@ -8,6 +8,6 @@ upstream: released (5.15-rc5) [a295aef603e109a47af355477326bd41151765b6]
4.19-upstream-stable: released (4.19.211) [9d4969d8b5073d02059bae3f1b8d9a20cf023c55]
4.9-upstream-stable: released (4.9.287) [286f94453fb34f7bd6b696861c89f9a13f498721]
sid: released (5.14.12-1)
-5.10-bullseye-security: needed
-4.19-buster-security: needed
-4.9-stretch-security: pending (4.9.290-1)
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: released (4.9.290-1)
diff --git a/active/CVE-2021-20322 b/retired/CVE-2021-20322
index ba819cf0..d5917886 100644
--- a/active/CVE-2021-20322
+++ b/retired/CVE-2021-20322
@@ -23,5 +23,5 @@ upstream: released (5.14) [4785305c05b25a242e5314cc821f54ade4c18810, 6457378fe79
4.9-upstream-stable: released (4.9.283) [f10ce783bcc4d8ea454563a7d56ae781640e7dcb]
sid: released (5.14.6-1)
5.10-bullseye-security: released (5.10.70-1)
-4.19-buster-security: needed
-4.9-stretch-security: pending (4.9.290-1)
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: released (4.9.290-1)
diff --git a/active/CVE-2021-22543 b/retired/CVE-2021-22543
index 5adec202..4b8ec6fb 100644
--- a/active/CVE-2021-22543
+++ b/retired/CVE-2021-22543
@@ -3,12 +3,15 @@ References:
https://github.com/google/security-research/security/advisories/GHSA-7wq5-phmq-m584
https://www.openwall.com/lists/oss-security/2021/05/26/3
Notes:
+ bwh> For 4.9, at least commits bd2fae8da794 "KVM: do not assume PTE is
+ bwh> writable after follow_pfn" and 097963959594 "mm: add follow_pte_pmd()"
+ bwh> need to be applied first.
Bugs:
upstream: released (5.13) [f8be156be163a052a067306417cd0ff679068c97]
5.10-upstream-stable: released (5.10.47) [dd8ed6c9bc2224c1ace5292d01089d3feb7ebbc3]
4.19-upstream-stable: released (4.19.199) [117777467bc015f0dc5fc079eeba0fa80c965149]
-4.9-upstream-stable: needed
+4.9-upstream-stable: released (4.9.298) [f4b2bfed80e8d0e91b431dd1c21bc3c2c4d5f07e]
sid: released (5.10.46-2) [bugfix/all/KVM-do-not-allow-mapping-valid-but-non-reference-cou.patch]
5.10-bullseye-security: N/A "Fixed before branching point"
4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: needed
+4.9-stretch-security: released (4.9.290-1) [bugfix/all/kvm-do-not-allow-mapping-valid-but-non-reference-cou.patch]
diff --git a/retired/CVE-2021-22600 b/retired/CVE-2021-22600
new file mode 100644
index 00000000..75ea0574
--- /dev/null
+++ b/retired/CVE-2021-22600
@@ -0,0 +1,15 @@
+Description: net/packet: rx_owner_map depends on pg_vec
+References:
+Notes:
+ carnil> Commit fixes 61fad6816fc1 ("net/packet: tpacket_rcv: avoid a
+ carnil> producer race condition") in 5.6 (but backported to several
+ carnil> other series in particular 4.19.114).
+Bugs:
+upstream: released (5.16-rc6) [ec6af094ea28f0f2dda1a6a33b14cd57e36a9755]
+5.10-upstream-stable: released (5.10.88) [7da349f07e457cad135df0920a3f670e423fb5e9]
+4.19-upstream-stable: released (4.19.222) [18c73170de6719491f79b04c727ea8314c246b03]
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-26401 b/retired/CVE-2021-26401
new file mode 100644
index 00000000..4d503e0b
--- /dev/null
+++ b/retired/CVE-2021-26401
@@ -0,0 +1,14 @@
+Description: LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.
+References:
+ http://www.openwall.com/lists/oss-security/2022/03/18/2
+ https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1036
+Notes:
+Bugs:
+upstream: released (5.17-rc8) [244d00b5dd4755f8df892c86cab35fb2cfd4f14b, e9b6013a7ce31535b04b02ba99babefe8a8599fa, eafd987d4a82c7bb5aa12f0e3b4f8f3dea93e678, 0de05d056afdb00eca8c7bbb0c79a3438daf700c]
+5.10-upstream-stable: released (5.10.105) [2fdf67a1d215574c31b1a716f80fa0fdccd401d7, e335384560d1e106b609e8febd7e0427075a8938, cc9e3e55bde71b2fac1494f503d5ffc560c7fb8d, d04937ae94903087279e4a016b7741cdee59d521]
+4.19-upstream-stable: released (4.19.234) [d3cb3a6927222268a10b2f12dfb8c9444f7cc39e, c034d344e733a3ac574dd09e39e911a50025c607, 8bfdba77595aee5c3e83ed1c9994c35d6d409605, 9711b12a3f4c0fc73dd257c1e467e6e42155a5f1]
+4.9-upstream-stable: released (4.9.306) [b6a1aec08a84ccb331ce526c051df074150cf3c5, 0db1c4307aded2c5e618654f9341a249e0c1051f, 8edabefdc13294a9b15671937d165b948cf34d69, 0753760184745250e39018bb25ba77557390fe91]
+sid: released (5.16.12-1) [bugfix/x86/bhb/0005-x86-speculation-Use-generic-retpoline-by-default-on-.patch, bugfix/x86/bhb/0006-x86-speculation-Update-link-to-AMD-speculation-white.patch, bugfix/x86/bhb/0007-x86-speculation-Warn-about-Spectre-v2-LFENCE-mitigat.patch, bugfix/x86/bhb/0008-x86-speculation-Warn-about-eIBRS-LFENCE-Unprivileged.patch]
+5.10-bullseye-security: released (5.10.103-1) [bugfix/x86/bhb/0006-x86-speculation-Use-generic-retpoline-by-default-on-.patch, bugfix/x86/bhb/0007-x86-speculation-Update-link-to-AMD-speculation-white.patch, bugfix/x86/bhb/0008-x86-speculation-Warn-about-Spectre-v2-LFENCE-mitigat.patch, bugfix/x86/bhb/0009-x86-speculation-Warn-about-eIBRS-LFENCE-Unprivileged.patch]
+4.19-buster-security: released (4.19.232-1) [bugfix/x86/bhb/0008-x86-speculation-Use-generic-retpoline-by-default-on-.patch, bugfix/x86/bhb/0009-x86-speculation-Update-link-to-AMD-speculation-white.patch, bugfix/x86/bhb/0010-x86-speculation-Warn-about-Spectre-v2-LFENCE-mitigat.patch, bugfix/x86/bhb/0011-x86-speculation-Warn-about-eIBRS-LFENCE-Unprivileged.patch]
+4.9-stretch-security: released (4.9.303-1) [bugfix/x86/bhb/0008-x86-speculation-Use-generic-retpoline-by-default-on-.patch, bugfix/x86/bhb/0009-x86-speculation-Update-link-to-AMD-speculation-white.patch, bugfix/x86/bhb/0010-x86-speculation-Warn-about-Spectre-v2-LFENCE-mitigat.patch, bugfix/x86/bhb/0011-x86-speculation-Warn-about-eIBRS-LFENCE-Unprivileged.patch]
diff --git a/retired/CVE-2021-28711 b/retired/CVE-2021-28711
new file mode 100644
index 00000000..d5df5134
--- /dev/null
+++ b/retired/CVE-2021-28711
@@ -0,0 +1,15 @@
+Description: Rogue backends can cause DoS of guests via high frequency events (blkfront)
+References:
+ https://xenbits.xen.org/xsa/advisory-391.html
+ https://xenbits.xen.org/xsa/xsa391-linux-1.patch
+Notes:
+ carnil> Fixed as well in 5.15.11 for 5.15.y.
+Bugs:
+upstream: released (5.16-rc7) [0fd08a34e8e3b67ec9bd8287ac0facf8374b844a]
+5.10-upstream-stable: released (5.10.88) [8ac3b6ee7c9ff2df7c99624bb1235e2e55623825]
+4.19-upstream-stable: released (4.19.222) [269d7124bcfad2558d2329d0fe603ca20b20d3f4]
+4.9-upstream-stable: released (4.9.294) [25898389795bd85d8e1520c0c75c3ad906c17da7]
+sid: released (5.15.15-1)
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: released (4.9.303-1)
diff --git a/retired/CVE-2021-28712 b/retired/CVE-2021-28712
new file mode 100644
index 00000000..de8b6230
--- /dev/null
+++ b/retired/CVE-2021-28712
@@ -0,0 +1,15 @@
+Description: Rogue backends can cause DoS of guests via high frequency events (netfront)
+References:
+ https://xenbits.xen.org/xsa/advisory-391.html
+ https://xenbits.xen.org/xsa/xsa391-linux-2.patch
+Notes:
+ carnil> Fixed as well in 5.15.11 for 5.15.y.
+Bugs:
+upstream: released (5.16-rc7) [b27d47950e481f292c0a5ad57357edb9d95d03ba]
+5.10-upstream-stable: released (5.10.88) [d31b3379179d64724d3bbfa87bd4ada94e3237de]
+4.19-upstream-stable: released (4.19.222) [3559ca594f15fcd23ed10c0056d40d71e5dab8e5]
+4.9-upstream-stable: released (4.9.294) [99120c8230fdd5e8b72a6e4162db9e1c0a61954a]
+sid: released (5.15.15-1)
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: released (4.9.303-1)
diff --git a/retired/CVE-2021-28713 b/retired/CVE-2021-28713
new file mode 100644
index 00000000..84225079
--- /dev/null
+++ b/retired/CVE-2021-28713
@@ -0,0 +1,15 @@
+Description: Rogue backends can cause DoS of guests via high frequency events (hvc_xen (console))
+References:
+ https://xenbits.xen.org/xsa/advisory-391.html
+ https://xenbits.xen.org/xsa/xsa391-linux-3.patch
+Notes:
+ carnil> For 5.15.y fixed as well in 5.15.11.
+Bugs:
+upstream: released (5.16-rc7) [fe415186b43df0db1f17fa3a46275fd92107fe71]
+5.10-upstream-stable: released (5.10.88) [8fa3a370cc2af858a9ba662ca4f2bd0917550563]
+4.19-upstream-stable: released (4.19.222) [57e46acb3b48ea4e8efb1e1bea2e89e0c6cc43e2]
+4.9-upstream-stable: released (4.9.294) [728389c21176b2095fa58e858d5ef1d2f2aac429]
+sid: released (5.15.15-1)
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: released (4.9.303-1)
diff --git a/retired/CVE-2021-28714 b/retired/CVE-2021-28714
new file mode 100644
index 00000000..d6d8c567
--- /dev/null
+++ b/retired/CVE-2021-28714
@@ -0,0 +1,17 @@
+Description: Guest can force Linux netback driver to hog large amounts of kernel memory
+References:
+ https://xenbits.xen.org/xsa/advisory-392.html
+ https://xenbits.xen.org/xsa/xsa392-linux-1.patch
+Notes:
+ carnil> Commit fixes 1d5d48523900 ("xen-netback: require fewer guest Rx
+ carnil> slots when not using GSO") in 4.3-rc1.
+ carnil> Fixed as well in 5.15.11 for 5.15.y.
+Bugs:
+upstream: released (5.16-rc7) [6032046ec4b70176d247a71836186d47b25d1684]
+5.10-upstream-stable: released (5.10.88) [525875c410df5d876b9615c44885ca7640aed6f2]
+4.19-upstream-stable: released (4.19.222) [1de7644eac41981817fb66b74e0f82ca4477dc9d]
+4.9-upstream-stable: released (4.9.294) [1f66dc775092e5a353e0155fc3aca5dabce77c63]
+sid: released (5.15.15-1)
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: released (4.9.303-1)
diff --git a/retired/CVE-2021-28715 b/retired/CVE-2021-28715
new file mode 100644
index 00000000..27309792
--- /dev/null
+++ b/retired/CVE-2021-28715
@@ -0,0 +1,17 @@
+Description: Guest can force Linux netback driver to hog large amounts of kernel memory
+References:
+ https://xenbits.xen.org/xsa/advisory-392.html
+ https://xenbits.xen.org/xsa/xsa392-linux-2.patch
+Notes:
+ carnil> Commit fixes f48da8b14d04 ("xen-netback: fix unlimited guest Rx
+ carnil> internal queue and carrier flapping").
+ carnil> For 5.15.y fixed as well in 5.15.11.
+Bugs:
+upstream: released (5.16-rc7) [be81992f9086b230623ae3ebbc85ecee4d00a3d3]
+5.10-upstream-stable: released (5.10.88) [88f20cccbeec9a5e83621df5cc2453b5081454dc]
+4.19-upstream-stable: released (4.19.222) [c9f17e92917fd5786be872626a3928979ecc4c39]
+4.9-upstream-stable: released (4.9.294) [b4226b387436315e7f57465c15335f4f4b5b075d]
+sid: released (5.15.15-1)
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: released (4.9.303-1)
diff --git a/active/CVE-2021-28950 b/retired/CVE-2021-28950
index 77319caf..18e926a5 100644
--- a/active/CVE-2021-28950
+++ b/retired/CVE-2021-28950
@@ -10,9 +10,9 @@ Notes:
Bugs:
upstream: released (5.12-rc4) [775c5033a0d164622d9d10dd0f0a5531639ed3ed]
5.10-upstream-stable: released (5.10.25) [d955f13ea2120269319d6133d0dd82b66d1eeca3]
-4.19-upstream-stable: needed
-4.9-upstream-stable: needed
+4.19-upstream-stable: released (4.19.226) [8a8908cb82568c71b672e83d834e8b59ccf75f8e]
+4.9-upstream-stable: released (4.9.298) [fde32bbe9a540af28579da6480fc55cc50099ece]
sid: released (5.10.24-1) [bugfix/all/fuse-fix-live-lock-in-fuse_iget.patch]
5.10-bullseye-security: N/A "Fixed before branching point"
-4.19-buster-security: needed
+4.19-buster-security: released (4.19.232-1)
4.9-stretch-security: released (4.9.272-1) [bugfix/all/fuse-fix-live-lock-in-fuse_iget.patch]
diff --git a/active/CVE-2021-29264 b/retired/CVE-2021-29264
index 625d2bab..14e831ba 100644
--- a/active/CVE-2021-29264
+++ b/retired/CVE-2021-29264
@@ -8,8 +8,8 @@ Bugs:
upstream: released (5.12-rc3) [d8861bab48b6c1fc3cdbcab8ff9d1eaea43afe7f]
5.10-upstream-stable: released (5.10.27) [b8bfda6e08b8a419097eea5a8e57671bc36f9939]
4.19-upstream-stable: released (4.19.184) [9943741c2792a7f1d091aad38f496ed6eb7681c4]
-4.9-upstream-stable: needed
+4.9-upstream-stable: released (4.9.298) [2cf34285e6eac396a180762c5504e2911df88c9a]
sid: released (5.10.28-1)
5.10-bullseye-security: N/A "Fixed before branching point"
4.19-buster-security: released (4.19.194-1)
-4.9-stretch-security: needed
+4.9-stretch-security: released (4.9.303-1)
diff --git a/active/CVE-2021-32078 b/retired/CVE-2021-32078
index 765e9b07..765e9b07 100644
--- a/active/CVE-2021-32078
+++ b/retired/CVE-2021-32078
diff --git a/retired/CVE-2021-32606 b/retired/CVE-2021-32606
index a968e92b..6433359d 100644
--- a/retired/CVE-2021-32606
+++ b/retired/CVE-2021-32606
@@ -5,6 +5,8 @@ References:
Notes:
carnil> Introduced by 921ca574cd38 ("can: isotp: add SF_BROADCAST
carnil> support for functional addressing") in 5.11-rc1.
+ carnil> In 5.10.102 was added both the introducing and fixing commit,
+ carnil> so the issue was never present here.
Bugs:
upstream: released (5.13-rc4) [2b17c400aeb44daf041627722581ade527bb3c1d]
5.10-upstream-stable: N/A "Vulnerable code introduced later"
diff --git a/active/CVE-2021-33033 b/retired/CVE-2021-33033
index 81a9e57c..ce1e7319 100644
--- a/active/CVE-2021-33033
+++ b/retired/CVE-2021-33033
@@ -15,8 +15,8 @@ Bugs:
upstream: released (5.12-rc7) [ad5d07f4a9cd671233ae20983848874731102c08]
5.10-upstream-stable: released (5.10.24) [85178d76febd30a745b7d947dbd9751919d0fa5b]
4.19-upstream-stable: released (4.19.181) [a44af1c69737f9e64d5134c34eb9d5c4c2e04da1]
-4.9-upstream-stable: needed
+4.9-upstream-stable: released (4.9.298) [f49f0e65a95664b648e058aa923f651ec08dfeb7]
sid: released (5.10.24-1)
5.10-bullseye-security: N/A "Fixed before branching point"
4.19-buster-security: released (4.19.181-1)
-4.9-stretch-security: needed
+4.9-stretch-security: released (4.9.303-1)
diff --git a/retired/CVE-2021-33098 b/retired/CVE-2021-33098
new file mode 100644
index 00000000..48b8922e
--- /dev/null
+++ b/retired/CVE-2021-33098
@@ -0,0 +1,17 @@
+Description: ixgbe: fix large MTU request from VF
+References:
+ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00555.html
+Notes:
+ carnil> According to contact upstream 63e39d29b3da ("ixgbe: fix large
+ carnil> MTU request from VF") fixes the specific CVE in question. The
+ carnil> commit itself fixes 872844ddb9e4 ("ixgbe: Enable jumbo frames
+ carnil> support w/ SR-IOV") introduced in 3.8-rc1.
+Bugs:
+upstream: released (5.13-rc4) [63e39d29b3da02e901349f6cd71159818a4737a6]
+5.10-upstream-stable: released (5.10.42) [3cfd11506ed032446358eedf7e31b4defd819d91]
+4.19-upstream-stable: released (4.19.193) [938ffd6d2dd78fb83b9346c9b689e2a3a6fe7174]
+4.9-upstream-stable: needed
+sid: released (5.10.46-1)
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
+4.9-stretch-security: ignored "EOL"
diff --git a/retired/CVE-2021-33135 b/retired/CVE-2021-33135
new file mode 100644
index 00000000..49293fc6
--- /dev/null
+++ b/retired/CVE-2021-33135
@@ -0,0 +1,17 @@
+Description: INTEL-SA-00603
+References:
+ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00603.html
+ https://bugzilla.suse.com/show_bug.cgi?id=1199515
+Notes:
+ carnil> As stated in SuSE bug, no public information but references the
+ carnil> potential upstream commit, which IMHO seems sensible, so
+ carnil> tracking it as it.
+Bugs:
+upstream: released (5.17-rc8) [08999b2489b4c9b939d7483dbd03702ee4576d96
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.16.18-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-33624 b/retired/CVE-2021-33624
index 0cbf2373..3da976cd 100644
--- a/active/CVE-2021-33624
+++ b/retired/CVE-2021-33624
@@ -6,12 +6,15 @@ Notes:
carnil> mispredicted branches") is the main part of the fixes.
carnil> The selftest fixes commit was included in later release as well
carnil> in 5.10.57 but the CVE fixes covered already in 5.10.46.
+ bwh> I think this can be ignored. Privileged users can generally read
+ bwh> kernel memory through kprobes/tracepoints. Unprivileged use of
+ bwh> eBPF is now disabled by default in all Debian suites.
Bugs:
upstream: released (5.13-rc7) [d203b0fd863a2261e5d00b97f3d060c4c2a6db71, fe9a5ca7e370e613a9a75a13008a3845ea759d6e, 9183671af6dbf60a1219371d4ed73e23f43b49db, 973377ffe8148180b2651825b92ae91988141b05]
-5.10-upstream-stable: released (5.10.46) [e9d271731d21647f8f9e9a261582cf47b868589a, 8c82c52d1de931532200b447df8b4fc92129cfd9, 5fc6ed1831ca5a30fb0ceefd5e33c7c689e7627b], (5.10.57) [30ea1c535291e88e41413464277fcf98a95cf8c6]
+5.10-upstream-stable: released (5.10.46) [e9d271731d21647f8f9e9a261582cf47b868589a, 8c82c52d1de931532200b447df8b4fc92129cfd9, 5fc6ed1831ca5a30fb0ceefd5e33c7c689e7627b], released (5.10.57) [30ea1c535291e88e41413464277fcf98a95cf8c6]
4.19-upstream-stable: released (4.19.204) [0abc8c9754c953f5cd0ac7488c668ca8d53ffc90, c510c1845f7b54214b4117272e0d87dff8732af6, 5fc6ed1831ca5a30fb0ceefd5e33c7c689e7627b, c15b387769446c37a892f958b169744dabf7ff23]
4.9-upstream-stable: needed
sid: released (5.10.46-1)
5.10-bullseye-security: N/A "Fixed before branching point"
4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: needed
+4.9-stretch-security: ignored "Too risky to backport, and mitigated by default"
diff --git a/retired/CVE-2021-33631 b/retired/CVE-2021-33631
new file mode 100644
index 00000000..0be43a6b
--- /dev/null
+++ b/retired/CVE-2021-33631
@@ -0,0 +1,12 @@
+Description: ext4: fix kernel BUG in 'ext4_write_inline_data_end()'
+References:
+Notes:
+Bugs:
+upstream: released (6.2-rc1) [5c099c4fdc438014d5893629e70a8ba934433ee8]
+6.1-upstream-stable: released (6.1.4) [74ba281971618a76d5067cad7d8b14d549da5e9a]
+5.10-upstream-stable: released (5.10.177) [3392d67af0a4bf13e7f6ef0cddfc622bc2e8c95e]
+4.19-upstream-stable: released (4.19.280) [53bb0d3e0a3dfc9649add8133f1ecd9c1bc2dd70]
+sid: released (6.1.4-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2021-33655 b/retired/CVE-2021-33655
new file mode 100644
index 00000000..f151faf5
--- /dev/null
+++ b/retired/CVE-2021-33655
@@ -0,0 +1,14 @@
+Description: When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.
+References:
+ https://www.openwall.com/lists/oss-security/2022/07/19/2
+Notes:
+ bwh> One commit is marked for backport to stable branches 4.14+, so I
+ bwh> assume all branches are somewhat affected.
+ bwh> Released in 5.18.11.
+Bugs:
+upstream: released (5.19-rc7) [65a01e601dbba8b7a51a2677811f70f783766682, e64242caef18b4a5840b0e7a9bff37abd4f4f933, 6c11df58fd1ac0aefcb3b227f72769272b939e56]
+5.10-upstream-stable: released (5.10.130) [b727561ddc9360de9631af2d970d8ffed676a750, cecb806c766c78e1be62b6b7b1483ef59bbaeabe, b81212828ad19ab3eccf00626cd04099215060bf]
+4.19-upstream-stable: released (4.19.252) [eae522ed28fe1c00375a8a0081a97dce7996e4d8]
+sid: released (5.18.14-1)
+5.10-bullseye-security: released (5.10.127-2) [bugfix/all/fbmem-check-virtual-screen-sizes-in-fb_set_var.patch, bugfix/all/fbcon-disallow-setting-font-bigger-than-screen-size.patch, bugfix/all/fbcon-prevent-that-screen-size-is-smaller-than-font-.patch]
+4.19-buster-security: released (4.19.260-1)
diff --git a/retired/CVE-2021-33656 b/retired/CVE-2021-33656
new file mode 100644
index 00000000..fc22ae41
--- /dev/null
+++ b/retired/CVE-2021-33656
@@ -0,0 +1,11 @@
+Description: When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds
+References:
+ https://www.openwall.com/lists/oss-security/2022/07/19/3
+Notes:
+Bugs:
+upstream: released (5.12-rc1) [ff2047fb755d4415ec3c70ac799889371151796d]
+5.10-upstream-stable: released (5.10.127) [3acb7dc242ca25eb258493b513ef2f4b0f2a9ad1]
+4.19-upstream-stable: released (4.19.250) [b15d5731b708a2190fec836990b8aefbbf36b07a]
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.127-1)
+4.19-buster-security: released (4.19.260-1)
diff --git a/active/CVE-2021-34556 b/retired/CVE-2021-34556
index 7945edc4..cb6a8f3b 100644
--- a/active/CVE-2021-34556
+++ b/retired/CVE-2021-34556
@@ -3,6 +3,9 @@ References:
https://www.openwall.com/lists/oss-security/2021/08/01/3
https://lore.kernel.org/stable/20210913153537.2162465-1-ovidiu.panait@windriver.com/
Notes:
+ bwh> I think this can be ignored. Privileged users can generally read
+ bwh> kernel memory through kprobes/tracepoints. Unprivileged use of
+ bwh> eBPF is now disabled by default in all Debian suites.
Bugs:
upstream: released (5.14-rc4) [f5e81d1117501546b7be050c5fbafa6efd2c722c, 2039f26f3aca5b0e419b98f65dd36481337b86ee]
5.10-upstream-stable: released (5.10.56) [bea9e2fd180892eba2574711b05b794f1d0e7b73, 0e9280654aa482088ee6ef3deadef331f5ac5fb0]
@@ -11,4 +14,4 @@ upstream: released (5.14-rc4) [f5e81d1117501546b7be050c5fbafa6efd2c722c, 2039f26
sid: released (5.10.46-4) [bugfix/all/bpf-introduce-bpf-nospec-instruction-for-mitigating-.patch, bugfix/all/bpf-fix-leakage-due-to-insufficient-speculative-stor.patch]
5.10-bullseye-security: N/A "Fixed before branching point"
4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: needed
+4.9-stretch-security: ignored "Too risky to backport, and mitigated by default"
diff --git a/retired/CVE-2021-3489 b/retired/CVE-2021-3489
index 33849abc..b0f7717d 100644
--- a/retired/CVE-2021-3489
+++ b/retired/CVE-2021-3489
@@ -4,6 +4,7 @@ References:
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=4b81ccebaeee885ab1aa1438133f2991e3a2b6ea
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=04ea3086c4d73da7009de1e84962a904139af219
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=98a34e93da83e50e197584c7c362668bf12c1d54
+ https://flatt.tech/assets/reports/210401_pwn2own/whitepaper.pdf
Notes:
carnil> Introduced in 5.8-rc1 by 457f44363a88 ("bpf: Implement BPF ring
carnil> buffer and verifier support for it").
diff --git a/active/CVE-2021-34981 b/retired/CVE-2021-34981
index e7f1faa5..e7f1faa5 100644
--- a/active/CVE-2021-34981
+++ b/retired/CVE-2021-34981
diff --git a/active/CVE-2021-3506 b/retired/CVE-2021-3506
index 5748f4e4..5748f4e4 100644
--- a/active/CVE-2021-3506
+++ b/retired/CVE-2021-3506
diff --git a/active/CVE-2021-35477 b/retired/CVE-2021-35477
index 7945edc4..cb6a8f3b 100644
--- a/active/CVE-2021-35477
+++ b/retired/CVE-2021-35477
@@ -3,6 +3,9 @@ References:
https://www.openwall.com/lists/oss-security/2021/08/01/3
https://lore.kernel.org/stable/20210913153537.2162465-1-ovidiu.panait@windriver.com/
Notes:
+ bwh> I think this can be ignored. Privileged users can generally read
+ bwh> kernel memory through kprobes/tracepoints. Unprivileged use of
+ bwh> eBPF is now disabled by default in all Debian suites.
Bugs:
upstream: released (5.14-rc4) [f5e81d1117501546b7be050c5fbafa6efd2c722c, 2039f26f3aca5b0e419b98f65dd36481337b86ee]
5.10-upstream-stable: released (5.10.56) [bea9e2fd180892eba2574711b05b794f1d0e7b73, 0e9280654aa482088ee6ef3deadef331f5ac5fb0]
@@ -11,4 +14,4 @@ upstream: released (5.14-rc4) [f5e81d1117501546b7be050c5fbafa6efd2c722c, 2039f26
sid: released (5.10.46-4) [bugfix/all/bpf-introduce-bpf-nospec-instruction-for-mitigating-.patch, bugfix/all/bpf-fix-leakage-due-to-insufficient-speculative-stor.patch]
5.10-bullseye-security: N/A "Fixed before branching point"
4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: needed
+4.9-stretch-security: ignored "Too risky to backport, and mitigated by default"
diff --git a/active/CVE-2021-3600 b/retired/CVE-2021-3600
index 0fd38bbe..da61317e 100644
--- a/active/CVE-2021-3600
+++ b/retired/CVE-2021-3600
@@ -4,8 +4,11 @@ References:
Notes:
carnil> Introduced by 68fda450a7df ("bpf: fix 32-bit divide by zero")
carnil> in 4.15-rc9 (and was backported to 4.9.79). Though the specifc
- carnil> attach will not work on v4.9.y as pointer arithmetic is
+ carnil> attack will not work on v4.9.y as pointer arithmetic is
carnil> prohibited on those kernels.
+ bwh> For 4.9, commits f6b1b3bf0d5f "bpf: fix subprog verifier bypass by
+ bwh> div/mod by 0 exception" and d405c7407a54 "bpf: allocate 0x06 to new
+ bwh> eBPF instruction class JMP32" etc. need to be applied first.
Bugs:
upstream: released (5.11) [e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90]
5.10-upstream-stable: released (5.10.16) [1d16cc210fabd0a7ebf52d3025f81c2bde054a90]
@@ -14,4 +17,4 @@ upstream: released (5.11) [e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90]
sid: released (5.10.19-1)
5.10-bullseye-security: N/A "Fixed before branching point"
4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: needed
+4.9-stretch-security: ignored "EOL"
diff --git a/active/CVE-2021-3612 b/retired/CVE-2021-3612
index 4059d8f6..a08f3b42 100644
--- a/active/CVE-2021-3612
+++ b/retired/CVE-2021-3612
@@ -16,4 +16,4 @@ upstream: released (5.14-rc1) [f8f84af5da9ee04ef1d271528656dac42a090d00]
sid: released (5.10.46-3) [bugfix/all/Input-joydev-prevent-use-of-not-validated-data-in-JS.patch]
5.10-bullseye-security: N/A "Fixed before branching point"
4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: pending (4.9.290-1)
+4.9-stretch-security: released (4.9.290-1)
diff --git a/active/CVE-2021-3640 b/retired/CVE-2021-3640
index c687c025..9442849a 100644
--- a/active/CVE-2021-3640
+++ b/retired/CVE-2021-3640
@@ -17,6 +17,6 @@ upstream: released (5.16-rc1) [99c23da0eed4fd20cae8243f2b51e10e66aa0951]
4.19-upstream-stable: released (4.19.218) [c1c913f797f3d2441310182ad75b7bd855a327ff]
4.9-upstream-stable: released (4.9.291) [9bbe312ebea40c9b586c2b07a0d0948ff418beca]
sid: released (5.15.3-1)
-5.10-bullseye-security: needed
-4.19-buster-security: needed
-4.9-stretch-security: needed
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: released (4.9.303-1)
diff --git a/active/CVE-2021-3653 b/retired/CVE-2021-3653
index a5abf065..e673fa36 100644
--- a/active/CVE-2021-3653
+++ b/retired/CVE-2021-3653
@@ -10,4 +10,4 @@ upstream: released (5.14-rc7) [0f923e07124df069ba68d8bb12324398f4b6b709]
sid: released (5.14.6-1)
5.10-bullseye-security: released (5.10.46-5) [bugfix/x86/KVM-nSVM-avoid-picking-up-unsupported-bits-from-L2-i.patch]
4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: pending (4.9.290-1)
+4.9-stretch-security: released (4.9.290-1)
diff --git a/active/CVE-2021-3655 b/retired/CVE-2021-3655
index d67cf99b..6da8f0dc 100644
--- a/active/CVE-2021-3655
+++ b/retired/CVE-2021-3655
@@ -11,4 +11,4 @@ upstream: released (5.14-rc1) [0c5dc070ff3d6246d22ddd931f23a6266249e3db, 50619db
sid: released (5.10.46-3) [bugfix/all/sctp-validate-from_addr_param-return.patch, bugfix/all/sctp-add-size-validation-when-walking-chunks.patch]
5.10-bullseye-security: N/A "Fixed before branching point"
4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: pending (4.9.290-1)
+4.9-stretch-security: released (4.9.290-1)
diff --git a/active/CVE-2021-3679 b/retired/CVE-2021-3679
index 901830b0..2c5e1c4a 100644
--- a/active/CVE-2021-3679
+++ b/retired/CVE-2021-3679
@@ -10,4 +10,4 @@ upstream: released (5.14-rc3) [67f0d6d9883c13174669f88adac4f0ee656cc16a]
sid: released (5.14.6-1)
5.10-bullseye-security: released (5.10.46-5) [bugfix/all/tracing-Fix-bug-in-rb_per_cpu_empty-that-might-cause.patch]
4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: pending (4.9.290-1)
+4.9-stretch-security: released (4.9.290-1)
diff --git a/retired/CVE-2021-3714 b/retired/CVE-2021-3714
new file mode 100644
index 00000000..a0f22039
--- /dev/null
+++ b/retired/CVE-2021-3714
@@ -0,0 +1,18 @@
+Description: Remote Page Deduplication Attacks
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1931327
+ https://arxiv.org/pdf/2111.08553.pdf
+Notes:
+ carnil> As per 2022-04-02 not yet much details on the Red Hat bugzila
+ carnil> entry. Asked for some details.
+ bwh> This really sounds like "KSM has timing side-channels", which is
+ bwh> an inherent problem and can only be fixed by not using it.
+Bugs:
+upstream: ignored "inherent problem and can only be fixed by not using KSM"
+5.10-upstream-stable: ignored "inherent problem and can only be fixed by not using KSM"
+4.19-upstream-stable: ignored "inherent problem and can only be fixed by not using KSM"
+4.9-upstream-stable: ignored "inherent problem and can only be fixed by not using KSM"
+sid: ignored "inherent problem and can only be fixed by not using KSM"
+5.10-bullseye-security: ignored "inherent problem and can only be fixed by not using KSM"
+4.19-buster-security: ignored "inherent problem and can only be fixed by not using KSM"
+4.9-stretch-security: ignored "inherent problem and can only be fixed by not using KSM"
diff --git a/active/CVE-2021-37159 b/retired/CVE-2021-37159
index e87545c3..4469c7dc 100644
--- a/active/CVE-2021-37159
+++ b/retired/CVE-2021-37159
@@ -22,4 +22,4 @@ upstream: released (5.14-rc3) [a6ecfb39ba9d7316057cea823b196b734f6b18ca]
sid: released (5.14.6-1)
5.10-bullseye-security: released (5.10.70-1)
4.19-buster-security: released (4.19.208-1) [bugfix/all/usb-hso-fix-error-handling-code-of-hso_create_net_de.patch]
-4.9-stretch-security: pending (4.9.290-1)
+4.9-stretch-security: released (4.9.290-1)
diff --git a/active/CVE-2021-3732 b/retired/CVE-2021-3732
index 9f9f6fea..0e2eac14 100644
--- a/active/CVE-2021-3732
+++ b/retired/CVE-2021-3732
@@ -10,4 +10,4 @@ upstream: released (5.14-rc6) [427215d85e8d1476da1a86b8d67aceb485eb3631]
sid: released (5.14.6-1)
5.10-bullseye-security: released (5.10.46-5) [bugfix/all/ovl-prevent-private-clone-if-bind-mount-is-not-allow.patch]
4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: pending (4.9.290-1)
+4.9-stretch-security: released (4.9.290-1)
diff --git a/active/CVE-2021-3736 b/retired/CVE-2021-3736
index de49c62b..de49c62b 100644
--- a/active/CVE-2021-3736
+++ b/retired/CVE-2021-3736
diff --git a/active/CVE-2021-3744 b/retired/CVE-2021-3744
index 50ef7085..47438db1 100644
--- a/active/CVE-2021-3744
+++ b/retired/CVE-2021-3744
@@ -11,6 +11,6 @@ upstream: released (5.15-rc4) [505d9dcb0f7ddf9d075e729523a33d38642ae680]
4.19-upstream-stable: released (4.19.209) [710be7c42d2f724869e5b18b21998ceddaffc4a9]
4.9-upstream-stable: N/A "Vulnerability introduced later"
sid: released (5.14.12-1)
-5.10-bullseye-security: needed
-4.19-buster-security: needed
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.232-1)
4.9-stretch-security: N/A "Vulnerability introduced later"
diff --git a/retired/CVE-2021-3752 b/retired/CVE-2021-3752
new file mode 100644
index 00000000..dd73c677
--- /dev/null
+++ b/retired/CVE-2021-3752
@@ -0,0 +1,18 @@
+Description: UAF in bluetooth
+References:
+ https://www.openwall.com/lists/oss-security/2021/09/15/4
+ https://bugzilla.suse.com/show_bug.cgi?id=1190023
+ https://lore.kernel.org/lkml/20210714031733.1395549-1-bobo.shaobowang@huawei.com/
+Notes:
+ carnil> With the presence of 3af70b39fa2d ("Bluetooth: check for zapped
+ carnil> sk before connecting") in 5.13-rc1 (and 5.10.38, 4.19.191) this
+ carnil> bug is not easy to trigger itself.
+Bugs:
+upstream: released (5.16-rc1) [1bff51ea59a9afb67d2dd78518ab0582a54a472c]
+5.10-upstream-stable: released (5.10.80) [c10465f6d6208db2e45a6dac1db312b9589b2583]
+4.19-upstream-stable: released (4.19.218) [72bb30165337b7bce77578ad151fbfab6c8e693c]
+4.9-upstream-stable: released (4.9.291) [d19ea7da0eeb61be28ec05d8b8bddec3dde71610]
+sid: released (5.15.3-1)
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: released (4.9.303-1)
diff --git a/active/CVE-2021-3753 b/retired/CVE-2021-3753
index 1ca34818..b045608c 100644
--- a/active/CVE-2021-3753
+++ b/retired/CVE-2021-3753
@@ -10,4 +10,4 @@ upstream: released (5.15-rc1) [2287a51ba822384834dafc1c798453375d1107c7]
sid: released (5.14.6-1)
5.10-bullseye-security: released (5.10.46-5) [bugfix/all/vt_kdsetmode-extend-console-locking.patch]
4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: pending (4.9.290-1)
+4.9-stretch-security: released (4.9.290-1)
diff --git a/active/CVE-2021-3760 b/retired/CVE-2021-3760
index 7c13164f..fbf47f7e 100644
--- a/active/CVE-2021-3760
+++ b/retired/CVE-2021-3760
@@ -13,6 +13,6 @@ upstream: released (5.15-rc6) [1b1499a817c90fd1ce9453a2c98d2a01cca0e775]
4.19-upstream-stable: released (4.19.214) [1ac0d736c8ae9b59ab44e4e80ad73c8fba5c6132]
4.9-upstream-stable: released (4.9.288) [8a44904ce83ebcb1281b04c8d37ad7f8ab537a3d]
sid: released (5.14.16-1)
-5.10-bullseye-security: needed
-4.19-buster-security: needed
-4.9-stretch-security: pending (4.9.290-1)
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: released (4.9.290-1)
diff --git a/active/CVE-2021-3764 b/retired/CVE-2021-3764
index 0b2db503..437f5019 100644
--- a/active/CVE-2021-3764
+++ b/retired/CVE-2021-3764
@@ -11,6 +11,6 @@ upstream: released (5.15-rc4) [505d9dcb0f7ddf9d075e729523a33d38642ae680]
4.19-upstream-stable: released (4.19.209) [710be7c42d2f724869e5b18b21998ceddaffc4a9]
4.9-upstream-stable: N/A "Vulnerability introduced later"
sid: released (5.14.12-1)
-5.10-bullseye-security: needed
-4.19-buster-security: needed
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.232-1)
4.9-stretch-security: N/A "Vulnerability introduced later"
diff --git a/active/CVE-2021-3772 b/retired/CVE-2021-3772
index e2c10413..90a5b95b 100644
--- a/active/CVE-2021-3772
+++ b/retired/CVE-2021-3772
@@ -1,14 +1,22 @@
Description: Invalid chunks may be used to remotely remove existing associations
References:
https://bugzilla.redhat.com/show_bug.cgi?id=2000694
+ https://lore.kernel.org/stable/20220315132009.2080417-1-ovidiu.panait@windriver.com/
+ https://lore.kernel.org/stable/20220315132510.2088935-1-ovidiu.panait@windriver.com/
Notes:
carnil> Fixed as well in 5.14.16 for 5.14.y series.
+ carnil> One comit was missing in the initial 5.10.y series, the
+ carnil> backport of eae578390804 ("sctp: fix the processing for INIT
+ carnil> chunk"). Two commits were missing in the 4.19.y series
+ carnil> initially, eae578390804 ("sctp: fix the processing for INIT
+ carnil> chunk") and 438b95a7c98f ("sctp: fix the processing for
+ carnil> INIT_ACK chunk").
Bugs:
upstream: released (5.15) [4f7019c7eb33967eb87766e0e4602b5576873680, eae5783908042a762c24e1bd11876edb91d314b1, 438b95a7c98f77d51cbf4db021f41b602d750a3f, a64b341b8695e1c744dd972b39868371b4f68f83, aa0f697e45286a6b5f0ceca9418acf54b9099d99, ef16b1734f0a176277b7bb9c71a6d977a6ef3998, 9d02831e517aa36ee6bdb453a0eb47bd49923fe3]
-5.10-upstream-stable: released (5.10.77) [ad111d4435d85fd3eeb2c09692030d89f8862401, 8c50693d25e4ab6873b32bc3cea23b382a94d05f, dad2486414b5c81697aa5a24383fbb65fad13cae, 14c1e02b11c2233343573aff90766ef8472f27e7, c2442f721972ea7c317fbfd55c902616b3151ad5, a7112b8eeb14b3db21bc96abc79ca7525d77e129]
-4.19-upstream-stable: released (4.19.215) [1f52dfacca7bb315d89f5ece5660b0337809798e, 86044244fc6f9eaec0070cb668e0d500de22dbba, 7bf2f6a30d1851c530ad5e4ee7e5c45fb6be0128, d9a4f990aab48dd5c134a9e76c7b651d404b05d3, 1ff3c379248ea579aa122d4ca245028e4bc9af23]
-4.9-upstream-stable: released (4.9.289) [42ce7a69f8140783bab908dc29a93c0bcda315d5, 16d0bfb045abf587c72d46dfea56c20c4aeda927]
+5.10-upstream-stable: released (5.10.77) [ad111d4435d85fd3eeb2c09692030d89f8862401, 8c50693d25e4ab6873b32bc3cea23b382a94d05f, dad2486414b5c81697aa5a24383fbb65fad13cae, 14c1e02b11c2233343573aff90766ef8472f27e7, c2442f721972ea7c317fbfd55c902616b3151ad5, a7112b8eeb14b3db21bc96abc79ca7525d77e129], released (5.10.107) [6056abc99b58fe55033577f3ad6e28d001a27641]
+4.19-upstream-stable: released (4.19.215) [1f52dfacca7bb315d89f5ece5660b0337809798e, 86044244fc6f9eaec0070cb668e0d500de22dbba, 7bf2f6a30d1851c530ad5e4ee7e5c45fb6be0128, d9a4f990aab48dd5c134a9e76c7b651d404b05d3, 1ff3c379248ea579aa122d4ca245028e4bc9af23], released (4.19.236) [59e2c108bf5ff90db5310ce749f57e37f6d3da38, 0ad6f021f6c354ab8daf29ec10f3c2340918d5d3]
+4.9-upstream-stable: released (4.9.289) [42ce7a69f8140783bab908dc29a93c0bcda315d5, 16d0bfb045abf587c72d46dfea56c20c4aeda927], needed
sid: released (5.14.16-1)
-5.10-bullseye-security: needed
-4.19-buster-security: needed
-4.9-stretch-security: needed
+5.10-bullseye-security: released (5.10.84-1), released (5.10.113-1)
+4.19-buster-security: released (4.19.232-1), released (4.19.235-1)
+4.9-stretch-security: ignored "EOL"
diff --git a/active/CVE-2021-38160 b/retired/CVE-2021-38160
index 2672c223..a988ef0d 100644
--- a/active/CVE-2021-38160
+++ b/retired/CVE-2021-38160
@@ -9,4 +9,4 @@ upstream: released (5.14-rc1) [d00d8da5869a2608e97cfede094dfc5e11462a46]
sid: released (5.14.6-1)
5.10-bullseye-security: released (5.10.46-5) [bugfix/all/virtio_console-Assure-used-length-from-device-is-lim.patch]
4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: pending (4.9.290-1)
+4.9-stretch-security: released (4.9.290-1)
diff --git a/active/CVE-2021-38198 b/retired/CVE-2021-38198
index 8861f771..f03fc8a1 100644
--- a/active/CVE-2021-38198
+++ b/retired/CVE-2021-38198
@@ -1,12 +1,14 @@
Description: KVM: X86: MMU: Use the correct inherited permissions to get shadow page
References:
Notes:
+ bwh> For 4.9, commit 0780516a18f8 "KVM: nVMX: fix EPT permissions as reported
+ bwh> in exit qualification" needs to be applied first.
Bugs:
upstream: released (5.13-rc6) [b1bd5cba3306691c771d558e94baa73e8b0b96b7]
5.10-upstream-stable: released (5.10.44) [6b6ff4d1f349cb35a7c7d2057819af1b14f80437]
4.19-upstream-stable: released (4.19.204) [4c07e70141eebd3db64297515a427deea4822957]
-4.9-upstream-stable: needed
+4.9-upstream-stable: released (4.9.299) [e262acbda232b6a2a9adb53f5d2b2065f7626625]
sid: released (5.10.46-1)
5.10-bullseye-security: N/A "Fixed before branching point"
4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: needed
+4.9-stretch-security: released (4.9.290-1) [bugfix/x86/kvm-x86-mmu-use-the-correct-inherited-permissions-to.patch]
diff --git a/active/CVE-2021-38199 b/retired/CVE-2021-38199
index 24152b54..14d0c23a 100644
--- a/active/CVE-2021-38199
+++ b/retired/CVE-2021-38199
@@ -5,8 +5,8 @@ Bugs:
upstream: released (5.14-rc1) [dd99e9f98fbf423ff6d365b37a98e8879170f17c]
5.10-upstream-stable: released (5.10.52) [ff4023d0194263a0827c954f623c314978cf7ddd]
4.19-upstream-stable: released (4.19.198) [743f6b973c8ba8a0a5ed15ab11e1d07fa00d5368]
-4.9-upstream-stable: needed
+4.9-upstream-stable: released (4.9.299) [993892ed82350d0b4eb7d321d2bb225219bd1cfc]
sid: released (5.14.6-1)
5.10-bullseye-security: released (5.10.46-5) [bugfix/all/NFSv4-Initialise-connection-to-the-server-in-nfs4_al.patch]
4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: needed
+4.9-stretch-security: released (4.9.290-1) [bugfix/all/nfsv4-initialise-connection-to-the-server-in-nfs4_al.patch]
diff --git a/active/CVE-2021-38204 b/retired/CVE-2021-38204
index 149620f2..8464c95d 100644
--- a/active/CVE-2021-38204
+++ b/retired/CVE-2021-38204
@@ -10,4 +10,4 @@ upstream: released (5.14-rc3) [b5fdf5c6e6bee35837e160c00ac89327bdad031b]
sid: released (5.14.6-1)
5.10-bullseye-security: released (5.10.70-1)
4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: pending (4.9.290-1)
+4.9-stretch-security: released (4.9.290-1)
diff --git a/active/CVE-2021-38205 b/retired/CVE-2021-38205
index 76baf676..4bdb7399 100644
--- a/active/CVE-2021-38205
+++ b/retired/CVE-2021-38205
@@ -10,4 +10,4 @@ upstream: released (5.14-rc1) [d0d62baa7f505bd4c59cd169692ff07ec49dde37]
sid: released (5.14.6-1)
5.10-bullseye-security: released (5.10.70-1)
4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: pending (4.9.290-1)
+4.9-stretch-security: released (4.9.290-1)
diff --git a/active/CVE-2021-38300 b/retired/CVE-2021-38300
index 9a6bd2c7..1cefd8be 100644
--- a/active/CVE-2021-38300
+++ b/retired/CVE-2021-38300
@@ -12,5 +12,5 @@ upstream: released (5.15-rc4) [37cb28ec7d3a36a5bace7063a3dba633ab110f8b]
4.9-upstream-stable: needed
sid: released (5.14.6-1) [bugfix/mipsel/bpf-mips-Validate-conditional-branch-offsets.patch]
5.10-bullseye-security: released (5.10.70-1) [bugfix/mipsel/bpf-mips-Validate-conditional-branch-offsets.patch]
-4.19-buster-security: needed
+4.19-buster-security: released (4.19.232-1)
4.9-stretch-security: ignored "mips not supported in LTS"
diff --git a/retired/CVE-2021-3894 b/retired/CVE-2021-3894
new file mode 100644
index 00000000..a7e82638
--- /dev/null
+++ b/retired/CVE-2021-3894
@@ -0,0 +1,20 @@
+Description: sctp: local DoS: unprivileged user can cause BUG()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2014970
+Notes:
+ carnil> Likely it is commit a2d859e3fc97 ("sctp: account stream padding
+ carnil> length for reconf chunk")
+ carnil> And in case this is the correct fix, are CVE-2021-3894 and
+ carnil> CVE-2022-0322 dubplicates?
+ carnil> Around 2022-08-23 the CVE has been rejected byt the assigning
+ carnil> CNA as it was a duplicate of CVE-2022-0322:
+ carnil> https://bugzilla.redhat.com/show_bug.cgi?id=2014970#c17
+Bugs:
+upstream: released (5.15-rc6) [a2d859e3fc97e79d907761550dbc03ff1b36479c]
+5.10-upstream-stable: released (5.10.75) [d84a69ac410f6228873d05d35120f6bdddab7fc3]
+4.19-upstream-stable: released (4.19.213) [c57fdeff69b152185fafabd37e6bfecfce51efda]
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.16-1)
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-3923 b/retired/CVE-2021-3923
new file mode 100644
index 00000000..49ae6815
--- /dev/null
+++ b/retired/CVE-2021-3923
@@ -0,0 +1,12 @@
+Description: stack information leak in infiniband RDMA
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2019643
+Notes:
+Bugs:
+upstream: released (5.16) [b35a0f4dd544eaa6162b6d2f13a2557a121ae5fd]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.91) [beeb0fdedae802a7fb606e955a81a56a2e3bbac1]
+4.19-upstream-stable: released (4.19.225) [153843e270459b08529f80a0a0d8258d91597594]
+sid: released (5.15.15-1)
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/retired/CVE-2021-39633 b/retired/CVE-2021-39633
new file mode 100644
index 00000000..34e38240
--- /dev/null
+++ b/retired/CVE-2021-39633
@@ -0,0 +1,15 @@
+Description: ip_gre: add validation for csum_start
+References:
+ https://source.android.com/security/bulletin/2022-01-01
+Notes:
+ carnil> Commit fixes c54419321455 ("GRE: Refactor GRE tunneling code.")
+ carnil> in 3.10-rc1.
+Bugs:
+upstream: released (5.14) [1d011c4803c72f3907eccfc1ec63caefb852fcbf]
+5.10-upstream-stable: released (5.10.62) [fb45459d9ddb1edd4a8b087bafe875707753cb10]
+4.19-upstream-stable: released (4.19.206) [c33471daf2763c5aee2b7926202c74b75c365119]
+4.9-upstream-stable: released (4.9.282) [41d5dfa408130433cc5f037ad89bed854bf936f7]
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.70-1)
+4.19-buster-security: released (4.19.208-1)
+4.9-stretch-security: released (4.9.290-1)
diff --git a/retired/CVE-2021-39634 b/retired/CVE-2021-39634
new file mode 100644
index 00000000..f5913a7c
--- /dev/null
+++ b/retired/CVE-2021-39634
@@ -0,0 +1,13 @@
+Description: epoll: do not insert into poll queues until all sanity checks are done
+References:
+ https://source.android.com/security/bulletin/2022-01-01
+Notes:
+Bugs:
+upstream: released (5.9-rc8) [f8d4f44df056c5b504b0d49683fb7279218fd207]
+5.10-upstream-stable: N/A "Fixed before branching point"
+4.19-upstream-stable: released (4.19.150) [3e3bbc4d23eeb90bf282e98c7dfeca7702df3169]
+4.9-upstream-stable: released (4.9.239) [ea984dfe0e7978cd294eb6a640ac27fa1834ac8d]
+sid: released (5.8.14-1)
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.152-1)
+4.9-stretch-security: released (4.9.240-1)
diff --git a/retired/CVE-2021-39636 b/retired/CVE-2021-39636
new file mode 100644
index 00000000..e89c4a46
--- /dev/null
+++ b/retired/CVE-2021-39636
@@ -0,0 +1,19 @@
+Description: netfilter: Kernel info leaks from various modules
+References:
+ https://source.android.com/security/bulletin/pixel/2021-12-01
+Notes:
+ carnil> This one seems a bit compliated to track, the commits from the
+ carnil> pixel/2021-12-01 are spread over two versions. But it's not
+ carnil> very clear to what CVE-2021-39636 is referring to, assuming it
+ carnil> is for the pointer leak to userspace?
+ bwh> Pretty sure this is about leaking pointers. The last 2 commits
+ bwh> are fixing that and the first 3 are dependencies for the fix.
+Bugs:
+upstream: released (4.11-rc1) [f32815d21d4d8287336fb9cef4d2d9e0866214c2, f77bc5b23fb1af51fc0faa8a479dea8969eb5079, e47ddb2c4691fd2bd8d25745ecb6848408899757, ec23189049651b16dc2ffab35a4371dc1f491aca], released (4.16-rc1) [1e98ffea5a8935ec040ab72299e349cb44b8defd]
+5.10-upstream-stable: N/A "Fixed before branch point"
+4.19-upstream-stable: N/A "Fixed before branch point"
+4.9-upstream-stable: needed
+sid: released (4.16.5-1)
+5.10-bullseye-security: N/A "Fixed before branch point"
+4.19-buster-security: N/A "Fixed before branch point"
+4.9-stretch-security: ignored "EOL"
diff --git a/retired/CVE-2021-39648 b/retired/CVE-2021-39648
new file mode 100644
index 00000000..9940a8b2
--- /dev/null
+++ b/retired/CVE-2021-39648
@@ -0,0 +1,13 @@
+Description: usb: gadget: configfs: Fix use-after-free issue with udc_name
+References:
+ https://source.android.com/security/bulletin/pixel/2021-12-01
+Notes:
+Bugs:
+upstream: released (5.11-rc3) [64e6bbfff52db4bf6785fab9cffab850b2de6870]
+5.10-upstream-stable: released (5.10.7) [a4b202cba3ab1a7a8b1ca92603931fba5e2032c3]
+4.19-upstream-stable: released (4.19.167) [83b74059fdf1c4fa6ed261725e6f301552ad23f7]
+4.9-upstream-stable: released (4.9.251) [225330e682fa9aaa152287b49dea1ce50fbe0a92]
+sid: released (5.10.9-1)
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.171-1)
+4.9-stretch-security: released (4.9.258-1)
diff --git a/retired/CVE-2021-39656 b/retired/CVE-2021-39656
new file mode 100644
index 00000000..7b3dd00a
--- /dev/null
+++ b/retired/CVE-2021-39656
@@ -0,0 +1,13 @@
+Description: configfs: fix a use-after-free in __configfs_open_file
+References:
+ https://source.android.com/security/bulletin/pixel/2021-12-01
+Notes:
+Bugs:
+upstream: released (5.12-rc3) [14fbbc8297728e880070f7b077b3301a8c698ef9]
+5.10-upstream-stable: released (5.10.24) [109720342efd6ace3d2e8f34a25ea65036bb1d3b]
+4.19-upstream-stable: released (4.19.181) [9123463620132ada85caf5dc664b168f480b0cc4]
+4.9-upstream-stable: released (4.9.262) [6f5c47f0faed69f2e78e733fb18261854979e79f]
+sid: released (5.10.24-1)
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.181-1)
+4.9-stretch-security: released (4.9.272-1)
diff --git a/retired/CVE-2021-39657 b/retired/CVE-2021-39657
new file mode 100644
index 00000000..4cc51d90
--- /dev/null
+++ b/retired/CVE-2021-39657
@@ -0,0 +1,13 @@
+Description: scsi: ufs: Correct the LUN used in eh_device_reset_handler() callback
+References:
+ https://source.android.com/security/bulletin/pixel/2021-12-01
+Notes:
+Bugs:
+upstream: released (5.11-rc4) [35fc4cd34426c242ab015ef280853b7bff101f48]
+5.10-upstream-stable: released (5.10.11) [2536194bb3b099cc9a9037009b86e7ccfb81461c]
+4.19-upstream-stable: released (4.19.171) [b397fcae2207963747c6f947ef4d06575553eaef]
+4.9-upstream-stable: released (4.9.254) [7bbac19e604b2443c93f01c3259734d53f776dbf]
+sid: released (5.10.12-1)
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.171-1)
+4.9-stretch-security: released (4.9.258-1)
diff --git a/retired/CVE-2021-39685 b/retired/CVE-2021-39685
new file mode 100644
index 00000000..5229b871
--- /dev/null
+++ b/retired/CVE-2021-39685
@@ -0,0 +1,14 @@
+Description: Linux Kernel USB Gadget buffer overflow
+References:
+ https://www.openwall.com/lists/oss-security/2021/12/15/4
+Notes:
+ carnil> Fixed as well in 5.15.8 for 5.15.y.
+Bugs:
+upstream: released (5.16-rc5) [153a2d7e3350cc89d406ba2d35be8793a64c2038, 86ebbc11bb3f60908a51f3e41a17e3f477c2eaa3]
+5.10-upstream-stable: released (5.10.85) [7193ad3e50e596ac2192531c58ba83b9e6d2444b, e4de8ca013f06ad4a0bf40420a291c23990e4131]
+4.19-upstream-stable: released (4.19.221) [13e45e7a262dd96e8161823314679543048709b9, 32de5efd483db68f12233fbf63743a2d92f20ae4]
+4.9-upstream-stable: released (4.9.293) [d2ca6859ea96c6d4c6ad3d6873a308a004882419, e4de8ca013f06ad4a0bf40420a291c23990e4131]
+sid: released (5.15.5-2) [bugfix/all/USB-gadget-detect-too-big-endpoint-0-requests.patch, bugfix/all/USB-gadget-zero-allocate-endpoint-0-buffers.patch]
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: released (4.9.303-1)
diff --git a/retired/CVE-2021-39686 b/retired/CVE-2021-39686
new file mode 100644
index 00000000..866327d4
--- /dev/null
+++ b/retired/CVE-2021-39686
@@ -0,0 +1,13 @@
+Description:
+References:
+ https://source.android.com/security/bulletin/2022-03-01
+Notes:
+Bugs:
+upstream: released (5.16-rc1) [29bc22ac5e5bc63275e850f0c8fc549e3d0e306b, 52f88693378a58094c538662ba652aff0253c4fe, 4d5b5539742d2554591751b4248b0204d20dcc9d, c21a80ca0684ec2910344d72556c816cb8940c01]
+5.10-upstream-stable: released (5.10.80) [bd9cea41ac6e08f615030dea28b23e12b7a2674f, 0d9f4ae7cd6f5283dd0e343265268c695ef592b0, afbec52fbce006a775edb21f87ccae713bc0e7d6], released (5.10.83) [4402cf0402526f7c5befa97481be13b131797838]
+4.19-upstream-stable: released (4.19.218) [5d40061285b81a7e213dc9b37acc4a0545eedf32, e82f3f9638f17d58e9a217bce127e2376aefcb9d], released (4.19.219) [c3b9f29fca6682550d731c80745b421415c1e0af]
+4.9-upstream-stable: released (4.9.291) [443fc43d2fdbf55be7aa86faae1f7655e761e683, 22d4a6dacee058b58640ef8109b0c8fc5d1b80e2], released (4.9.292) [404fb1097298690b1d7d1c59eab806bbdd757267]
+sid: released (5.15.15-1)
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: released (4.9.303-1)
diff --git a/retired/CVE-2021-39698 b/retired/CVE-2021-39698
new file mode 100644
index 00000000..1cd1d5fb
--- /dev/null
+++ b/retired/CVE-2021-39698
@@ -0,0 +1,13 @@
+Description:
+References:
+ https://source.android.com/security/bulletin/2022-03-01
+Notes:
+Bugs:
+upstream: released (5.16-rc5) [42288cb44c4b5fff7653bc392b583a2b8bd6a8c0, a880b28a71e39013e357fd3adccd1d8a31bc69a8, 9537bae0da1f8d1e2361ab6d0479e8af7824e160, 363bee27e25804d8981dd1c025b4ad49dc39c530, 50252e4b5e989ce64555c7aef7516bdefc2fea72]
+5.10-upstream-stable: released (5.10.85) [8e04c8397bf98235b1aa41153717de7a05e652a2, 9f3acee7eac8d8690134b09ba55e2c12164d24ae, fc2f636ffc446d8e9530e441897f877922269051, e4d19740bccab792f16c7ca6fd1f9aea06193cb2, 47ffefd88abfffe8a040bcc1dd0554d4ea6f7689]
+4.19-upstream-stable: released (4.19.221) [8dd7c46a59756bdc29cb9783338b899cd3fb4b83, 32288f504035b6c359cc33ee615f74f14be2e38a, f226fdd855b7d9c1f2a6e878d82eb3e1fbc880e9, 580c7e023303ce3a187adcaa40868bfc740725d2, 321fba81ec034f88aea4898993c1bf15605c023f]
+4.9-upstream-stable: released (4.9.293) [0e92a7e47a0411d5208990c83a3d200515e314e8, 0487ea896e62b5a90a81ac6e73c35e595d77f499, 5ecb4e93d70a21f3b7094029986ef0c3e321f56c]
+sid: released (5.15.15-1)
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: released (4.9.303-1)
diff --git a/retired/CVE-2021-39711 b/retired/CVE-2021-39711
new file mode 100644
index 00000000..2700d1e0
--- /dev/null
+++ b/retired/CVE-2021-39711
@@ -0,0 +1,15 @@
+Description:
+References:
+ https://source.android.com/security/bulletin/pixel/2022-03-01
+Notes:
+ bwh> Introduced in 4.12 by commit 1cf1cae963c2 "bpf: introduce
+ bwh> BPF_PROG_TEST_RUN command".
+Bugs:
+upstream: released (4.18-rc6) [6e6fddc78323533be570873abb728b7e0ba7e024]
+5.10-upstream-stable: N/A "Fixed before branching point"
+4.19-upstream-stable: N/A "Fixed before branching point"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (4.18.6-1)
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Fixed before branching point"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-39713 b/retired/CVE-2021-39713
new file mode 100644
index 00000000..bf997325
--- /dev/null
+++ b/retired/CVE-2021-39713
@@ -0,0 +1,22 @@
+Description:
+References:
+ https://source.android.com/security/bulletin/pixel/2022-03-01
+ https://syzkaller.appspot.com/bug?id=d7e411c5472dd5da33d8cc921ccadc747743a568
+Notes:
+ bwh> This is puzzling. The UAF occurs in net/sched/cls_api.c where
+ bwh> all access to the qdisc state seems to be protected by the RTNL
+ bwh> already, so it's not clear why switching to RCU protection would
+ bwh> help. The syzkaller-generated reproducer also didn't work for me.
+ bwh> So I can't tell whether 4.9 might also be affected.
+ carnil> For 4.9.y this has a separate backport, cf.
+ carnil> https://lore.kernel.org/netdev/YnE%2FQ3SwZuG9HQNv@quatroqueijos/T/#t
+ carnil> which is applied.
+Bugs:
+upstream: released (4.20-rc1) [e368fdb61d8e7c67ac70791b23345b26d7bbc661, 9d7e82cec35c027756ec97e274f878251f271181, 3a7d0d07a386716b459b00783b11a8211cefcc0f, 86bd446b5cebd783187ea3772ff258210de77d99, 6f99528e9797794b91b43321fbbc93fe772b0803]
+5.10-upstream-stable: N/A "Fixed before branching point"
+4.19-upstream-stable: released (4.19.221) [ae214e04b95ff64a4b0e9aab6742520bfde6ff0c, da1d324088c40fa0a382224c466175fc5c704106, f602ed9f8574512e7ea1ab65c3db7ba71053bf27, 92833e8b5db6c209e9311ac8c6a44d3bf1856659, cd25f1099284a0cbe916344fc1e6c1ffed6c5306]
+4.9-upstream-stable: released (4.9.313) [2b29404f4eea7da878a8a8c5b301d9adf6f56d55]
+sid: released (5.2.6-1)
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: released (4.9.320-2)
diff --git a/retired/CVE-2021-39714 b/retired/CVE-2021-39714
new file mode 100644
index 00000000..52109ef2
--- /dev/null
+++ b/retired/CVE-2021-39714
@@ -0,0 +1,16 @@
+Description:
+References:
+ https://source.android.com/security/bulletin/pixel/2022-03-01
+Notes:
+ carnil> ion driver removing from the tree in 5.11-rc1. Earlier the
+ carnil> affected code was removed with e3b914bc7eb6 ("staging: android:
+ carnil> ion: Drop ion_map_kernel interface") in 4.12-rc1.
+Bugs:
+upstream: released (4.12-rc1) [e3b914bc7eb6bcecc5b597ee6e31fc40442c291f]
+5.10-upstream-stable: N/A "Fixed before branching point"
+4.19-upstream-stable: N/A "Fixed before branching point"
+4.9-upstream-stable: released (4.9.292) [16b34e53eaadda6cbb1f0452fd99700c44db23be]
+sid: released (4.12.6-1)
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Fixed before branching point"
+4.9-stretch-security: released (4.9.303-1)
diff --git a/retired/CVE-2021-39802 b/retired/CVE-2021-39802
new file mode 100644
index 00000000..643a5eb5
--- /dev/null
+++ b/retired/CVE-2021-39802
@@ -0,0 +1,25 @@
+Description: ANDROID: mm: Incorrect page permission management
+References:
+ https://source.android.com/security/bulletin/2022-04-01
+ https://android.googlesource.com/kernel/common/+/ac4488815518c
+ https://android.googlesource.com/kernel/common/+/b44e46bb047d1
+ https://android.googlesource.com/kernel/common/+/67d075d23a8bc
+ https://android.googlesource.com/kernel/common/+/6f9aba5a20b84
+ https://bugzilla.suse.com/show_bug.cgi?id=1198445
+ https://lore.kernel.org/all/CAHk-=wj4KCujAH_oPh40Bkp48amM4MXr+8AcbZ=qd5LF4Q+TDg@mail.gmail.com/#t
+Notes:
+ carnil> Unclear if this is Android specific. If so we might just drop
+ carnil> this entry.
+ carnil> this is probably not an issue in mainline, the propblematic
+ carnil> patch introducing the vulnerability was not merged in Linus
+ carnil> tree, cf. https://lore.kernel.org/all/CAHk-=wj4KCujAH_oPh40Bkp48amM4MXr+8AcbZ=qd5LF4Q+TDg@mail.gmail.com/#t
+ bwh> This is indeed Android-specific.
+Bugs:
+upstream: N/A "Vulnerability never present"
+5.10-upstream-stable: N/A "Vulnerability never present"
+4.19-upstream-stable: N/A "Vulnerability never present"
+4.9-upstream-stable: N/A "Vulnerability never present"
+sid: N/A "Vulnerability never present"
+5.10-bullseye-security: N/A "Vulnerability never present"
+4.19-buster-security: N/A "Vulnerability never present"
+4.9-stretch-security: N/A "Vulnerability never present"
diff --git a/active/CVE-2021-4001 b/retired/CVE-2021-4001
index b8d17d81..ab0035dd 100644
--- a/active/CVE-2021-4001
+++ b/retired/CVE-2021-4001
@@ -8,10 +8,10 @@ Notes:
carnil> For 5.15.y series fixed in 5.15.5.
Bugs:
upstream: released (5.16-rc2) [353050be4c19e102178ccc05988101887c25ae53]
-5.10-upstream-stable: needed
+5.10-upstream-stable: released (5.10.83) [33fe044f6a9e8977686a6a09f0bf33e5cc75257e]
4.19-upstream-stable: N/A "Vulnerable code introduced later"
4.9-upstream-stable: N/A "Vulnerable code introduced later"
sid: released (5.15.5-1)
-5.10-bullseye-security: needed
+5.10-bullseye-security: released (5.10.84-1)
4.19-buster-security: N/A "Vulnerable code introduced later"
4.9-stretch-security: N/A "Vulnerable code introduced later"
diff --git a/active/CVE-2021-4002 b/retired/CVE-2021-4002
index 81ee9ce4..307fe96a 100644
--- a/active/CVE-2021-4002
+++ b/retired/CVE-2021-4002
@@ -6,11 +6,11 @@ Notes:
carnil> ("hugetlbfs: flush before unlock on
carnil> move_hugetlb_page_tables()") to be applied.
Bugs:
-upstream: pending [a4a118f2eead1d6c49e00765de89878288d4b890]
+upstream: released (5.16-rc3) [a4a118f2eead1d6c49e00765de89878288d4b890]
5.10-upstream-stable: released (5.10.82) [40bc831ab5f630431010d1ff867390b07418a7ee]
-4.19-upstream-stable: needed
-4.9-upstream-stable: needed
+4.19-upstream-stable: released (4.19.219) [b0313bc7f5fbb6beee327af39d818ffdc921821a]
+4.9-upstream-stable: released (4.9.292) [8e80bf5d001594b037de04fb4fe89f34cfbcb3ba]
sid: released (5.15.5-1)
-5.10-bullseye-security: needed
-4.19-buster-security: needed
-4.9-stretch-security: needed
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: released (4.9.303-1)
diff --git a/retired/CVE-2021-4028 b/retired/CVE-2021-4028
new file mode 100644
index 00000000..fd5d6e67
--- /dev/null
+++ b/retired/CVE-2021-4028
@@ -0,0 +1,15 @@
+Description: use-after-free in RDMA listen()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2027201
+Notes:
+ carnil> Introduced by 732d41c545bb ("RDMA/cma: Make the locking for
+ carnil> automatic state transition more clear") in 5.10-rc1.
+Bugs:
+upstream: released (5.15-rc4) [bc0bdc5afaa740d782fbf936aaeebd65e5c2921d]
+5.10-upstream-stable: released (5.10.71) [0a16c9751e0f1de96f08643216cf1f19e8a5a787]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.12-1)
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-4032 b/retired/CVE-2021-4032
new file mode 100644
index 00000000..6dd73b06
--- /dev/null
+++ b/retired/CVE-2021-4032
@@ -0,0 +1,17 @@
+Description: Revert "KVM: x86: Open code necessary bits of kvm_lapic_set_base() at vCPU RESET"
+References:
+ https://lkml.org/lkml/2021/9/8/587
+ https://bugzilla.redhat.com/show_bug.cgi?id=2027403
+Notes:
+ carnil> Commit fixes (revert) a change in 5.15-rc1, 421221234ada ("KVM:
+ carnil> x86: Open code necessary bits of kvm_lapic_set_base() at vCPU
+ carnil> RESET").
+Bugs:
+upstream: released (5.15-rc7) [f7d8a19f9a056a05c5c509fa65af472a322abfee]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-40490 b/retired/CVE-2021-40490
index 9d4efb3c..2bafb6cc 100644
--- a/active/CVE-2021-40490
+++ b/retired/CVE-2021-40490
@@ -11,4 +11,4 @@ upstream: released (5.15-rc1) [a54c4613dac1500b40e4ab55199f7c51f028e848]
sid: released (5.14.6-1)
5.10-bullseye-security: released (5.10.46-5) [bugfix/all/ext4-fix-race-writing-to-an-inline_data-file-while-i.patch]
4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: pending (4.9.290-1)
+4.9-stretch-security: released (4.9.290-1)
diff --git a/retired/CVE-2021-4083 b/retired/CVE-2021-4083
new file mode 100644
index 00000000..7bea8215
--- /dev/null
+++ b/retired/CVE-2021-4083
@@ -0,0 +1,15 @@
+Description: fget: check that the fd still exists after getting a ref to it
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2029923
+ https://bugs.chromium.org/p/project-zero/issues/detail?id=2247
+Notes:
+ carnil> Fixed as weil in 5.15.7 for 5.15.y.
+Bugs:
+upstream: released (5.16-rc4) [054aa8d439b9185d4f5eb9a90282d1ce74772969]
+5.10-upstream-stable: released (5.10.84) [4baba6ba56eb91a735a027f783cc4b9276b48d5b]
+4.19-upstream-stable: released (4.19.220) [8bf31f9d9395b71af3ed33166a057cd3ec0c59da]
+4.9-upstream-stable: released (4.9.292) [a043f5a600052dc93bc3d7a6a2c1592b6ee77482]
+sid: released (5.15.5-2) [bugfix/all/fget-check-that-the-fd-still-exists-after-getting-a-.patch]
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: released (4.9.303-1)
diff --git a/retired/CVE-2021-4090 b/retired/CVE-2021-4090
new file mode 100644
index 00000000..3a4e8ee6
--- /dev/null
+++ b/retired/CVE-2021-4090
@@ -0,0 +1,16 @@
+Description: NFSD: Fix exposure in nfsd4_decode_bitmap()
+References:
+ https://lore.kernel.org/linux-nfs/97860.1636837122@crash.local/
+ https://lore.kernel.org/linux-nfs/163692036074.16710.5678362976688977923.stgit@klimt.1015granger.net/
+Notes:
+ carnil> Commit fixes d1c263a031e8 ("NFSD: Replace READ* macros in
+ carnil> nfsd4_decode_fattr()") 5.15-rc1.
+Bugs:
+upstream: released (5.16-rc2) [c0019b7db1d7ac62c711cda6b357a659d46428fe]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.5-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-4093 b/retired/CVE-2021-4093
new file mode 100644
index 00000000..a1fb2203
--- /dev/null
+++ b/retired/CVE-2021-4093
@@ -0,0 +1,15 @@
+Description: KVM: SVM: out-of-bounds read/write in sev_es_string_io
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2028584
+Notes:
+ carnil> Introduced in 5.11-rc1 by 7ed9abfe8e9f ("KVM: SVM: Support
+ carnil> string IO operations for an SEV-ES guest").
+Bugs:
+upstream: released (5.15-rc7) [95e16b4792b0429f1933872f743410f00e590c55]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.16-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-4095 b/retired/CVE-2021-4095
new file mode 100644
index 00000000..d799e5ba
--- /dev/null
+++ b/retired/CVE-2021-4095
@@ -0,0 +1,19 @@
+Description: KVM: NULL pointer dereference in kvm_dirty_ring_get() in virt/kvm/dirty_ring.c
+References:
+ https://lore.kernel.org/kvm/CAFcO6XOmoS7EacN_n6v4Txk7xL7iqRa2gABg3F7E3Naf5uG94g@mail.gmail.com/
+ https://patchwork.kernel.org/project/kvm/patch/20211121125451.9489-12-dwmw2@infradead.org/
+ https://bugzilla.redhat.com/show_bug.cgi?id=2031194
+ https://www.openwall.com/lists/oss-security/2021/12/14/2
+ https://www.openwall.com/lists/oss-security/2022/01/17/1
+Notes:
+ bwh> Introduced in 5.12 by commit 629b5348841a "KVM: x86/xen: update
+ bwh> wallclock region".
+Bugs:
+upstream: released (5.17-rc1) [55749769fe608fa3f4a075e42e89d237c8e37637]
+5.10-upstream-stable: N/A "Vulnerability introduced later"
+4.19-upstream-stable: N/A "Vulnerability introduced later"
+4.9-upstream-stable: N/A "Vulnerability introduced later"
+sid: released (5.17.3-1)
+5.10-bullseye-security: N/A "Vulnerability introduced later"
+4.19-buster-security: N/A "Vulnerability introduced later"
+4.9-stretch-security: N/A "Vulnerability introduced later"
diff --git a/retired/CVE-2021-41073 b/retired/CVE-2021-41073
index 2bfa8d69..91ffba31 100644
--- a/retired/CVE-2021-41073
+++ b/retired/CVE-2021-41073
@@ -2,6 +2,8 @@ Description: io_uring: ensure symmetry in handling iter types in loop_rw_iter()
References:
https://www.openwall.com/lists/oss-security/2021/09/18/2
https://twitter.com/chompie1337/status/1439743758447398918
+ https://www.graplsecurity.com/post/iou-ring-exploiting-the-linux-kernel
+ https://github.com/chompie1337/Linux_LPE_io_uring_CVE-2021-41073
Notes:
Bugs:
upstream: released (5.15-rc2) [16c8d2df7ec0eed31b7d3b61cb13206a7fb930cc]
diff --git a/retired/CVE-2021-4135 b/retired/CVE-2021-4135
new file mode 100644
index 00000000..afb593ef
--- /dev/null
+++ b/retired/CVE-2021-4135
@@ -0,0 +1,17 @@
+Description: netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2026786
+Notes:
+ carnil> Commit fixes 395cacb5f1a0 ("netdevsim: bpf: support fake map
+ carnil> offload") in 4.16-rc1.
+ carnil> Fixed as well in 5.15.11 for 5.15.y.
+ carnil> CONFIG_NETDEVSIM is not set is not set in Debian
+Bugs:
+upstream: released (5.16-rc6) [481221775d53d6215a6e5e9ce1cce6d2b4ab9a46]
+5.10-upstream-stable: released (5.10.88) [1a34fb9e2bf3029f7c0882069d67ff69cbd645d8]
+4.19-upstream-stable: released (4.19.222) [d861443c4dc88650eed113310d933bd593d37b23]
+4.9-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (5.15.15-1)
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: N/A "Vulnerable code introduced later"
diff --git a/retired/CVE-2021-4148 b/retired/CVE-2021-4148
new file mode 100644
index 00000000..90eddbb5
--- /dev/null
+++ b/retired/CVE-2021-4148
@@ -0,0 +1,19 @@
+Description: mm: Opening THP-backed special file for write causes crash in block_invalidatepage()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2026487
+ https://lkml.org/lkml/2021/9/17/1037
+ https://lkml.org/lkml/2021/9/12/323
+ https://lore.kernel.org/linux-mm/a07564a3-b2fc-9ffe-3ace-3f276075ea5c@google.com/
+ https://lore.kernel.org/lkml/CACkBjsYwLYLRmX8GpsDpMthagWOjWWrNxqY6ZLNQVr6yx+f5vA@mail.gmail.com/
+Notes:
+ bwh> Introduced in 5.4 by commit 99cb0dbd47a1 "mm,thp: add read-only THP
+ bwh> support for (non-shmem) FS".
+Bugs:
+upstream: released (5.15) [a4aeaa06d45e90f9b279f0b09de84bd00006e733]
+5.10-upstream-stable: released (5.10.78) [6d67b2a73b8e3a079c355bab3c1aef7d85a044b8]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.16-1)
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-4149 b/retired/CVE-2021-4149
new file mode 100644
index 00000000..05808c87
--- /dev/null
+++ b/retired/CVE-2021-4149
@@ -0,0 +1,17 @@
+Description: Improper lock operation in btrfs
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2026485
+ https://lkml.org/lkml/2021/10/18/885
+ https://lkml.org/lkml/2021/9/13/2565
+Notes:
+ bwh> Commit message says the fix is applicable to 5.4 onward,
+ bwh> but earlier versions seem to have the same bug.
+Bugs:
+upstream: released (5.15-rc6) [19ea40dddf1833db868533958ca066f368862211]
+5.10-upstream-stable: released (5.10.75) [206868a5b6c14adc4098dd3210a2f7510d97a670]
+4.19-upstream-stable: released (4.19.235) [73d55fa1b9310573f623195a4f7ab3170bbaf248]
+4.9-upstream-stable: released (4.9.307) [43bfa08ba62a1ca7a22365c7092e491e04327efb]
+sid: released (5.14.16-1)
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.235-1)
+4.9-stretch-security: released (4.9.320-2)
diff --git a/retired/CVE-2021-4150 b/retired/CVE-2021-4150
new file mode 100644
index 00000000..588d6073
--- /dev/null
+++ b/retired/CVE-2021-4150
@@ -0,0 +1,17 @@
+Description: Block subsystem mishandles reference counts
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2025938
+ https://lkml.org/lkml/2021/9/6/781
+ https://lkml.org/lkml/2021/10/18/485
+Notes:
+ bwh> Introduced in 5.15-rc1 by commit 9d3b8813895d "block: change the
+ bwh> refcounting for partitions", so never appeared in a stable release.
+Bugs:
+upstream: released (5.15-rc7) [9fbfabfda25d8774c5a08634fdd2da000a924890]
+5.10-upstream-stable: N/A "Vulnerability introduced later"
+4.19-upstream-stable: N/A "Vulnerability introduced later"
+4.9-upstream-stable: N/A "Vulnerability introduced later"
+sid: N/A "Vulnerability introduced and fixed in experimental"
+5.10-bullseye-security: N/A "Vulnerability introduced later"
+4.19-buster-security: N/A "Vulnerability introduced later"
+4.9-stretch-security: N/A "Vulnerability introduced later"
diff --git a/retired/CVE-2021-4154 b/retired/CVE-2021-4154
new file mode 100644
index 00000000..f4f0ac85
--- /dev/null
+++ b/retired/CVE-2021-4154
@@ -0,0 +1,15 @@
+Description: cgroup: verify that source is a string
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2034514
+Notes:
+ carnil> Commit fixes 8d2451f4994f ("cgroup1: switch to option-by-option
+ carnil> parsing") in 5.1-rc1.
+Bugs:
+upstream: released (5.14-rc2) [3b0462726e7ef281c35a7a4ae33e93ee2bc9975b]
+5.10-upstream-stable: released (5.10.52) [811763e3beb6c922d168e9f509ec593e9240842e]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.70-1)
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-4155 b/retired/CVE-2021-4155
new file mode 100644
index 00000000..932a7f33
--- /dev/null
+++ b/retired/CVE-2021-4155
@@ -0,0 +1,15 @@
+Description: xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2034813
+ https://www.openwall.com/lists/oss-security/2022/01/10/1
+Notes:
+ carnil> Fixed as well in 5.15.14 for 5.15.y.
+Bugs:
+upstream: released (5.16) [983d8e60f50806f90534cc5373d0ce867e5aaf79]
+5.10-upstream-stable: released (5.10.91) [16d8568378f9ee2d1e69216d39961aa72710209f]
+4.19-upstream-stable: released (4.19.225) [1c3564fca0e7b8c9e96245a2cb35e198b036ee9a]
+4.9-upstream-stable: released (4.9.297) [19e3d9a26f28f432ae89acec22ec47b2a72a502c]
+sid: released (5.15.15-1)
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: released (4.9.303-1)
diff --git a/retired/CVE-2021-4157 b/retired/CVE-2021-4157
new file mode 100644
index 00000000..1e039584
--- /dev/null
+++ b/retired/CVE-2021-4157
@@ -0,0 +1,14 @@
+Description: pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2034342
+ https://lore.kernel.org/lkml/20210517140244.822185482@linuxfoundation.org/
+Notes:
+Bugs:
+upstream: released (5.13-rc1) [ed34695e15aba74f45247f1ee2cf7e09d449f925]
+5.10-upstream-stable: released (5.10.38) [1fbea60ea658ab887fb899532d783732b04e53e6]
+4.19-upstream-stable: released (4.19.191) [f27638a92f77d8107efbaf48a0d3bfa24da8cdad]
+4.9-upstream-stable: released (4.9.269) [c621f3654bba1096ec913d0942e27bd032bb6090]
+sid: released (5.10.38-1)
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
+4.9-stretch-security: released (4.9.272-1)
diff --git a/retired/CVE-2021-4159 b/retired/CVE-2021-4159
new file mode 100644
index 00000000..e837e851
--- /dev/null
+++ b/retired/CVE-2021-4159
@@ -0,0 +1,17 @@
+Description: bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds()
+References:
+ https://bugzilla.suse.com/show_bug.cgi?id=1194227
+ https://bugzilla.redhat.com/show_bug.cgi?id=2036024
+Notes:
+ bwh> I think this can be ignored. Privileged users can generally read
+ bwh> kernel memory through kprobes/tracepoints. Unprivileged use of
+ bwh> eBPF is now disabled by default in all Debian suites.
+Bugs:
+upstream: released (5.7-rc1) [294f2fc6da27620a506e6c050241655459ccd6bd]
+5.10-upstream-stable: N/A "Fixed before branching point"
+4.19-upstream-stable: released (4.19.256) [6c6b84ef5ea8dc0ca3559ccf69810960e348c555]
+4.9-upstream-stable:
+sid: released (5.7.6-1)
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.260-1)
+4.9-stretch-security: ignored "Too risky to backport, and mitigated by default"
diff --git a/active/CVE-2021-41864 b/retired/CVE-2021-41864
index 139b815a..baa29594 100644
--- a/active/CVE-2021-41864
+++ b/retired/CVE-2021-41864
@@ -12,6 +12,6 @@ upstream: released (5.15-rc5) [30e29a9a2bc6a4888335a6ede968b75cd329657a]
4.19-upstream-stable: released (4.19.211) [078cdd572408176a3900a6eb5a403db0da22f8e0]
4.9-upstream-stable: released (4.9.287) [4fd6663eb01bc3c73143cd27fefd7b8351bc6aa6]
sid: released (5.14.12-1)
-5.10-bullseye-security: needed
-4.19-buster-security: needed
-4.9-stretch-security: pending (4.9.290-1)
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: released (4.9.290-1)
diff --git a/retired/CVE-2021-4197 b/retired/CVE-2021-4197
new file mode 100644
index 00000000..3c8f2091
--- /dev/null
+++ b/retired/CVE-2021-4197
@@ -0,0 +1,16 @@
+Description: cgroup: Use open-time creds and namespace for migration perm checks
+References:
+ https://lore.kernel.org/lkml/20211209214707.805617-1-tj@kernel.org/T/
+ https://bugzilla.redhat.com/show_bug.cgi?id=2035652
+Notes:
+ carnil> Fixed as well in 5.15.14 for 5.15.y.
+ bwh> At least the first commit is applicable to all branches.
+Bugs:
+upstream: released (5.16) [1756d7994ad85c2479af6ae5a9750b92324685af, 0d2b5955b36250a9428c832664f2079cbf723bec, e57457641613fef0d147ede8bd6a3047df588b95]
+5.10-upstream-stable: released (5.10.109) [f28364fe384feffbe7d44b095ef4571285465c47, 824a950c3f1118eb06b1877c49ed1b2eca8e236d], released (5.10.111) [4665722d36ad13c6abc6b2ef3fe5150c0a92d870]
+4.19-upstream-stable: released (4.19.238) [0bd407959f7d6671ba0617e2dbda3e89d8a0419f, de37e01dd20e3228b010fe5fbd3e205747481b96, 74ac12c718e7d3f7eb346ee90a4c9904a8b6b6d2]
+4.9-upstream-stable: needed
+sid: released (5.15.15-1)
+5.10-bullseye-security: released (5.10.113-1)
+4.19-buster-security: released (4.19.249-1)
+4.9-stretch-security: ignored "EOL"
diff --git a/active/CVE-2021-42008 b/retired/CVE-2021-42008
index b0678503..adb85fa1 100644
--- a/active/CVE-2021-42008
+++ b/retired/CVE-2021-42008
@@ -9,4 +9,4 @@ upstream: released (5.14-rc7) [19d1532a187669ce86d5a2696eb7275310070793]
sid: released (5.14.6-1)
5.10-bullseye-security: released (5.10.70-1)
4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: pending (4.9.290-1)
+4.9-stretch-security: released (4.9.290-1)
diff --git a/retired/CVE-2021-4202 b/retired/CVE-2021-4202
new file mode 100644
index 00000000..95ef54c0
--- /dev/null
+++ b/retired/CVE-2021-4202
@@ -0,0 +1,14 @@
+Description: Race condition in nci_request() leads to use after free while the device is getting removed
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2036682
+Notes:
+ carnil> CONFIG_NFC_NCI not enabled in Debian.
+Bugs:
+upstream: released (5.16-rc2) [86cdf8e38792545161dbe3350a7eced558ba4d15, 48b71a9e66c2eab60564b1b1c85f4928ed04e406]
+5.10-upstream-stable: released (5.10.82) [cb14b196d991c864ed2d1b6e79d68a7ce38e6538, 34e54703fb0fdbfc0a3cfc065d71e9a8353d3ac9]
+4.19-upstream-stable: released (4.19.218) [62be2b1e7914b7340281f09412a7bbb62e6c8b67], (4.19.219) 2350cffd71e74bf81dedc989fdec12aebe89a4a5]
+4.9-upstream-stable: released (4.9.291) [4a59a3681158a182557c75bacd00d184f9b2a8f5], (4.9.292) [57c076e64ab55adf556cc515914564d61979f7c2]
+sid: released (5.15.5-1)
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: released (4.9.303-1)
diff --git a/retired/CVE-2021-4203 b/retired/CVE-2021-4203
new file mode 100644
index 00000000..ec6f6bc4
--- /dev/null
+++ b/retired/CVE-2021-4203
@@ -0,0 +1,17 @@
+Description: af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2036934
+ https://lore.kernel.org/netdev/20210929225750.2548112-1-eric.dumazet@gmail.com/T/
+ https://bugs.chromium.org/p/project-zero/issues/detail?id=2230
+Notes:
+ carnil> Commit fixes 109f6e39fa07 ("af_unix: Allow SO_PEERCRED to work
+ carnil> across namespaces.").
+Bugs:
+upstream: released (5.15-rc4) [35306eb23814444bd4021f8a1c3047d3cb0c8b2b]
+5.10-upstream-stable: released (5.10.71) [3db53827a0e9130d9e2cbe3c3b5bca601caa4c74]
+4.19-upstream-stable: released (4.19.209) [0512a9aede6e4417c4fa6e0042a7ca8bc7e06b86]
+4.9-upstream-stable: released (4.9.286) [09818f629bafbe20e24bac919019853ea3ac5ca4]
+sid: released (5.14.12-1)
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: released (4.9.290-1)
diff --git a/retired/CVE-2021-4218 b/retired/CVE-2021-4218
new file mode 100644
index 00000000..12445f6a
--- /dev/null
+++ b/retired/CVE-2021-4218
@@ -0,0 +1,17 @@
+Description: xprtrdma: Wrong copy function used in sysctl handler
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2048359
+ https://bugs.centos.org/view.php?id=18395
+Notes:
+ bwh> This issue is specific to CentOS/RHEL. In mainline,
+ bwh> xprtrdma always used copy_to_user() until the general
+ bwh> conversion of sysctls to use a kernel buffer.
+Bugs:
+upstream: N/A "Vulnerability never present"
+5.10-upstream-stable: N/A "Vulnerability never present"
+4.19-upstream-stable: N/A "Vulnerability never present"
+4.9-upstream-stable: N/A "Vulnerability never present"
+sid: N/A "Vulnerability never present"
+5.10-bullseye-security: N/A "Vulnerability never present"
+4.19-buster-security: N/A "Vulnerability never present"
+4.9-stretch-security: N/A "Vulnerability never present"
diff --git a/active/CVE-2021-42327 b/retired/CVE-2021-42327
index 01c7e2e5..0105f00e 100644
--- a/active/CVE-2021-42327
+++ b/retired/CVE-2021-42327
@@ -17,6 +17,6 @@ upstream: released (5.15) [5afa7898ab7a0ec9c28556a91df714bf3c2f725e]
4.19-upstream-stable: N/A "Vulnerability introduced later"
4.9-upstream-stable: N/A "Vulnerability introduced later"
sid: released (5.14.16-1)
-5.10-bullseye-security: needed
+5.10-bullseye-security: released (5.10.84-1)
4.19-buster-security: N/A "Vulnerability introduced later"
4.9-stretch-security: N/A "Vulnerability introduced later"
diff --git a/active/CVE-2021-42739 b/retired/CVE-2021-42739
index f7cf7c94..7dfd3bdf 100644
--- a/active/CVE-2021-42739
+++ b/retired/CVE-2021-42739
@@ -9,8 +9,8 @@ Bugs:
upstream: released (5.16-rc1) [35d2969ea3c7d32aee78066b1f3cf61a0d935a4e]
5.10-upstream-stable: released (5.10.78) [d7fc85f6104259541ec136199d3bf7c8a736613d]
4.19-upstream-stable: released (4.19.216) [53ec9dab4eb0a8140fc85760fb50effb526fe219]
-4.9-upstream-stable: needed
+4.9-upstream-stable: released (4.9.299) [1795af6435fa5f17ced2d34854fd4871e0780092]
sid: released (5.14.16-1) [bugfix/all/media-firewire-firedtv-avc-fix-a-buffer-overflow-in-.patch]
-5.10-bullseye-security: needed
-4.19-buster-security: needed
-4.9-stretch-security: needed
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: released (4.9.290-1) [bugfix/all/media-firewire-firedtv-avc-fix-a-buffer-overflow-in-.patch]
diff --git a/active/CVE-2021-43056 b/retired/CVE-2021-43056
index b2d3b43e..4fb1a0eb 100644
--- a/active/CVE-2021-43056
+++ b/retired/CVE-2021-43056
@@ -10,6 +10,6 @@ upstream: released (5.15-rc6) [cdeb5d7d890e14f3b70e8087e745c4a6a7d9f337]
4.19-upstream-stable: N/A "Vulnerability introduced later"
4.9-upstream-stable: N/A "Vulnerability introduced later"
sid: released (5.14.16-1)
-5.10-bullseye-security: needed
+5.10-bullseye-security: released (5.10.84-1)
4.19-buster-security: N/A "Vulnerability introduced later"
4.9-stretch-security: N/A "Vulnerability introduced later"
diff --git a/active/CVE-2021-43057 b/retired/CVE-2021-43057
index bb2da83d..bb2da83d 100644
--- a/active/CVE-2021-43057
+++ b/retired/CVE-2021-43057
diff --git a/active/CVE-2021-43267 b/retired/CVE-2021-43267
index d7f46115..c997c5e6 100644
--- a/active/CVE-2021-43267
+++ b/retired/CVE-2021-43267
@@ -1,5 +1,6 @@
Description: tipc: fix size validations for the MSG_CRYPTO type
References:
+ https://www.sentinelone.com/labs/tipc-remote-linux-kernel-heap-overflow-allows-arbitrary-code-execution/
Notes:
carnil> Commit fixes 1ef6f7c9390f ("tipc: add automatic session key
carnil> exchange") in 5.10-rc1.
@@ -9,6 +10,6 @@ upstream: released (5.15) [fa40d9734a57bcbfa79a280189799f76c88f7bb0]
4.19-upstream-stable: N/A "Vulnerable code introduced later"
4.9-upstream-stable: N/A "Vulnerable code introduced later"
sid: released (5.14.16-1)
-5.10-bullseye-security: needed
+5.10-bullseye-security: released (5.10.84-1)
4.19-buster-security: N/A "Vulnerable code introduced later"
4.9-stretch-security: N/A "Vulnerable code introduced later"
diff --git a/active/CVE-2021-43389 b/retired/CVE-2021-43389
index 3b7b9841..bd1b7e47 100644
--- a/active/CVE-2021-43389
+++ b/retired/CVE-2021-43389
@@ -12,6 +12,6 @@ upstream: released (5.15-rc6) [1f3e2e97c003f80c4b087092b225c8787ff91e4d]
4.19-upstream-stable: released (4.19.214) [7d91adc0ccb060ce564103315189466eb822cc6a]
4.9-upstream-stable: released (4.9.288) [24219a977bfe3d658687e45615c70998acdbac5a]
sid: released (5.14.16-1)
-5.10-bullseye-security: needed
-4.19-buster-security: needed
-4.9-stretch-security: pending (4.9.290-1)
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: released (4.9.290-1)
diff --git a/retired/CVE-2021-43975 b/retired/CVE-2021-43975
new file mode 100644
index 00000000..8c80a6ec
--- /dev/null
+++ b/retired/CVE-2021-43975
@@ -0,0 +1,15 @@
+Description: atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait
+References:
+ https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=b922f622592af76b57cbc566eaeccda0b31a3496
+ https://lore.kernel.org/netdev/163698540868.13805.17800408021782408762.git-patchwork-notify@kernel.org/T/
+Notes:
+ carnil> For 5.15.y fixed as well in 5.15.7.
+Bugs:
+upstream: released (5.16-rc2) [b922f622592af76b57cbc566eaeccda0b31a3496]
+5.10-upstream-stable: released (5.10.84) [2c514d25003ac89bb7716bb4402918ccb141f8f5]
+4.19-upstream-stable: released (4.19.220) [0275fcd9b54f0364f66f2f3f6a0f3748648f3d35]
+4.9-upstream-stable: needed
+sid: released (5.15.5-2) [bugfix/all/atlantic-Fix-OOB-read-and-write-in-hw_atl_utils_fw_r.patch]
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: ignored "EOL"
diff --git a/retired/CVE-2021-43976 b/retired/CVE-2021-43976
new file mode 100644
index 00000000..8c5e07d0
--- /dev/null
+++ b/retired/CVE-2021-43976
@@ -0,0 +1,15 @@
+Description: mwifiex_usb: Fix skb_over_panic in mwifiex_usb_recv
+References:
+ https://patchwork.kernel.org/project/linux-wireless/patch/YX4CqjfRcTa6bVL+@Zekuns-MBP-16.fios-router.home/
+ https://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next.git/commit/?id=04d80663f67ccef893061b49ec8a42ff7045ae84
+Notes:
+ carnil> Fixed as well in 5.15.17 for 5.15.y.
+Bugs:
+upstream: released (5.17-rc1) [04d80663f67ccef893061b49ec8a42ff7045ae84]
+5.10-upstream-stable: released (5.10.94) [6036500fdf77caaca9333003f78d25a3d61c4e40]
+4.19-upstream-stable: released (4.19.226) [2f4b037bf6e8c663a593b8149263c5b6940c7afd]
+4.9-upstream-stable: released (4.9.298) [b233d7395cd104398dd83f130df5f0d57036c95e]
+sid: released (5.15.15-2) [bugfix/x86/mwifiex-Fix-skb_over_panic-in-mwifiex_usb_recv.patch]
+5.10-bullseye-security: released (5.10.92-2) [bugfix/x86/mwifiex-Fix-skb_over_panic-in-mwifiex_usb_recv.patch]
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: released (4.9.303-1)
diff --git a/retired/CVE-2021-44733 b/retired/CVE-2021-44733
new file mode 100644
index 00000000..d4431c92
--- /dev/null
+++ b/retired/CVE-2021-44733
@@ -0,0 +1,14 @@
+Description: tee: handle lookup of shm with reference count 0
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2030747
+ https://lore.kernel.org/lkml/20211214123540.1789434-1-jens.wiklander@linaro.org/
+Notes:
+Bugs:
+upstream: released (5.16-rc7) [dfd0743f1d9ea76931510ed150334d571fbab49d]
+5.10-upstream-stable: released (5.10.89) [c05d8f66ec3470e5212c4d08c46d6cb5738d600d]
+4.19-upstream-stable: released (4.19.224) [b4a661b4212b8fac8853ec3b68e4a909dccc88a1]
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-44879 b/retired/CVE-2021-44879
new file mode 100644
index 00000000..f1c3d956
--- /dev/null
+++ b/retired/CVE-2021-44879
@@ -0,0 +1,18 @@
+Description: f2fs: fix to do sanity check on inode type during garbage collection
+References:
+ https://www.openwall.com/lists/oss-security/2022/02/12/1
+ https://bugzilla.kernel.org/show_bug.cgi?id=215231
+ https://lore.kernel.org/linux-f2fs-devel/20211206144421.3735-3-chao@kernel.org/T/
+Notes:
+ bwh> The bug seems to exist in all our stable branches.
+Bugs:
+upstream: released (5.17-rc1) [9056d6489f5a41cfbb67f719d2c0ce61ead72d9f]
+6.1-upstream-stable: N/A "Fixed before branch point"
+5.10-upstream-stable: released (5.10.200) [571ce7d944cdd204da163cb5d5cc75bb38090246]
+4.19-upstream-stable: released (4.19.298) [45c9da086dded78a12bc580f5bb012545a910803]
+4.9-upstream-stable: ignored "EOL"
+sid: released (5.16.7-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
+4.9-stretch-security: ignored "f2fs is not supportable"
diff --git a/retired/CVE-2021-45095 b/retired/CVE-2021-45095
new file mode 100644
index 00000000..e52acc95
--- /dev/null
+++ b/retired/CVE-2021-45095
@@ -0,0 +1,14 @@
+Description: phonet: refcount leak in pep_sock_accep
+References:
+ https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=bcd0f93353326954817a4f9fa55ec57fb38acbb0
+Notes:
+ carnil> Fixed as well in 5.15.14 for 5.15.y.
+Bugs:
+upstream: released (5.16-rc6) [bcd0f93353326954817a4f9fa55ec57fb38acbb0]
+5.10-upstream-stable: released (5.10.91) [4f260ea5537db35d2eeec9bca78a74713078a544]
+4.19-upstream-stable: released (4.19.225) [4dece2760af408ad91d6e43afc485d20386c2885]
+4.9-upstream-stable: released (4.9.297) [3bae29ecb2909c46309671090311230239f1bdd7]
+sid: released (5.15.15-1)
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: released (4.9.303-1)
diff --git a/retired/CVE-2021-45100 b/retired/CVE-2021-45100
new file mode 100644
index 00000000..ba086e6c
--- /dev/null
+++ b/retired/CVE-2021-45100
@@ -0,0 +1,15 @@
+Description: ksmbd: disable SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1
+References:
+ https://github.com/cifsd-team/ksmbd/issues/550
+ https://github.com/cifsd-team/ksmbd/pull/551
+ https://marc.info/?l=linux-kernel&m=163961726017023&w=2
+Notes:
+Bugs:
+upstream: released (5.16-rc7) [83912d6d55be10d65b5268d1871168b9ebe1ec4b]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-45402 b/retired/CVE-2021-45402
new file mode 100644
index 00000000..2bc13bbb
--- /dev/null
+++ b/retired/CVE-2021-45402
@@ -0,0 +1,17 @@
+Description: check_alu_op() function in kernel/bpf/verifier.c does not properly update bounds while handling the mov32 instruction
+References:
+ https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=3cf2b61eb06765e27fec6799292d9fb46d0b7e60
+ https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=b1a7288dedc6caf9023f2676b4f5ed34cf0d4029
+ https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=e572ff80f05c33cd0cb4860f864f5c9c044280b6
+Notes:
+ carnil> Commit fixes 3f50f132d840 ("bpf: Verifier, do explicit ALU32
+ carnil> bounds tracking") in v5.7-rc1.
+Bugs:
+upstream: released (5.16-rc6) [3cf2b61eb06765e27fec6799292d9fb46d0b7e60, e572ff80f05c33cd0cb4860f864f5c9c044280b6]
+5.10-upstream-stable: released (5.10.88) [e2aad0b5f2cbf71a31d00ce7bb4dee948adff5a9, 279e0bf80d95184666c9d41361b1625c045d1dcb]
+4.19-upstream-stable: N/A "Vulnerable code introduced later"
+4.9-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (5.15.15-1)
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: N/A "Vulnerable code introduced later"
+4.9-stretch-security: N/A "Vulnerable code introduced later"
diff --git a/retired/CVE-2021-45469 b/retired/CVE-2021-45469
new file mode 100644
index 00000000..39fafebb
--- /dev/null
+++ b/retired/CVE-2021-45469
@@ -0,0 +1,16 @@
+Description: f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr()
+References:
+ https://bugzilla.kernel.org/show_bug.cgi?id=215235
+ https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=dev&id=5598b24efaf4892741c798b425d543e4bed357a1
+Notes:
+ carnil> for 5.15.y fixed as well in 5.15.12.
+ bwh> This is due to an incomplete fix for CVE-2019-9453.
+Bugs:
+upstream: released (5.17-rc1) [645a3c40ca3d40cc32b4b5972bf2620f2eb5dba6]
+5.10-upstream-stable: released (5.10.89) [fffb6581a23add416239dfcf7e7f3980c6b913da]
+4.19-upstream-stable: released (4.19.223) [f9dfa44be0fb5e8426183a70f69a246cf5827f49]
+4.9-upstream-stable: needed
+sid: released (5.15.15-1)
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: ignored "f2fs is not supportable"
diff --git a/retired/CVE-2021-45480 b/retired/CVE-2021-45480
new file mode 100644
index 00000000..f4c59a49
--- /dev/null
+++ b/retired/CVE-2021-45480
@@ -0,0 +1,15 @@
+Description: rds: memory leak in __rds_conn_create()
+References:
+Notes:
+ carnil> commit fixes aced3ce57cd3 ("RDS tcp loopback connection can
+ carnil> hang") in 5.15-rc4 (but was backported to 5.10.44, 4.19.195 in
+ carnil> particular). Fixed as well in 5.15.11 for 5.15.y.
+Bugs:
+upstream: released (5.16-rc6) [5f9562ebe710c307adc5f666bf1a2162ee7977c0]
+5.10-upstream-stable: released (5.10.88) [74dc97dfb276542f12746d706abef63364d816bb]
+4.19-upstream-stable: released (4.19.222) [1ed173726c1a0082e9d77c7d5a85411e85bdd983]
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-45485 b/retired/CVE-2021-45485
new file mode 100644
index 00000000..9929d26d
--- /dev/null
+++ b/retired/CVE-2021-45485
@@ -0,0 +1,13 @@
+Description: ipv6: use prandom_u32() for ID generation
+References:
+ https://arxiv.org/pdf/2112.09604.pdf
+Notes:
+Bugs:
+upstream: released (5.14-rc1) [62f20e068ccc50d6ab66fdb72ba90da2b9418c99]
+5.10-upstream-stable: released (5.10.51) [8f939b79579715b195dc3ad36669707fce6853ee]
+4.19-upstream-stable: released (4.19.198) [f0be58ec9931907e980cf21737e51d369808eb95]
+4.9-upstream-stable: released (4.9.276) [3fc852e59c0a48094cc0f1b2e866604986bbcd31]
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.70-1)
+4.19-buster-security: released (4.19.208-1)
+4.9-stretch-security: released (4.9.290-1)
diff --git a/retired/CVE-2021-45486 b/retired/CVE-2021-45486
new file mode 100644
index 00000000..c18deb1f
--- /dev/null
+++ b/retired/CVE-2021-45486
@@ -0,0 +1,13 @@
+Description: inet: use bigger hash table for IP ID generation
+References:
+ https://arxiv.org/pdf/2112.09604.pdf
+Notes:
+Bugs:
+upstream: released (5.13-rc1) [aa6dd211e4b1dde9d5dc25d699d35f789ae7eeba]
+5.10-upstream-stable: released (5.10.37) [a273c27d7255fc527023edeb528386d1b64bedf5]
+4.19-upstream-stable: released (4.19.196) [7f7e23df8509e072593200400a4b094cc44376d2]
+4.9-upstream-stable: released (4.9.274) [0889f0a3bb2de535f48424491d8f9d5954a3cde8]
+sid: released (5.10.38-1)
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.208-1)
+4.9-stretch-security: released (4.9.290-1)
diff --git a/retired/CVE-2021-45868 b/retired/CVE-2021-45868
new file mode 100644
index 00000000..fd0e3b14
--- /dev/null
+++ b/retired/CVE-2021-45868
@@ -0,0 +1,15 @@
+Description:
+References:
+ https://bugzilla.kernel.org/show_bug.cgi?id=214655
+ https://www.openwall.com/lists/oss-security/2022/03/17/1
+ https://www.openwall.com/lists/oss-security/2022/03/17/2
+Notes:
+Bugs:
+upstream: released (5.16-rc1) [9bf3d20331295b1ecb81f4ed9ef358c51699a050]
+5.10-upstream-stable: released (5.10.80) [ceeb0a8a8716a1c72af3fa4d4f98c3aced32b037]
+4.19-upstream-stable: released (4.19.218) [e5222c87dc441dcc8a66e93cb3fd34dfff03d3ec]
+4.9-upstream-stable: released (4.9.291) [f7dd331a896700728492e02c20a69e53221cd7a4]
+sid: released (5.15.3-1)
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: released (4.9.303-1)
diff --git a/retired/CVE-2021-46283 b/retired/CVE-2021-46283
new file mode 100644
index 00000000..15525565
--- /dev/null
+++ b/retired/CVE-2021-46283
@@ -0,0 +1,16 @@
+Description: netfilter: nf_tables: initialize set before expression setup
+References:
+ https://bugzilla.suse.com/show_bug.cgi?id=1194518
+ https://syzkaller.appspot.com/bug?id=22c3987f75a7b90e238a26b5a5920525c2d1f345
+Notes:
+ carnil> Commit fixes 65038428b2c6 ("netfilter: nf_tables: allow to
+ carnil> specify stateful expression in set definition") in 5.7-rc1.
+Bugs:
+upstream: released (5.13-rc7) [ad9f151e560b016b6ad3280b48e42fa11e1a5440]
+5.10-upstream-stable: released (5.10.64) [36983fc2f87ea3b74a33bf460c9ee7329735b7b5]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.70-1)
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46904 b/retired/CVE-2021-46904
new file mode 100644
index 00000000..11d61712
--- /dev/null
+++ b/retired/CVE-2021-46904
@@ -0,0 +1,16 @@
+Description: net: hso: fix null-ptr-deref during tty device unregistration
+References:
+Notes:
+ carnil> Introduced in 72dc1c096c705 ("HSO: add option hso driver"). Vulnerable
+ carnil> versions: 2.6.27-rc1.
+Bugs:
+upstream: released (5.12-rc7) [8a12f8836145ffe37e9c8733dce18c22fb668b66]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.30) [dc195928d7e4ec7b5cfc6cd10dc4c8d87a7c72ac]
+4.19-upstream-stable: released (4.19.187) [92028d7a31e55d53e41cff679156b9432cffcb36]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-46905 b/retired/CVE-2021-46905
new file mode 100644
index 00000000..16467fae
--- /dev/null
+++ b/retired/CVE-2021-46905
@@ -0,0 +1,17 @@
+Description: net: hso: fix NULL-deref on disconnect regression
+References:
+Notes:
+ carnil> Introduced in 8a12f8836145 ("net: hso: fix null-ptr-deref during tty device
+ carnil> unregistration"). Vulnerable versions: 4.4.268 4.9.268 4.14.232 4.19.187
+ carnil> 5.4.112 5.10.30 5.11.14 5.12-rc7.
+Bugs:
+upstream: released (5.13-rc1) [2ad5692db72874f02b9ad551d26345437ea4f7f3]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.33) [90642ee9eb581a13569b1c0bd57e85d962215273]
+4.19-upstream-stable: released (4.19.189) [5c17cfe155d21954b4c7e2a78fa771cebcd86725]
+sid: N/A "No Debian released version vulnerable"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "No Debian released version vulnerable"
diff --git a/retired/CVE-2021-46906 b/retired/CVE-2021-46906
new file mode 100644
index 00000000..0a1a062a
--- /dev/null
+++ b/retired/CVE-2021-46906
@@ -0,0 +1,15 @@
+Description: HID: usbhid: fix info leak in hid_submit_ctrl
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.13-rc5) [6be388f4a35d2ce5ef7dbf635a8964a5da7f799f]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.45) [b1e3596416d74ce95cc0b7b38472329a3818f8a9]
+4.19-upstream-stable: released (4.19.196) [0e280502be1b003c3483ae03fc60dea554fcfa82]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.208-1)
diff --git a/retired/CVE-2021-46908 b/retired/CVE-2021-46908
new file mode 100644
index 00000000..4d6f52dd
--- /dev/null
+++ b/retired/CVE-2021-46908
@@ -0,0 +1,16 @@
+Description: bpf: Use correct permission flag for mixed signed bounds arithmetic
+References:
+Notes:
+ carnil> Introduced in 2c78ee898d8f ("bpf: Implement CAP_BPF"). Vulnerable versions:
+ carnil> 5.8-rc1.
+Bugs:
+upstream: released (5.12-rc8) [9601148392520e2e134936e76788fc2a6371e7be]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.32) [4f3ff11204eac0ee23acf64deecb3bad7b0db0c6]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46909 b/retired/CVE-2021-46909
new file mode 100644
index 00000000..786d9a49
--- /dev/null
+++ b/retired/CVE-2021-46909
@@ -0,0 +1,16 @@
+Description: ARM: footbridge: fix PCI interrupt mapping
+References:
+Notes:
+ carnil> Introduced in 30fdfb929e82 ("PCI: Add a call to pci_assign_irq() in
+ carnil> pci_device_probe()"). Vulnerable versions: 4.13-rc1.
+Bugs:
+upstream: released (5.12-rc8) [30e3b4f256b4e366a61658c294f6a21b8626dda7]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.32) [1fc087fdb98d556b416c82ed6e3964a30885f47a]
+4.19-upstream-stable: released (4.19.189) [2643da6aa57920d9159a1a579fb04f89a2b0d29a]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-46910 b/retired/CVE-2021-46910
new file mode 100644
index 00000000..8a4b3734
--- /dev/null
+++ b/retired/CVE-2021-46910
@@ -0,0 +1,16 @@
+Description: ARM: 9063/1: mm: reduce maximum number of CPUs if DEBUG_KMAP_LOCAL is enabled
+References:
+Notes:
+ carnil> Introduced in 2a15ba82fa6ca3f3 ("ARM: highmem: Switch to generic kmap atomic").
+ carnil> Vulnerable versions: 5.11-rc1.
+Bugs:
+upstream: released (5.12-rc8) [d624833f5984d484c5e3196f34b926f9e71dafee]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46911 b/retired/CVE-2021-46911
new file mode 100644
index 00000000..f2de899d
--- /dev/null
+++ b/retired/CVE-2021-46911
@@ -0,0 +1,16 @@
+Description: ch_ktls: Fix kernel panic
+References:
+Notes:
+ carnil> Introduced in 5a4b9fe7fece ("cxgb4/chcr: complete record tx handling").
+ carnil> Vulnerable versions: 5.7-rc1.
+Bugs:
+upstream: released (5.12-rc8) [1a73e427b824133940c2dd95ebe26b6dce1cbf10]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.32) [8d5a9dbd2116a852f8f0f91f6fbc42a0afe1091f]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46912 b/retired/CVE-2021-46912
new file mode 100644
index 00000000..510fa5da
--- /dev/null
+++ b/retired/CVE-2021-46912
@@ -0,0 +1,17 @@
+Description: net: Make tcp_allowed_congestion_control readonly in non-init netns
+References:
+Notes:
+ carnil> Introduced in 9cb8e048e5d9 ("net/ipv4/sysctl: show tcp_{allowed,
+ carnil> available}_congestion_control in non-initial netns"). Vulnerable versions:
+ carnil> 5.7-rc1.
+Bugs:
+upstream: released (5.12-rc8) [97684f0970f6e112926de631fdd98d9693c7e5c1]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.32) [35d7491e2f77ce480097cabcaf93ed409e916e12]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46913 b/retired/CVE-2021-46913
new file mode 100644
index 00000000..1b2e3ad4
--- /dev/null
+++ b/retired/CVE-2021-46913
@@ -0,0 +1,16 @@
+Description: netfilter: nftables: clone set element expression template
+References:
+Notes:
+ carnil> Introduced in 409444522976 ("netfilter: nf_tables: add elements with stateful
+ carnil> expressions"). Vulnerable versions: 5.7-rc1.
+Bugs:
+upstream: released (5.12-rc8) [4d8f9065830e526c83199186c5f56a6514f457d2]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.64) [e51ff3ffc316377cca21de8b80404eed0c37b3c3]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.70-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46914 b/retired/CVE-2021-46914
new file mode 100644
index 00000000..1ee17320
--- /dev/null
+++ b/retired/CVE-2021-46914
@@ -0,0 +1,16 @@
+Description: ixgbe: fix unbalanced device enable/disable in suspend/resume
+References:
+Notes:
+ carnil> Introduced in 6f82b2558735 ("ixgbe: use generic power management"). Vulnerable
+ carnil> versions: 5.9-rc1.
+Bugs:
+upstream: released (5.12-rc8) [debb9df311582c83fe369baa35fa4b92e8a9c58a]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.32) [be07581aacae7cd0a073afae8e8862032f794309]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46915 b/retired/CVE-2021-46915
new file mode 100644
index 00000000..12f23b47
--- /dev/null
+++ b/retired/CVE-2021-46915
@@ -0,0 +1,18 @@
+Description: netfilter: nft_limit: avoid possible divide error in nft_limit_init
+References:
+Notes:
+ carnil> Introduced in c26844eda9d4 ("netfilter: nf_tables: Fix nft limit burst
+ carnil> handling")
+ carnil> 3e0f64b7dd31 ("netfilter: nft_limit: fix packet ratelimiting"). Vulnerable
+ carnil> versions: 4.13 4.14.54 4.17.
+Bugs:
+upstream: released (5.12-rc8) [b895bdf5d643b6feb7c60856326dd4feb6981560]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.32) [dc1732baa9da5b68621586bf8636ebbc27dc62d2]
+4.19-upstream-stable: released (4.19.189) [fadd3c4afdf3d4c21f4d138502f8b76334987e26]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-46916 b/retired/CVE-2021-46916
new file mode 100644
index 00000000..9dc0858a
--- /dev/null
+++ b/retired/CVE-2021-46916
@@ -0,0 +1,16 @@
+Description: ixgbe: Fix NULL pointer dereference in ethtool loopback test
+References:
+Notes:
+ carnil> Introduced in b02e5a0ebb17 ("xsk: Propagate napi_id to XDP socket Rx path").
+ carnil> Vulnerable versions: 5.11-rc1.
+Bugs:
+upstream: released (5.12-rc8) [31166efb1cee348eb6314e9c0095d84cbeb66b9d]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46917 b/retired/CVE-2021-46917
new file mode 100644
index 00000000..55b12605
--- /dev/null
+++ b/retired/CVE-2021-46917
@@ -0,0 +1,16 @@
+Description: dmaengine: idxd: fix wq cleanup of WQCFG registers
+References:
+Notes:
+ carnil> Introduced in da32b28c95a7 ("dmaengine: idxd: cleanup workqueue config after
+ carnil> disabling"). Vulnerable versions: 5.7.10 5.8-rc6.
+Bugs:
+upstream: released (5.12-rc8) [ea9aadc06a9f10ad20a90edc0a484f1147d88a7a]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.32) [e5eb9757fe4c2392e069246ae78badc573af1833]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46918 b/retired/CVE-2021-46918
new file mode 100644
index 00000000..9538121a
--- /dev/null
+++ b/retired/CVE-2021-46918
@@ -0,0 +1,16 @@
+Description: dmaengine: idxd: clear MSIX permission entry on shutdown
+References:
+Notes:
+ carnil> Introduced in 8e50d392652f ("dmaengine: idxd: Add shared workqueue support").
+ carnil> Vulnerable versions: 5.11-rc1.
+Bugs:
+upstream: released (5.12-rc8) [6df0e6c57dfc064af330071f372f11aa8c584997]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46919 b/retired/CVE-2021-46919
new file mode 100644
index 00000000..806596d8
--- /dev/null
+++ b/retired/CVE-2021-46919
@@ -0,0 +1,16 @@
+Description: dmaengine: idxd: fix wq size store permission state
+References:
+Notes:
+ carnil> Introduced in c52ca478233c ("dmaengine: idxd: add configuration component of
+ carnil> driver"). Vulnerable versions: 5.6-rc1.
+Bugs:
+upstream: released (5.12-rc8) [0fff71c5a311e1264988179f7dcc217fda15fadd]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.32) [4ecf25595273203010bc8318c4aee60ad64037ae]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46920 b/retired/CVE-2021-46920
new file mode 100644
index 00000000..dff494e2
--- /dev/null
+++ b/retired/CVE-2021-46920
@@ -0,0 +1,16 @@
+Description: dmaengine: idxd: Fix clobbering of SWERR overflow bit on writeback
+References:
+Notes:
+ carnil> Introduced in bfe1d56091c1 ("dmaengine: idxd: Init and probe for Intel data
+ carnil> accelerators"). Vulnerable versions: 5.6-rc1.
+Bugs:
+upstream: released (5.12-rc8) [ea941ac294d75d0ace50797aebf0056f6f8f7a7f]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.32) [a5ad12d5d69c63af289a37f05187a0c6fe93553d]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46921 b/retired/CVE-2021-46921
new file mode 100644
index 00000000..39c58e99
--- /dev/null
+++ b/retired/CVE-2021-46921
@@ -0,0 +1,16 @@
+Description: locking/qrwlock: Fix ordering in queued_write_lock_slowpath()
+References:
+Notes:
+ carnil> Introduced in b519b56e378ee ("locking/qrwlock: Use atomic_cond_read_acquire()
+ carnil> when spinning in qrwlock"). Vulnerable versions: 4.15-rc1.
+Bugs:
+upstream: released (5.12) [84a24bf8c52e66b7ac89ada5e3cfbe72d65c1896]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.33) [82fa9ced35d88581cffa4a1c856fc41fca96d80a]
+4.19-upstream-stable: released (4.19.189) [5902f9453a313be8fe78cbd7e7ca9dba9319fc6e]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-46922 b/retired/CVE-2021-46922
new file mode 100644
index 00000000..7187be5f
--- /dev/null
+++ b/retired/CVE-2021-46922
@@ -0,0 +1,16 @@
+Description: KEYS: trusted: Fix TPM reservation for seal/unseal
+References:
+Notes:
+ carnil> Introduced in 8c657a0590de ("KEYS: trusted: Reserve TPM for seal and unseal
+ carnil> operations"). Vulnerable versions: 5.10.20 5.11.3 5.12-rc1.
+Bugs:
+upstream: released (5.12) [9d5171eab462a63e2fbebfccf6026e92be018f20]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.33) [bf84ef2dd2ccdcd8f2658476d34b51455f970ce4]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46923 b/retired/CVE-2021-46923
new file mode 100644
index 00000000..7d80cd80
--- /dev/null
+++ b/retired/CVE-2021-46923
@@ -0,0 +1,16 @@
+Description: fs/mount_setattr: always cleanup mount_kattr
+References:
+Notes:
+ carnil> Introduced in 9caccd41541a ("fs: introduce MOUNT_ATTR_IDMAP"). Vulnerable
+ carnil> versions: 5.12-rc1.
+Bugs:
+upstream: released (5.16-rc8) [012e332286e2bb9f6ac77d195f17e74b2963d663]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46924 b/retired/CVE-2021-46924
new file mode 100644
index 00000000..43fcf15b
--- /dev/null
+++ b/retired/CVE-2021-46924
@@ -0,0 +1,16 @@
+Description: NFC: st21nfca: Fix memory leak in device probe and remove
+References:
+Notes:
+ carnil> Introduced in 68957303f44a ("NFC: ST21NFCA: Add driver for STMicroelectronics
+ carnil> ST21NFCA NFC Chip"). Vulnerable versions: 3.16-rc1.
+Bugs:
+upstream: released (5.16-rc8) [1b9dadba502234eea7244879b8d5d126bfaf9f0c]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.90) [e553265ea56482da5700f56319fda9ff53e7dcb4]
+4.19-upstream-stable: released (4.19.224) [a1e0080a35a16ce3808f7040fe0c3a8fdb052349]
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/retired/CVE-2021-46927 b/retired/CVE-2021-46927
new file mode 100644
index 00000000..978bf177
--- /dev/null
+++ b/retired/CVE-2021-46927
@@ -0,0 +1,16 @@
+Description: nitro_enclaves: Use get_user_pages_unlocked() call to handle mmap assert
+References:
+Notes:
+ carnil> Introduced in 5b78ed24e8ec ("mm/pagemap: add mmap_assert_locked() annotations
+ carnil> to find_vma*()"). Vulnerable versions: 5.15-rc1.
+Bugs:
+upstream: released (5.16-rc8) [3a0152b219523227c2a62a0a122cf99608287176]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46929 b/retired/CVE-2021-46929
new file mode 100644
index 00000000..a7ca45de
--- /dev/null
+++ b/retired/CVE-2021-46929
@@ -0,0 +1,16 @@
+Description: sctp: use call_rcu to free endpoint
+References:
+Notes:
+ carnil> Introduced in d25adbeb0cdb ("sctp: fix an use-after-free issue in
+ carnil> sctp_sock_dump"). Vulnerable versions: 4.14-rc1.
+Bugs:
+upstream: released (5.16-rc8) [5ec7d18d1813a5bead0b495045606c93873aecbb]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.90) [769d14abd35e0e153b5149c3e1e989a9d719e3ff]
+4.19-upstream-stable: released (4.19.224) [af6e6e58f7ebf86b4e7201694b1e4f3a62cbc3ec]
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/retired/CVE-2021-46930 b/retired/CVE-2021-46930
new file mode 100644
index 00000000..dd7540f9
--- /dev/null
+++ b/retired/CVE-2021-46930
@@ -0,0 +1,16 @@
+Description: usb: mtu3: fix list_head check warning
+References:
+Notes:
+ carnil> Introduced in 83374e035b62 ("usb: mtu3: add tracepoints to help debug").
+ carnil> Vulnerable versions: 5.2-rc1.
+Bugs:
+upstream: released (5.16-rc8) [8c313e3bfd9adae8d5c4ba1cc696dcbc86fbf9bf]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.90) [3b6efe0b7ba03cc2acf0694b46d6ff33c5b4c295]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46931 b/retired/CVE-2021-46931
new file mode 100644
index 00000000..3aed1e9a
--- /dev/null
+++ b/retired/CVE-2021-46931
@@ -0,0 +1,16 @@
+Description: net/mlx5e: Wrap the tx reporter dump callback to extract the sq
+References:
+Notes:
+ carnil> Introduced in 5f29458b77d5 ("net/mlx5e: Support dump callback in TX reporter").
+ carnil> Vulnerable versions: 5.7-rc1.
+Bugs:
+upstream: released (5.16-rc8) [918fc3855a6507a200e9cf22c20be852c0982687]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.90) [73665165b64a8f3c5b3534009a69be55bb744f05]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46932 b/retired/CVE-2021-46932
new file mode 100644
index 00000000..102701cf
--- /dev/null
+++ b/retired/CVE-2021-46932
@@ -0,0 +1,16 @@
+Description: Input: appletouch - initialize work before device registration
+References:
+Notes:
+ carnil> Introduced in 5a6eb676d3bc ("Input: appletouch - improve powersaving for
+ carnil> Geyser3 devices"). Vulnerable versions: 2.6.23-rc1.
+Bugs:
+upstream: released (5.16-rc8) [9f3ccdc3f6ef10084ceb3a47df0961bec6196fd0]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.90) [9f329d0d6c91142cf0ad08d23c72dd195db2633c]
+4.19-upstream-stable: released (4.19.224) [a02e1404e27855089d2b0a0acc4652c2ce65fe46]
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/retired/CVE-2021-46933 b/retired/CVE-2021-46933
new file mode 100644
index 00000000..c76401b0
--- /dev/null
+++ b/retired/CVE-2021-46933
@@ -0,0 +1,16 @@
+Description: usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear.
+References:
+Notes:
+ carnil> Introduced in 5e33f6fdf735 ("usb: gadget: ffs: add eventfd notification about
+ carnil> ffs events"). Vulnerable versions: 4.0-rc1.
+Bugs:
+upstream: released (5.16-rc8) [b1e0887379422975f237d43d8839b751a6bcf154]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.90) [1c4ace3e6b8575745c50dca9e76e0021e697d645]
+4.19-upstream-stable: released (4.19.224) [33f6a0cbb7772146e1c11f38028fffbfed14728b]
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/retired/CVE-2021-46934 b/retired/CVE-2021-46934
new file mode 100644
index 00000000..1a736ef4
--- /dev/null
+++ b/retired/CVE-2021-46934
@@ -0,0 +1,16 @@
+Description: i2c: validate user data in compat ioctl
+References:
+Notes:
+ carnil> Introduced in 7d5cb45655f2 ("i2c compat ioctls: move to ->compat_ioctl()").
+ carnil> Vulnerable versions: 4.15-rc1.
+Bugs:
+upstream: released (5.16-rc8) [bb436283e25aaf1533ce061605d23a9564447bdf]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.90) [8d31cbab4c295d7010ebb729e9d02d0e9cece18f]
+4.19-upstream-stable: released (4.19.224) [407c8708fb1bf2d4afc5337ef50635cf540c364b]
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/retired/CVE-2021-46935 b/retired/CVE-2021-46935
new file mode 100644
index 00000000..c60a4fb1
--- /dev/null
+++ b/retired/CVE-2021-46935
@@ -0,0 +1,16 @@
+Description: binder: fix async_free_space accounting for empty parcels
+References:
+Notes:
+ carnil> Introduced in 74310e06be4d ("android: binder: Move buffer out of area shared
+ carnil> with user space"). Vulnerable versions: 4.14-rc1.
+Bugs:
+upstream: released (5.16-rc8) [cfd0d84ba28c18b531648c9d4a35ecca89ad9901]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.90) [1cb8444f3114f0bb2f6e3bcadcf09aa4a28425d4]
+4.19-upstream-stable: released (4.19.224) [7c7064402609aeb6fb11be1b4ec10673ff17b593]
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/retired/CVE-2021-46936 b/retired/CVE-2021-46936
new file mode 100644
index 00000000..072ee178
--- /dev/null
+++ b/retired/CVE-2021-46936
@@ -0,0 +1,16 @@
+Description: net: fix use-after-free in tw_timer_handler
+References:
+Notes:
+ carnil> Introduced in 61a7e26028b9 ("mib: put net statistics on struct net").
+ carnil> Vulnerable versions: 2.6.27-rc1.
+Bugs:
+upstream: released (5.16-rc8) [e22e45fc9e41bf9fcc1e92cfb78eb92786728ef0]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.90) [2386e81a1d277f540e1285565c9d41d531bb69d4]
+4.19-upstream-stable: released (4.19.224) [a8e1944b44f94f5c5f530e434c5eaee787254566]
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/retired/CVE-2021-46937 b/retired/CVE-2021-46937
new file mode 100644
index 00000000..627e0921
--- /dev/null
+++ b/retired/CVE-2021-46937
@@ -0,0 +1,16 @@
+Description: mm/damon/dbgfs: fix 'struct pid' leaks in 'dbgfs_target_ids_write()'
+References:
+Notes:
+ carnil> Introduced in 4bc05954d007 ("mm/damon: implement a debugfs-based user space
+ carnil> interface"). Vulnerable versions: 5.15-rc1.
+Bugs:
+upstream: released (5.16-rc8) [ebb3f994dd92f8fb4d70c7541091216c1e10cb71]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46938 b/retired/CVE-2021-46938
new file mode 100644
index 00000000..a76546e8
--- /dev/null
+++ b/retired/CVE-2021-46938
@@ -0,0 +1,16 @@
+Description: dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails
+References:
+Notes:
+ carnil> Introduced in 1c357a1e86a4 ("dm: allocate blk_mq_tag_set rather than embed in
+ carnil> mapped_device"). Vulnerable versions: 4.6-rc1.
+Bugs:
+upstream: released (5.13-rc1) [8e947c8f4a5620df77e43c9c75310dc510250166]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.36) [1cb02dc76f4c0a2749a02b26469512d6984252e9]
+4.19-upstream-stable: released (4.19.191) [772b9f59657665af3b68d24d12b9d172d31f0dfb]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-46939 b/retired/CVE-2021-46939
new file mode 100644
index 00000000..587433fc
--- /dev/null
+++ b/retired/CVE-2021-46939
@@ -0,0 +1,19 @@
+Description: tracing: Restructure trace_clock_global() to never block
+References:
+Notes:
+ carnil> Introduced in b02414c8f045 ("ring-buffer: Fix recursion protection transitions
+ carnil> between interrupt context") # started showing the problem
+ carnil> 14131f2f98ac3 ("tracing: implement trace_clock_*() APIs") # where the bug
+ carnil> happened. Vulnerable versions: 2.6.30-rc1 4.4.244 4.9.244 4.14.207 4.19.156
+ carnil> 5.4.76 5.9.7 5.10-rc3.
+Bugs:
+upstream: released (5.13-rc1) [aafe104aa9096827a429bc1358f8260ee565b7cc]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.36) [a33614d52e97fc8077eb0b292189ca7d964cc534]
+4.19-upstream-stable: released (4.19.191) [d43d56dbf452ccecc1ec735cd4b6840118005d7c]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-46940 b/retired/CVE-2021-46940
new file mode 100644
index 00000000..fb368f55
--- /dev/null
+++ b/retired/CVE-2021-46940
@@ -0,0 +1,16 @@
+Description: tools/power turbostat: Fix offset overflow issue in index converting
+References:
+Notes:
+ carnil> Introduced in 9972d5d84d76 ("tools/power turbostat: Enable accumulate RAPL
+ carnil> display"). Vulnerable versions: 5.10-rc4.
+Bugs:
+upstream: released (5.13-rc1) [13a779de4175df602366d129e41782ad7168cef0]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.36) [ea6803ff2cd1a2d7d880256bf562172b708a76ff]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46942 b/retired/CVE-2021-46942
new file mode 100644
index 00000000..abc4b8d4
--- /dev/null
+++ b/retired/CVE-2021-46942
@@ -0,0 +1,16 @@
+Description: io_uring: fix shared sqpoll cancellation hangs
+References:
+Notes:
+ carnil> Introduced in 37d1e2e3642e2 ("io_uring: move SQPOLL thread io-wq forked
+ carnil> worker"). Vulnerable versions: 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc1) [734551df6f9bedfbefcd113ede665945e9de0b99]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46943 b/retired/CVE-2021-46943
new file mode 100644
index 00000000..05682f25
--- /dev/null
+++ b/retired/CVE-2021-46943
@@ -0,0 +1,16 @@
+Description: media: staging/intel-ipu3: Fix set_fmt error handling
+References:
+Notes:
+ carnil> Introduced in 6d5f26f2e045 ("media: staging/intel-ipu3-v4l: reduce kernel stack
+ carnil> usage"). Vulnerable versions: 5.2-rc1.
+Bugs:
+upstream: released (5.13-rc1) [ad91849996f9dd79741a961fd03585a683b08356]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.36) [c6b81b897f6f9445d57f8d47c4e060ec21556137]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46944 b/retired/CVE-2021-46944
new file mode 100644
index 00000000..68c16382
--- /dev/null
+++ b/retired/CVE-2021-46944
@@ -0,0 +1,16 @@
+Description: media: staging/intel-ipu3: Fix memory leak in imu_fmt
+References:
+Notes:
+ carnil> Introduced in 6d5f26f2e045 ("media: staging/intel-ipu3-v4l: reduce kernel stack
+ carnil> usage"). Vulnerable versions: 5.2-rc1.
+Bugs:
+upstream: released (5.13-rc1) [3630901933afba1d16c462b04d569b7576339223]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.36) [517f6f570566a863c2422b843c8b7d099474f6a9]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46945 b/retired/CVE-2021-46945
new file mode 100644
index 00000000..40e220f2
--- /dev/null
+++ b/retired/CVE-2021-46945
@@ -0,0 +1,16 @@
+Description: ext4: always panic when errors=panic is specified
+References:
+Notes:
+ carnil> Introduced in 014c9caa29d3 ("ext4: make ext4_abort() use __ext4_error()").
+ carnil> Vulnerable versions: 5.11-rc1.
+Bugs:
+upstream: released (5.13-rc1) [ac2f7ca51b0929461ea49918f27c11b680f28995]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46947 b/retired/CVE-2021-46947
new file mode 100644
index 00000000..172b8859
--- /dev/null
+++ b/retired/CVE-2021-46947
@@ -0,0 +1,16 @@
+Description: sfc: adjust efx->xdp_tx_queue_count with the real number of initialized queues
+References:
+Notes:
+ carnil> Introduced in e26ca4b53582 ("sfc: reduce the number of requested xdp ev
+ carnil> queues"). Vulnerable versions: 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc1) [99ba0ea616aabdc8e26259fd722503e012199a76]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46948 b/retired/CVE-2021-46948
new file mode 100644
index 00000000..0e487f70
--- /dev/null
+++ b/retired/CVE-2021-46948
@@ -0,0 +1,16 @@
+Description: sfc: farch: fix TX queue lookup in TX event handling
+References:
+Notes:
+ carnil> Introduced in 12804793b17c ("sfc: decouple TXQ type from label"). Vulnerable
+ carnil> versions: 5.10-rc1.
+Bugs:
+upstream: released (5.13-rc1) [83b09a1807415608b387c7bc748d329fefc5617e]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.36) [bf2b941d0a6f2d3b9f5fa3c4c21bdd54f71ce253]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46949 b/retired/CVE-2021-46949
new file mode 100644
index 00000000..2c3d3078
--- /dev/null
+++ b/retired/CVE-2021-46949
@@ -0,0 +1,16 @@
+Description: sfc: farch: fix TX queue lookup in TX flush done handling
+References:
+Notes:
+ carnil> Introduced in 12804793b17c ("sfc: decouple TXQ type from label"). Vulnerable
+ carnil> versions: 5.10-rc1.
+Bugs:
+upstream: released (5.13-rc1) [5b1faa92289b53cad654123ed2bc8e10f6ddd4ac]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.36) [fb791572d6747ef385f628450f8d57cd132e6e5a]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46950 b/retired/CVE-2021-46950
new file mode 100644
index 00000000..c4334272
--- /dev/null
+++ b/retired/CVE-2021-46950
@@ -0,0 +1,16 @@
+Description: md/raid1: properly indicate failure when ending a failed write request
+References:
+Notes:
+ carnil> Introduced in eeba6809d8d5 ("md/raid1: end bio when the device faulty").
+ carnil> Vulnerable versions: 4.14.147 4.19.77 5.2.19 5.3.4 5.4-rc1.
+Bugs:
+upstream: released (5.13-rc1) [2417b9869b81882ab90fd5ed1081a1cb2d4db1dd]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.36) [661061a45e32d8b2cc0e306da9f169ad44011382]
+4.19-upstream-stable: released (4.19.191) [a6e17cab00fc5bf85472434c52ac751426257c6f]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-46951 b/retired/CVE-2021-46951
new file mode 100644
index 00000000..5ddb03d0
--- /dev/null
+++ b/retired/CVE-2021-46951
@@ -0,0 +1,16 @@
+Description: tpm: efi: Use local variable for calculating final log size
+References:
+Notes:
+ carnil> Introduced in 166a2809d65b ("tpm: Don't duplicate events from the final event
+ carnil> log in the TCG2 log"). Vulnerable versions: 5.3-rc1.
+Bugs:
+upstream: released (5.13-rc1) [48cff270b037022e37835d93361646205ca25101]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.36) [60a01ecc9f68067e4314a0b55148e39e5d58a51b]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46952 b/retired/CVE-2021-46952
new file mode 100644
index 00000000..2b4319db
--- /dev/null
+++ b/retired/CVE-2021-46952
@@ -0,0 +1,16 @@
+Description: NFS: fs_context: validate UDP retrans to prevent shift out-of-bounds
+References:
+Notes:
+ carnil> Introduced in 9954bf92c0cd ("NFS: Move mount parameterisation bits into their
+ carnil> own file"). Vulnerable versions: 5.6-rc1.
+Bugs:
+upstream: released (5.13-rc1) [c09f11ef35955785f92369e25819bf0629df2e59]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.36) [96fa26b74cdcf9f5c98996bf36bec9fb5b19ffe2]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46953 b/retired/CVE-2021-46953
new file mode 100644
index 00000000..8c41e6de
--- /dev/null
+++ b/retired/CVE-2021-46953
@@ -0,0 +1,16 @@
+Description: ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure
+References:
+Notes:
+ carnil> Introduced in ca9ae5ec4ef0 ("acpi/arm64: Add SBSA Generic Watchdog support in
+ carnil> GTDT driver"). Vulnerable versions: 4.12-rc1.
+Bugs:
+upstream: released (5.13-rc1) [1ecd5b129252249b9bc03d7645a7bda512747277]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.36) [e0f2d86481eaa83df33b0793f75212919db7a19d]
+4.19-upstream-stable: released (4.19.191) [7b2162db1498c71962a4bb2f776fa4e76d4d305b]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-46954 b/retired/CVE-2021-46954
new file mode 100644
index 00000000..a7731117
--- /dev/null
+++ b/retired/CVE-2021-46954
@@ -0,0 +1,16 @@
+Description: net/sched: sch_frag: fix stack OOB read while fragmenting IPv4 packets
+References:
+Notes:
+ carnil> Introduced in c129412f74e9 ("net/sched: sch_frag: add generic packet fragment
+ carnil> support."). Vulnerable versions: 5.11-rc1.
+Bugs:
+upstream: released (5.13-rc1) [31fe34a0118e0acc958c802e830ad5d37ef6b1d3]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46955 b/retired/CVE-2021-46955
new file mode 100644
index 00000000..4ab2a104
--- /dev/null
+++ b/retired/CVE-2021-46955
@@ -0,0 +1,17 @@
+Description: openvswitch: fix stack OOB read while fragmenting IPv4 packets
+References:
+Notes:
+ carnil> Introduced in d52e5a7e7ca4 ("ipv4: lock mtu in fnhe when received PMTU <
+ carnil> net.ipv4.route.min_pmt"). Vulnerable versions: 3.16.57 4.4.134 4.9.104 4.14.45
+ carnil> 4.16-rc7.
+Bugs:
+upstream: released (5.13-rc1) [7c0ea5930c1c211931819d83cfb157bff1539a4c]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.36) [a1478374b0bda89b4277a8afd39208271faad4be]
+4.19-upstream-stable: released (4.19.191) [df9e900de24637be41879e2c50afb713ec4e8b2e]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-46956 b/retired/CVE-2021-46956
new file mode 100644
index 00000000..02cd88f7
--- /dev/null
+++ b/retired/CVE-2021-46956
@@ -0,0 +1,16 @@
+Description: virtiofs: fix memory leak in virtio_fs_probe()
+References:
+Notes:
+ carnil> Introduced in a62a8ef9d97d ("virtio-fs: add virtiofs filesystem"). Vulnerable
+ carnil> versions: 5.4-rc1.
+Bugs:
+upstream: released (5.13-rc1) [c79c5e0178922a9e092ec8fed026750f39dcaef4]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.36) [d19555ff225d0896a33246a49279e6d578095f15]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46957 b/retired/CVE-2021-46957
new file mode 100644
index 00000000..468ff7b4
--- /dev/null
+++ b/retired/CVE-2021-46957
@@ -0,0 +1,16 @@
+Description: riscv/kprobe: fix kernel panic when invoking sys_read traced by kprobe
+References:
+Notes:
+ carnil> Introduced in c22b0bcb1dd02 ("riscv: Add kprobes supported"). Vulnerable
+ carnil> versions: 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc1) [b1ebaa0e1318494a7637099a26add50509e37964]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46958 b/retired/CVE-2021-46958
new file mode 100644
index 00000000..4cec7d4c
--- /dev/null
+++ b/retired/CVE-2021-46958
@@ -0,0 +1,16 @@
+Description: btrfs: fix race between transaction aborts and fsyncs leading to use-after-free
+References:
+Notes:
+ carnil> Introduced in ef67963dac255b ("btrfs: drop logs when we've aborted a
+ carnil> transaction"). Vulnerable versions: 5.7-rc4.
+Bugs:
+upstream: released (5.13-rc1) [061dde8245356d8864d29e25207aa4daa0be4d3c]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.36) [a4794be7b00b7eda4b45fffd283ab7d76df7e5d6]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46959 b/retired/CVE-2021-46959
new file mode 100644
index 00000000..4f0dd358
--- /dev/null
+++ b/retired/CVE-2021-46959
@@ -0,0 +1,17 @@
+Description: spi: Fix use-after-free with devm_spi_alloc_*
+References:
+Notes:
+ carnil> Introduced in 5e844cc37a5c ("spi: Introduce device-managed SPI controller
+ carnil> allocation"). Vulnerable versions: 4.4.248 4.9.248 4.14.212 4.19.163 5.4.80
+ carnil> 5.9.11 5.10-rc5.
+Bugs:
+upstream: released (5.13-rc1) [794aaf01444d4e765e2b067cba01cc69c1c68ed9]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [c7fabe372a9031acd00498bc718ce27c253abfd1]
+4.19-upstream-stable: released (4.19.191) [28a5529068c51cdf0295ab1e11a99a3a909a03e4]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-46960 b/retired/CVE-2021-46960
new file mode 100644
index 00000000..bbe34c98
--- /dev/null
+++ b/retired/CVE-2021-46960
@@ -0,0 +1,16 @@
+Description: cifs: Return correct error code from smb2_get_enc_key
+References:
+Notes:
+ carnil> Introduced in 61cfac6f267d ("CIFS: Fix possible use after free in demultiplex
+ carnil> thread"). Vulnerable versions: 4.11-rc1.
+Bugs:
+upstream: released (5.13-rc1) [83728cbf366e334301091d5b808add468ab46b27]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.36) [aaa0faa5c28a91c362352d6b35dc3ed10df56fb0]
+4.19-upstream-stable: released (4.19.191) [e486f8397f3f14a7cadc166138141fdb14379a54]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-46961 b/retired/CVE-2021-46961
new file mode 100644
index 00000000..ca16f572
--- /dev/null
+++ b/retired/CVE-2021-46961
@@ -0,0 +1,17 @@
+Description: irqchip/gic-v3: Do not enable irqs when handling spurious interrups
+References:
+Notes:
+ carnil> Introduced in 3f1f3234bc2d ("irqchip/gic-v3: Switch to PMR masking before
+ carnil> calling IRQ handler")
+ carnil> Vulnerable versions: 5.1-rc1.
+Bugs:
+upstream: released (5.13-rc1) [a97709f563a078e259bf0861cd259aa60332890a]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.36) [7be4db5c2b59fa77071c93ca4329876fb9777202]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46962 b/retired/CVE-2021-46962
new file mode 100644
index 00000000..959131a2
--- /dev/null
+++ b/retired/CVE-2021-46962
@@ -0,0 +1,16 @@
+Description: mmc: uniphier-sd: Fix a resource leak in the remove function
+References:
+Notes:
+ carnil> Introduced in 3fd784f745dd ("mmc: uniphier-sd: add UniPhier SD/eMMC controller
+ carnil> driver"). Vulnerable versions: 4.20-rc1.
+Bugs:
+upstream: released (5.13-rc1) [e29c84857e2d51aa017ce04284b962742fb97d9e]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.36) [25ac6ce65f1ab458982d15ec1caf441acd37106a]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46963 b/retired/CVE-2021-46963
new file mode 100644
index 00000000..d3a50a0b
--- /dev/null
+++ b/retired/CVE-2021-46963
@@ -0,0 +1,16 @@
+Description: scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand()
+References:
+Notes:
+ carnil> Introduced in af2a0c51b120 ("scsi: qla2xxx: Fix SRB leak on switch command
+ carnil> timeout"). Vulnerable versions: 4.19.90 5.3.17 5.4.4 5.5-rc1.
+Bugs:
+upstream: released (5.13-rc1) [6641df81ab799f28a5d564f860233dd26cca0d93]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.36) [702cdaa2c6283c135ef16d52e0e4e3c1005aa538]
+4.19-upstream-stable: released (4.19.191) [c5ab9b67d8b061de74e2ca51bf787ee599bd7f89]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-46964 b/retired/CVE-2021-46964
new file mode 100644
index 00000000..a44dddbe
--- /dev/null
+++ b/retired/CVE-2021-46964
@@ -0,0 +1,16 @@
+Description: scsi: qla2xxx: Reserve extra IRQ vectors
+References:
+Notes:
+ carnil> Introduced in a6dcfe08487e ("scsi: qla2xxx: Limit interrupt vectors to number
+ carnil> of CPUs"). Vulnerable versions: 5.11-rc1.
+Bugs:
+upstream: released (5.13-rc1) [f02d4086a8f36a0e1aaebf559b54cf24a177a486]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46965 b/retired/CVE-2021-46965
new file mode 100644
index 00000000..7e7954cc
--- /dev/null
+++ b/retired/CVE-2021-46965
@@ -0,0 +1,16 @@
+Description: mtd: physmap: physmap-bt1-rom: Fix unintentional stack access
+References:
+Notes:
+ carnil> Introduced in b3e79e7682e0 ("mtd: physmap: Add Baikal-T1 physically mapped ROM
+ carnil> support"). Vulnerable versions: 5.10-rc1.
+Bugs:
+upstream: released (5.13-rc1) [683313993dbe1651c7aa00bb42a041d70e914925]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.36) [34ec706bf0b7c4ca249a729c1bcb91f706c7a7be]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46966 b/retired/CVE-2021-46966
new file mode 100644
index 00000000..45f0aa8c
--- /dev/null
+++ b/retired/CVE-2021-46966
@@ -0,0 +1,16 @@
+Description: ACPI: custom_method: fix potential use-after-free issue
+References:
+Notes:
+ carnil> Introduced in 03d1571d9513 ("ACPI: custom_method: fix memory leaks").
+ carnil> Vulnerable versions: 4.4.195 4.9.195 4.14.147 4.19.77 5.2.19 5.3.4 5.4-rc1.
+Bugs:
+upstream: released (5.13-rc1) [e483bb9a991bdae29a0caa4b3a6d002c968f94aa]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.36) [62dc2440ebb552aa0d7f635e1697e077d9d21203]
+4.19-upstream-stable: released (4.19.191) [a5b26a2e362f572d87e9fd35435680e557052a17]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-46967 b/retired/CVE-2021-46967
new file mode 100644
index 00000000..850fecfd
--- /dev/null
+++ b/retired/CVE-2021-46967
@@ -0,0 +1,16 @@
+Description: vhost-vdpa: fix vm_flags for virtqueue doorbell mapping
+References:
+Notes:
+ carnil> Introduced in ddd89d0a059d ("vhost_vdpa: support doorbell mapping via mmap").
+ carnil> Vulnerable versions: 5.8-rc1.
+Bugs:
+upstream: released (5.13-rc1) [3a3e0fad16d40a2aa68ddf7eea4acdf48b22dd44]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.36) [3b8b6399666a29daa30b0bb3f5c9e3fc81c5a6a6]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46968 b/retired/CVE-2021-46968
new file mode 100644
index 00000000..d63e1827
--- /dev/null
+++ b/retired/CVE-2021-46968
@@ -0,0 +1,16 @@
+Description: s390/zcrypt: fix zcard and zqueue hot-unplug memleak
+References:
+Notes:
+ carnil> Introduced in 29c2680fd2bf ("s390/ap: fix ap devices reference counting").
+ carnil> Vulnerable versions: 5.10-rc3.
+Bugs:
+upstream: released (5.13-rc1) [70fac8088cfad9f3b379c9082832b4d7532c16c2]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.36) [026499a9c2e002e621ad568d1378324ae97e5524]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46969 b/retired/CVE-2021-46969
new file mode 100644
index 00000000..ee580941
--- /dev/null
+++ b/retired/CVE-2021-46969
@@ -0,0 +1,16 @@
+Description: bus: mhi: core: Fix invalid error returning in mhi_queue
+References:
+Notes:
+ carnil> Introduced in a8f75cb348fd ("mhi: core: Factorize mhi queuing"). Vulnerable
+ carnil> versions: 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc1) [0ecc1c70dcd32c0f081b173a1a5d89952686f271]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46970 b/retired/CVE-2021-46970
new file mode 100644
index 00000000..e92506e4
--- /dev/null
+++ b/retired/CVE-2021-46970
@@ -0,0 +1,16 @@
+Description: bus: mhi: pci_generic: Remove WQ_MEM_RECLAIM flag from state workqueue
+References:
+Notes:
+ carnil> Introduced in 8f7039787687 ("bus: mhi: core: Move to using high priority
+ carnil> workqueue"). Vulnerable versions: 5.11-rc1.
+Bugs:
+upstream: released (5.13-rc1) [0fccbf0a3b690b162f53b13ed8bc442ea33437dc]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46971 b/retired/CVE-2021-46971
new file mode 100644
index 00000000..e1746950
--- /dev/null
+++ b/retired/CVE-2021-46971
@@ -0,0 +1,16 @@
+Description: perf/core: Fix unconditional security_locked_down() call
+References:
+Notes:
+ carnil> Introduced in b0c8fdc7fdb7 ("lockdown: Lock down perf when in confidentiality
+ carnil> mode"). Vulnerable versions: 5.4-rc1.
+Bugs:
+upstream: released (5.13-rc1) [08ef1af4de5fe7de9c6d69f1e22e51b66e385d9b]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.35) [4348d3b5027bc3ff6336368b6c60605d4ef8e1ce]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46972 b/retired/CVE-2021-46972
new file mode 100644
index 00000000..47288dbe
--- /dev/null
+++ b/retired/CVE-2021-46972
@@ -0,0 +1,16 @@
+Description: ovl: fix leaked dentry
+References:
+Notes:
+ carnil> Introduced in 6815f479ca90 ("ovl: use only uppermetacopy state in
+ carnil> ovl_lookup()"). Vulnerable versions: 5.8-rc1.
+Bugs:
+upstream: released (5.13-rc1) [eaab1d45cdb4bb0c846bd23c3d666d5b90af7b41]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.35) [71d58457a8afc650da5d3292a7f7029317654d95]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46973 b/retired/CVE-2021-46973
new file mode 100644
index 00000000..fadde52a
--- /dev/null
+++ b/retired/CVE-2021-46973
@@ -0,0 +1,16 @@
+Description: net: qrtr: Avoid potential use after free in MHI send
+References:
+Notes:
+ carnil> Introduced in 6e728f321393 ("net: qrtr: Add MHI transport layer"). Vulnerable
+ carnil> versions: 5.8-rc1.
+Bugs:
+upstream: released (5.13-rc1) [47a017f33943278570c072bc71681809b2567b3a]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.35) [48ec949ac979b4b42d740f67b6177797af834f80]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46974 b/retired/CVE-2021-46974
new file mode 100644
index 00000000..e48d9f75
--- /dev/null
+++ b/retired/CVE-2021-46974
@@ -0,0 +1,16 @@
+Description: bpf: Fix masking negation logic upon negative dst register
+References:
+Notes:
+ carnil> Introduced in 979d63d50c0c ("bpf: prevent out of bounds speculation on pointer
+ carnil> arithmetic"). Vulnerable versions: 4.14.113 4.19.19 4.20.6 5.0-rc1.
+Bugs:
+upstream: released (5.13-rc1) [b9b34ddbe2076ade359cd5ce7537d5ed019e9807]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.35) [2cfa537674cd1051a3b8111536d77d0558f33d5d]
+4.19-upstream-stable: released (4.19.190) [0e2dfdc74a7f4036127356d42ea59388f153f42c]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-46976 b/retired/CVE-2021-46976
new file mode 100644
index 00000000..f13b1b8b
--- /dev/null
+++ b/retired/CVE-2021-46976
@@ -0,0 +1,16 @@
+Description: drm/i915: Fix crash in auto_retire
+References:
+Notes:
+ carnil> Introduced in 229007e02d69 ("drm/i915: Wrap i915_active in a simple kreffed
+ carnil> struct"). Vulnerable versions: 5.8-rc1.
+Bugs:
+upstream: released (5.13-rc2) [402be8a101190969fc7ff122d07e262df86e132b]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [805c990a9c54b9451d3daff640b850909c31ab9d]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46977 b/retired/CVE-2021-46977
new file mode 100644
index 00000000..a225085c
--- /dev/null
+++ b/retired/CVE-2021-46977
@@ -0,0 +1,16 @@
+Description: KVM: VMX: Disable preemption when probing user return MSRs
+References:
+Notes:
+ carnil> Introduced in 4be534102624 ("KVM: VMX: Initialize vmx->guest_msrs[] right after
+ carnil> allocation"). Vulnerable versions: 5.5-rc1.
+Bugs:
+upstream: released (5.13-rc2) [5104d7ffcf24749939bea7fdb5378d186473f890]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [31f29749ee970c251b3a7e5b914108425940d089]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46978 b/retired/CVE-2021-46978
new file mode 100644
index 00000000..88f3d3ce
--- /dev/null
+++ b/retired/CVE-2021-46978
@@ -0,0 +1,16 @@
+Description: KVM: nVMX: Always make an attempt to map eVMCS after migration
+References:
+Notes:
+ carnil> Introduced in f2c7ef3ba955 ("KVM: nSVM: cancel KVM_REQ_GET_NESTED_STATE_PAGES
+ carnil> on nested vmexit"). Vulnerable versions: 5.10.13 5.11-rc3.
+Bugs:
+upstream: released (5.13-rc2) [f5c7e8425f18fdb9bdb7d13340651d7876890329]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [c8bf64e3fb77cc19bad146fbe26651985b117194]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46979 b/retired/CVE-2021-46979
new file mode 100644
index 00000000..3fda350d
--- /dev/null
+++ b/retired/CVE-2021-46979
@@ -0,0 +1,16 @@
+Description: iio: core: fix ioctl handlers removal
+References:
+Notes:
+ carnil> Introduced in 8dedcc3eee3ac ("iio: core: centralize ioctl() calls to the main
+ carnil> chardev"). Vulnerable versions: 5.11-rc1.
+Bugs:
+upstream: released (5.13-rc2) [901f84de0e16bde10a72d7eb2f2eb73fcde8fa1a]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46980 b/retired/CVE-2021-46980
new file mode 100644
index 00000000..e420fb7e
--- /dev/null
+++ b/retired/CVE-2021-46980
@@ -0,0 +1,18 @@
+Description: usb: typec: ucsi: Retrieve all the PDOs instead of just the first 4
+References:
+Notes:
+ carnil> Introduced in 992a60ed0d5e ("usb: typec: ucsi: register with power_supply
+ carnil> class")
+ carnil> 4dbc6a4ef06d ("usb: typec: ucsi: save power data objects in PD mode").
+ carnil> Vulnerable versions: 5.8-rc1.
+Bugs:
+upstream: released (5.13-rc2) [1f4642b72be79757f050924a9b9673b6a02034bc]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [e5366bea0277425e1868ba20eeb27c879d5a6e2d]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46982 b/retired/CVE-2021-46982
new file mode 100644
index 00000000..443a12eb
--- /dev/null
+++ b/retired/CVE-2021-46982
@@ -0,0 +1,16 @@
+Description: f2fs: compress: fix race condition of overwrite vs truncate
+References:
+Notes:
+ carnil> Introduced in 4c8ff7095bef ("f2fs: support data compression"). Vulnerable
+ carnil> versions: 5.6-rc1.
+Bugs:
+upstream: released (5.13-rc2) [a949dc5f2c5cfe0c910b664650f45371254c0744]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [5639b73fd3bc6fc8ca72e3a9ac15aacaabd7ebff]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46983 b/retired/CVE-2021-46983
new file mode 100644
index 00000000..24016075
--- /dev/null
+++ b/retired/CVE-2021-46983
@@ -0,0 +1,16 @@
+Description: nvmet-rdma: Fix NULL deref when SEND is completed with error
+References:
+Notes:
+ carnil> Introduced in ca0f1a8055be2 ("nvmet-rdma: use new shared CQ mechanism").
+ carnil> Vulnerable versions: 5.9-rc1.
+Bugs:
+upstream: released (5.13-rc2) [8cc365f9559b86802afc0208389f5c8d46b4ad61]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [64f3410c7bfc389b1a58611d0799f4a36ce4b6b5]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46985 b/retired/CVE-2021-46985
new file mode 100644
index 00000000..b325d2e4
--- /dev/null
+++ b/retired/CVE-2021-46985
@@ -0,0 +1,16 @@
+Description: ACPI: scan: Fix a memory leak in an error handling path
+References:
+Notes:
+ carnil> Introduced in eb50aaf960e3 ("ACPI: scan: Use unique number for instance_no").
+ carnil> Vulnerable versions: 4.9.264 4.14.228 4.19.184 5.4.109 5.10.27 5.11.11 5.12-rc5.
+Bugs:
+upstream: released (5.13-rc2) [0c8bd174f0fc131bc9dfab35cd8784f59045da87]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [e2381174daeae0ca35eddffef02dcc8de8c1ef8a]
+4.19-upstream-stable: released (4.19.191) [69cc821e89ce572884548ac54c4f80eec7a837a5]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-46986 b/retired/CVE-2021-46986
new file mode 100644
index 00000000..ad09dd9b
--- /dev/null
+++ b/retired/CVE-2021-46986
@@ -0,0 +1,16 @@
+Description: usb: dwc3: gadget: Free gadget structure only after freeing endpoints
+References:
+Notes:
+ carnil> Introduced in e81a7018d93a ("usb: dwc3: allocate gadget structure
+ carnil> dynamically"). Vulnerable versions: 5.10-rc1.
+Bugs:
+upstream: released (5.13-rc2) [bb9c74a5bd1462499fe5ccb1e3c5ac40dcfa9139]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [1ea775021282d90e1d08d696b7ab54aa75d688e5]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46988 b/retired/CVE-2021-46988
new file mode 100644
index 00000000..2c1d5964
--- /dev/null
+++ b/retired/CVE-2021-46988
@@ -0,0 +1,16 @@
+Description: userfaultfd: release page in error path to avoid BUG_ON
+References:
+Notes:
+ carnil> Introduced in cb658a453b93 ("userfaultfd: shmem: avoid leaking blocks and used
+ carnil> blocks in UFFDIO_COPY"). Vulnerable versions: 4.11-rc1.
+Bugs:
+upstream: released (5.13-rc2) [7ed9d238c7dbb1fdb63ad96a6184985151b0171c]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [140cfd9980124aecb6c03ef2e69c72d0548744de]
+4.19-upstream-stable: released (4.19.191) [07c9b834c97d0fa3402fb7f3f3b32df370a6ff1f]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-46989 b/retired/CVE-2021-46989
new file mode 100644
index 00000000..7a3877bb
--- /dev/null
+++ b/retired/CVE-2021-46989
@@ -0,0 +1,16 @@
+Description: hfsplus: prevent corruption in shrinking truncate
+References:
+Notes:
+ carnil> Introduced in 31651c607151f ("hfsplus: avoid deadlock on file truncation").
+ carnil> Vulnerable versions: 4.19-rc1.
+Bugs:
+upstream: released (5.13-rc2) [c3187cf32216313fb316084efac4dab3a8459b1d]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [adbd8a2a8cc05d9e501f93e5c95c59307874cc99]
+4.19-upstream-stable: released (4.19.191) [52dde855663e5db824af51db39b5757d2ef3e28a]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46990 b/retired/CVE-2021-46990
new file mode 100644
index 00000000..c8e35526
--- /dev/null
+++ b/retired/CVE-2021-46990
@@ -0,0 +1,16 @@
+Description: powerpc/64s: Fix crashes when toggling entry flush barrier
+References:
+Notes:
+ carnil> Introduced in f79643787e0a ("powerpc/64s: flush L1D on kernel entry").
+ carnil> Vulnerable versions: 4.4.245 4.9.245 4.14.208 4.19.159 5.4.79 5.9.10 5.10-rc5.
+Bugs:
+upstream: released (5.13-rc2) [aec86b052df6541cc97c5fca44e5934cbea4963b]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [d2e3590ca39ccfd8a5a46d8c7f095cb6c7b9ae92]
+4.19-upstream-stable: released (4.19.191) [2db22ba4e0e103f00e0512e0ecce36ac78c644f8]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-46991 b/retired/CVE-2021-46991
new file mode 100644
index 00000000..efd42c49
--- /dev/null
+++ b/retired/CVE-2021-46991
@@ -0,0 +1,16 @@
+Description: i40e: Fix use-after-free in i40e_client_subtask()
+References:
+Notes:
+ carnil> Introduced in 7b0b1a6d0ac9 ("i40e: Disable iWARP VSI PETCP_ENA flag on netdev
+ carnil> down events"). Vulnerable versions: 4.16-rc1.
+Bugs:
+upstream: released (5.13-rc1) [38318f23a7ef86a8b1862e5e8078c4de121960c3]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [829a713450b8fb127cbabfc1244c1d8179ec5107]
+4.19-upstream-stable: released (4.19.191) [c1322eaeb8af0d8985b5cc5fa759140fa0e57b84]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-46992 b/retired/CVE-2021-46992
new file mode 100644
index 00000000..f1d9fc8b
--- /dev/null
+++ b/retired/CVE-2021-46992
@@ -0,0 +1,16 @@
+Description: netfilter: nftables: avoid overflows in nft_hash_buckets()
+References:
+Notes:
+ carnil> Introduced in 0ed6389c483d ("netfilter: nf_tables: rename set
+ carnil> implementations"). Vulnerable versions: 4.9-rc1.
+Bugs:
+upstream: released (5.13-rc1) [a54754ec9891830ba548e2010c889e3c8146e449]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [72b49dd116ca00a46a11d5a4d8d7987f05ed9cd7]
+4.19-upstream-stable: released (4.19.191) [efcd730ddd6f25578bd31bfe703e593e2421d708]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-46993 b/retired/CVE-2021-46993
new file mode 100644
index 00000000..44dfca42
--- /dev/null
+++ b/retired/CVE-2021-46993
@@ -0,0 +1,16 @@
+Description: sched: Fix out-of-bound access in uclamp
+References:
+Notes:
+ carnil> Introduced in 69842cba9ace ("sched/uclamp: Add CPU's clamp buckets
+ carnil> refcounting"). Vulnerable versions: 5.3-rc1.
+Bugs:
+upstream: released (5.13-rc1) [6d2f8909a5fabb73fe2a63918117943986c39b6c]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [f7347c85490b92dd144fa1fba9e1eca501656ab3]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46994 b/retired/CVE-2021-46994
new file mode 100644
index 00000000..99f51c44
--- /dev/null
+++ b/retired/CVE-2021-46994
@@ -0,0 +1,16 @@
+Description: can: mcp251x: fix resume from sleep before interface was brought up
+References:
+Notes:
+ carnil> Introduced in 8ce8c0abcba3 ("can: mcp251x: only reset hardware as required").
+ carnil> Vulnerable versions: 5.5-rc1.
+Bugs:
+upstream: released (5.13-rc1) [03c427147b2d3e503af258711af4fc792b89b0af]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [eecb4df8ec9f896b19ee05bfa632ac6c1dcd8f21]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46995 b/retired/CVE-2021-46995
new file mode 100644
index 00000000..c6ab8bb6
--- /dev/null
+++ b/retired/CVE-2021-46995
@@ -0,0 +1,16 @@
+Description: can: mcp251xfd: mcp251xfd_probe(): fix an error pointer dereference in probe
+References:
+Notes:
+ carnil> Introduced in cf8ee6de2543 ("can: mcp251xfd: mcp251xfd_probe(): use
+ carnil> dev_err_probe() to simplify error handling"). Vulnerable versions: 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc1) [4cc7faa406975b460aa674606291dea197c1210c]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46996 b/retired/CVE-2021-46996
new file mode 100644
index 00000000..f47d0143
--- /dev/null
+++ b/retired/CVE-2021-46996
@@ -0,0 +1,16 @@
+Description: netfilter: nftables: Fix a memleak from userdata error path in new objects
+References:
+Notes:
+ carnil> Introduced in b131c96496b3 ("netfilter: nf_tables: add userdata support for
+ carnil> nft_object"). Vulnerable versions: 5.10-rc1.
+Bugs:
+upstream: released (5.13-rc1) [85dfd816fabfc16e71786eda0a33a7046688b5b0]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [2c784a500f5edd337258b0fdb2f31bc9abde1a23]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46997 b/retired/CVE-2021-46997
new file mode 100644
index 00000000..a6b31cfb
--- /dev/null
+++ b/retired/CVE-2021-46997
@@ -0,0 +1,20 @@
+Description: arm64: entry: always set GIC_PRIO_PSR_I_SET during entry
+References:
+Notes:
+ carnil> Introduced in 23529049c684 ("arm64: entry: fix non-NMI user<->kernel
+ carnil> transitions")
+ carnil> 7cd1ea1010ac ("arm64: entry: fix non-NMI kernel<->kernel transitions")
+ carnil> f0cd5ac1e4c5 ("arm64: entry: fix NMI {user, kernel}->kernel transitions")
+ carnil> 2a9b3e6ac69a ("arm64: entry: fix EL1 debug transitions"). Vulnerable versions:
+ carnil> 5.10-rc7.
+Bugs:
+upstream: released (5.13-rc1) [4d6a38da8e79e94cbd1344aa90876f0f805db705]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [51524fa8b5f7b879ba569227738375d283b79382]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46998 b/retired/CVE-2021-46998
new file mode 100644
index 00000000..25a6480a
--- /dev/null
+++ b/retired/CVE-2021-46998
@@ -0,0 +1,16 @@
+Description: ethernet:enic: Fix a use after free bug in enic_hard_start_xmit
+References:
+Notes:
+ carnil> Introduced in fb7516d42478e ("enic: add sw timestamp support"). Vulnerable
+ carnil> versions: 4.16-rc1.
+Bugs:
+upstream: released (5.13-rc1) [643001b47adc844ae33510c4bb93c236667008a3]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [7afdd6aba95c8a526038e7abe283eeac3e4320f1]
+4.19-upstream-stable: released (4.19.191) [25a87b1f566b5eb2af2857a928f0e2310d900976]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-46999 b/retired/CVE-2021-46999
new file mode 100644
index 00000000..ee21f385
--- /dev/null
+++ b/retired/CVE-2021-46999
@@ -0,0 +1,16 @@
+Description: sctp: do asoc update earlier in sctp_sf_do_dupcook_a
+References:
+Notes:
+ carnil> Introduced in 145cb2f7177d ("sctp: Fix bundling of SHUTDOWN with COOKIE-ACK").
+ carnil> Vulnerable versions: 4.19.123 5.4.41 5.6.13 5.7-rc3.
+Bugs:
+upstream: released (5.13-rc1) [35b4f24415c854cd718ccdf38dbea6297f010aae]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [f01988ecf3654f805282dce2d3bb9afe68d2691e]
+4.19-upstream-stable: released (4.19.191) [d624f2991b977821375fbd56c91b0c91d456a697]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47000 b/retired/CVE-2021-47000
new file mode 100644
index 00000000..60b792c1
--- /dev/null
+++ b/retired/CVE-2021-47000
@@ -0,0 +1,16 @@
+Description: ceph: fix inode leak on getattr error in __fh_to_dentry
+References:
+Notes:
+ carnil> Introduced in 878dabb64117 ("ceph: don't return -ESTALE if there's still an
+ carnil> open file"). Vulnerable versions: 5.4.49 5.7.6 5.8-rc1.
+Bugs:
+upstream: released (5.13-rc1) [1775c7ddacfcea29051c67409087578f8f4d751b]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [bf45c9fe99aa8003d2703f1bd353f956dea47e40]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47001 b/retired/CVE-2021-47001
new file mode 100644
index 00000000..d3583ee2
--- /dev/null
+++ b/retired/CVE-2021-47001
@@ -0,0 +1,16 @@
+Description: xprtrdma: Fix cwnd update ordering
+References:
+Notes:
+ carnil> Introduced in 2ae50ad68cd7 ("xprtrdma: Close window between waking RPC senders
+ carnil> and posting Receives"). Vulnerable versions: 5.4.13 5.5-rc1.
+Bugs:
+upstream: released (5.13-rc1) [35d8b10a25884050bb3b0149b62c3818ec59f77c]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [eddae8be7944096419c2ae29477a45f767d0fcd4]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47002 b/retired/CVE-2021-47002
new file mode 100644
index 00000000..0f190902
--- /dev/null
+++ b/retired/CVE-2021-47002
@@ -0,0 +1,16 @@
+Description: SUNRPC: Fix null pointer dereference in svc_rqst_free()
+References:
+Notes:
+ carnil> Introduced in 5191955d6fc6 ("SUNRPC: Prepare for xdr_stream-style decoding on
+ carnil> the server-side"). Vulnerable versions: 5.11-rc1.
+Bugs:
+upstream: released (5.13-rc1) [b9f83ffaa0c096b4c832a43964fe6bff3acffe10]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47003 b/retired/CVE-2021-47003
new file mode 100644
index 00000000..0c7a5f0f
--- /dev/null
+++ b/retired/CVE-2021-47003
@@ -0,0 +1,16 @@
+Description: dmaengine: idxd: Fix potential null dereference on pointer status
+References:
+Notes:
+ carnil> Introduced in 89e3becd8f82 ("dmaengine: idxd: check device state before issue
+ carnil> command"). Vulnerable versions: 5.10.17 5.11.
+Bugs:
+upstream: released (5.13-rc1) [28ac8e03c43dfc6a703aa420d18222540b801120]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [5756f757c72501ef1a16f5f63f940623044180e9]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47004 b/retired/CVE-2021-47004
new file mode 100644
index 00000000..a0af8f9c
--- /dev/null
+++ b/retired/CVE-2021-47004
@@ -0,0 +1,17 @@
+Description: f2fs: fix to avoid touching checkpointed data in get_victim()
+References:
+Notes:
+ carnil> Introduced in 4354994f097d ("f2fs: checkpoint disabling")
+ carnil> 093749e296e2 ("f2fs: support age threshold based garbage collection").
+ carnil> Vulnerable versions: 4.20-rc1 5.10-rc1.
+Bugs:
+upstream: released (5.13-rc1) [61461fc921b756ae16e64243f72af2bfc2e620db]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [105155a8146ddb54c119d8318964eef3859d109d]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47005 b/retired/CVE-2021-47005
new file mode 100644
index 00000000..4b0865bc
--- /dev/null
+++ b/retired/CVE-2021-47005
@@ -0,0 +1,16 @@
+Description: PCI: endpoint: Fix NULL pointer dereference for ->get_features()
+References:
+Notes:
+ carnil> Introduced in 2c04c5b8eef79 ("PCI: pci-epf-test: Use pci_epc_get_features() to
+ carnil> get EPC features"). Vulnerable versions: 5.1-rc1.
+Bugs:
+upstream: released (5.13-rc1) [6613bc2301ba291a1c5a90e1dc24cf3edf223c03]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [bbed83d7060e07a5d309104d25a00f0a24441428]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47006 b/retired/CVE-2021-47006
new file mode 100644
index 00000000..55432a90
--- /dev/null
+++ b/retired/CVE-2021-47006
@@ -0,0 +1,16 @@
+Description: ARM: 9064/1: hw_breakpoint: Do not directly check the event's overflow_handler hook
+References:
+Notes:
+ carnil> Introduced in 1879445dfa7b ("perf/core: Set event's default
+ carnil> ::overflow_handler()"). Vulnerable versions: 4.7-rc1.
+Bugs:
+upstream: released (5.13-rc1) [a506bd5756290821a4314f502b4bafc2afcf5260]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [630146203108bf6b8934eec0dfdb3e46dcb917de]
+4.19-upstream-stable: released (4.19.191) [a9938d6d78a238d6ab8de57a4d3dcf77adceb9bb]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47007 b/retired/CVE-2021-47007
new file mode 100644
index 00000000..5ea925f0
--- /dev/null
+++ b/retired/CVE-2021-47007
@@ -0,0 +1,16 @@
+Description: f2fs: fix panic during f2fs_resize_fs()
+References:
+Notes:
+ carnil> Introduced in b4b10061ef98 ("f2fs: refactor resize_fs to avoid meta updates in
+ carnil> progress"). Vulnerable versions: 5.8-rc1.
+Bugs:
+upstream: released (5.13-rc1) [3ab0598e6d860ef49d029943ba80f627c15c15d6]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [1c20a4896409f5ca1c770e1880c33d0a28a8b10f]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47008 b/retired/CVE-2021-47008
new file mode 100644
index 00000000..41c055f0
--- /dev/null
+++ b/retired/CVE-2021-47008
@@ -0,0 +1,18 @@
+Description: KVM: SVM: Make sure GHCB is mapped before updating
+References:
+Notes:
+ carnil> Introduced in f1c6366e3043 ("KVM: SVM: Add required changes to support
+ carnil> intercepts under SEV-ES")
+ carnil> 647daca25d24 ("KVM: SVM: Add support for booting APs in an SEV-ES guest").
+ carnil> Vulnerable versions: 5.11-rc1 5.11-rc3.
+Bugs:
+upstream: released (5.13-rc1) [a3ba26ecfb569f4aa3f867e80c02aa65f20aadad]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47009 b/retired/CVE-2021-47009
new file mode 100644
index 00000000..2542237a
--- /dev/null
+++ b/retired/CVE-2021-47009
@@ -0,0 +1,16 @@
+Description: KEYS: trusted: Fix memory leak on object td
+References:
+Notes:
+ carnil> Introduced in 5df16caada3f ("KEYS: trusted: Fix incorrect handling of
+ carnil> tpm_get_random()"). Vulnerable versions: 5.10.20 5.11.3 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc2) [83a775d5f9bfda95b1c295f95a3a041a40c7f321]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [31c9a4b24d86cbb36ff0d7a085725a3b4f0138c8]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47010 b/retired/CVE-2021-47010
new file mode 100644
index 00000000..068b9c1f
--- /dev/null
+++ b/retired/CVE-2021-47010
@@ -0,0 +1,16 @@
+Description: net: Only allow init netns to set default tcp cong to a restricted algo
+References:
+Notes:
+ carnil> Introduced in 6670e1524477 ("tcp: Namespace-ify
+ carnil> sysctl_tcp_default_congestion_control"). Vulnerable versions: 4.15-rc1.
+Bugs:
+upstream: released (5.13-rc1) [8d432592f30fcc34ef5a10aac4887b4897884493]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [6c1ea8bee75df8fe2184a50fcd0f70bf82986f42]
+4.19-upstream-stable: released (4.19.191) [992de06308d9a9584d59b96d294ac676f924e437]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47011 b/retired/CVE-2021-47011
new file mode 100644
index 00000000..9f9345ed
--- /dev/null
+++ b/retired/CVE-2021-47011
@@ -0,0 +1,16 @@
+Description: mm: memcontrol: slab: fix obtain a reference to a freeing memcg
+References:
+Notes:
+ carnil> Introduced in 3de7d4f25a74 ("mm: memcg/slab: optimize objcg stock draining").
+ carnil> Vulnerable versions: 5.10.11 5.11-rc5.
+Bugs:
+upstream: released (5.13-rc1) [9f38f03ae8d5f57371b71aa6b4275765b65454fd]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [31df8bc4d3feca9f9c6b2cd06fd64a111ae1a0e6]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47012 b/retired/CVE-2021-47012
new file mode 100644
index 00000000..a80d32bb
--- /dev/null
+++ b/retired/CVE-2021-47012
@@ -0,0 +1,16 @@
+Description: RDMA/siw: Fix a use after free in siw_alloc_mr
+References:
+Notes:
+ carnil> Introduced in 2251334dcac9 ("rdma/siw: application buffer management").
+ carnil> Vulnerable versions: 5.3-rc1.
+Bugs:
+upstream: released (5.13-rc1) [3093ee182f01689b89e9f8797b321603e5de4f63]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [608a4b90ece039940e9425ee2b39c8beff27e00c]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47013 b/retired/CVE-2021-47013
new file mode 100644
index 00000000..37cb8d4d
--- /dev/null
+++ b/retired/CVE-2021-47013
@@ -0,0 +1,16 @@
+Description: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send
+References:
+Notes:
+ carnil> Introduced in b9b17debc69d2 ("net: emac: emac gigabit ethernet controller
+ carnil> driver"). Vulnerable versions: 4.9-rc1.
+Bugs:
+upstream: released (5.13-rc1) [6d72e7c767acbbdd44ebc7d89c6690b405b32b57]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [9dc373f74097edd0e35f3393d6248eda8d1ba99d]
+4.19-upstream-stable: released (4.19.191) [16d8c44be52e3650917736d45f5904384a9da834]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47016 b/retired/CVE-2021-47016
new file mode 100644
index 00000000..8287b06f
--- /dev/null
+++ b/retired/CVE-2021-47016
@@ -0,0 +1,17 @@
+Description: m68k: mvme147,mvme16x: Don't wipe PCC timer config bits
+References:
+Notes:
+ carnil> Introduced in 7529b90d051e ("m68k: mvme147: Handle timer counter overflow")
+ carnil> 19999a8b8782 ("m68k: mvme16x: Handle timer counter overflow"). Vulnerable
+ carnil> versions: 5.2-rc1.
+Bugs:
+upstream: released (5.13-rc1) [43262178c043032e7c42d00de44c818ba05f9967]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [1dfb26df15fc7036a74221d43de7427f74293dae]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47017 b/retired/CVE-2021-47017
new file mode 100644
index 00000000..c564e64f
--- /dev/null
+++ b/retired/CVE-2021-47017
@@ -0,0 +1,16 @@
+Description: ath10k: Fix a use after free in ath10k_htc_send_bundle
+References:
+Notes:
+ carnil> Introduced in c8334512f3dd1 ("ath10k: add htt TX bundle for sdio"). Vulnerable
+ carnil> versions: 5.8-rc1.
+Bugs:
+upstream: released (5.13-rc1) [8392df5d7e0b6a7d21440da1fc259f9938f4dec3]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [8bb054fb336f4250002fff4e0b075221c05c3c65]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47018 b/retired/CVE-2021-47018
new file mode 100644
index 00000000..45bca5d3
--- /dev/null
+++ b/retired/CVE-2021-47018
@@ -0,0 +1,16 @@
+Description: powerpc/64: Fix the definition of the fixmap area
+References:
+Notes:
+ carnil> Introduced in 265c3491c4bc ("powerpc: Add support for GENERIC_EARLY_IOREMAP").
+ carnil> Vulnerable versions: 5.5-rc1.
+Bugs:
+upstream: released (5.13-rc1) [9ccba66d4d2aff9a3909aa77d57ea8b7cc166f3c]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [4b9fb2c9039a206d37f215936a4d5bee7b1bf9cd]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47019 b/retired/CVE-2021-47019
new file mode 100644
index 00000000..fa0eb51a
--- /dev/null
+++ b/retired/CVE-2021-47019
@@ -0,0 +1,16 @@
+Description: mt76: mt7921: fix possible invalid register access
+References:
+Notes:
+ carnil> Introduced in ffa1bf97425b ("mt76: mt7921: introduce PM support"). Vulnerable
+ carnil> versions: 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc1) [fe3fccde8870764ba3e60610774bd7bc9f8faeff]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47020 b/retired/CVE-2021-47020
new file mode 100644
index 00000000..16be4b37
--- /dev/null
+++ b/retired/CVE-2021-47020
@@ -0,0 +1,16 @@
+Description: soundwire: stream: fix memory leak in stream config error path
+References:
+Notes:
+ carnil> Introduced in 89e590535f32 ("soundwire: Add support for SoundWire stream
+ carnil> management"). Vulnerable versions: 4.18-rc1.
+Bugs:
+upstream: released (5.13-rc1) [48f17f96a81763c7c8bf5500460a359b9939359f]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [7c468deae306d0cbbd539408c26cfec04c66159a]
+4.19-upstream-stable: released (4.19.191) [342260fe821047c3d515e3d28085d73fbdce3e80]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47021 b/retired/CVE-2021-47021
new file mode 100644
index 00000000..c8cb8e5a
--- /dev/null
+++ b/retired/CVE-2021-47021
@@ -0,0 +1,16 @@
+Description: mt76: mt7915: fix memleak when mt7915_unregister_device()
+References:
+Notes:
+ carnil> Introduced in f285dfb98562 ("mt76: mt7915: reset token when mac_reset
+ carnil> happens"). Vulnerable versions: 5.11.4 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc1) [e9d32af478cfc3744a45245c0b126738af4b3ac4]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47022 b/retired/CVE-2021-47022
new file mode 100644
index 00000000..c5196b6a
--- /dev/null
+++ b/retired/CVE-2021-47022
@@ -0,0 +1,16 @@
+Description: mt76: mt7615: fix memleak when mt7615_unregister_device()
+References:
+Notes:
+ carnil> Introduced in a6275e934605 ("mt76: mt7615: reset token when mac_reset
+ carnil> happens"). Vulnerable versions: 5.10.21 5.11.4 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc1) [8ab31da7b89f71c4c2defcca989fab7b42f87d71]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [4fa28c807da54c1d720b3cc12e48eb9bea1e2c8f]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47023 b/retired/CVE-2021-47023
new file mode 100644
index 00000000..4f11a945
--- /dev/null
+++ b/retired/CVE-2021-47023
@@ -0,0 +1,16 @@
+Description: net: marvell: prestera: fix port event handling on init
+References:
+Notes:
+ carnil> Introduced in 501ef3066c89 ("net: marvell: prestera: Add driver for Prestera
+ carnil> family ASIC devices"). Vulnerable versions: 5.10-rc1.
+Bugs:
+upstream: released (5.13-rc1) [333980481b99edb24ebd5d1a53af70a15d9146de]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [0ce6052802be2cb61a57b753e41301339c88c839]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47025 b/retired/CVE-2021-47025
new file mode 100644
index 00000000..503717ea
--- /dev/null
+++ b/retired/CVE-2021-47025
@@ -0,0 +1,16 @@
+Description: iommu/mediatek: Always enable the clk on resume
+References:
+Notes:
+ carnil> Introduced in c0b57581b73b ("iommu/mediatek: Add power-domain operation").
+ carnil> Vulnerable versions: 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc1) [b34ea31fe013569d42b7e8681ef3f717f77c5b72]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47026 b/retired/CVE-2021-47026
new file mode 100644
index 00000000..d0bbf7f2
--- /dev/null
+++ b/retired/CVE-2021-47026
@@ -0,0 +1,16 @@
+Description: RDMA/rtrs-clt: destroy sysfs after removing session from active list
+References:
+Notes:
+ carnil> Introduced in 6a98d71daea1 ("RDMA/rtrs: client: main functionality").
+ carnil> Vulnerable versions: 5.8-rc1.
+Bugs:
+upstream: released (5.13-rc1) [7f4a8592ff29f19c5a2ca549d0973821319afaad]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [b64415c6b3476cf9fa4d0aea3807065b8403a937]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47027 b/retired/CVE-2021-47027
new file mode 100644
index 00000000..d1703086
--- /dev/null
+++ b/retired/CVE-2021-47027
@@ -0,0 +1,16 @@
+Description: mt76: mt7921: fix kernel crash when the firmware fails to download
+References:
+Notes:
+ carnil> Introduced in 5c14a5f944b9 ("mt76: mt7921: introduce mt7921e support").
+ carnil> Vulnerable versions: 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc1) [e230f0c44f011f3270680a506b19b7e84c5e8923]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47029 b/retired/CVE-2021-47029
new file mode 100644
index 00000000..a8fc7a6c
--- /dev/null
+++ b/retired/CVE-2021-47029
@@ -0,0 +1,16 @@
+Description: mt76: connac: fix kernel warning adding monitor interface
+References:
+Notes:
+ carnil> Introduced in d0e274af2f2e4 ("mt76: mt76_connac: create mcu library").
+ carnil> Vulnerable versions: 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc1) [c996f0346e40e3b1ac2ebaf0681df898fb157f60]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47030 b/retired/CVE-2021-47030
new file mode 100644
index 00000000..a9ed3657
--- /dev/null
+++ b/retired/CVE-2021-47030
@@ -0,0 +1,16 @@
+Description: mt76: mt7615: fix memory leak in mt7615_coredump_work
+References:
+Notes:
+ carnil> Introduced in d2bf7959d9c0f ("mt76: mt7663: introduce coredump support").
+ carnil> Vulnerable versions: 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc1) [49cc85059a2cb656f96ff3693f891e8fe8f669a9]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47031 b/retired/CVE-2021-47031
new file mode 100644
index 00000000..567051fa
--- /dev/null
+++ b/retired/CVE-2021-47031
@@ -0,0 +1,16 @@
+Description: mt76: mt7921: fix memory leak in mt7921_coredump_work
+References:
+Notes:
+ carnil> Introduced in 1c099ab44727c ("mt76: mt7921: add MCU support"). Vulnerable
+ carnil> versions: 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc1) [782b3e86ea970e899f8e723db9f64708a15ca30e]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47032 b/retired/CVE-2021-47032
new file mode 100644
index 00000000..980666f4
--- /dev/null
+++ b/retired/CVE-2021-47032
@@ -0,0 +1,16 @@
+Description: mt76: mt7915: fix tx skb dma unmap
+References:
+Notes:
+ carnil> Introduced in 27d5c528a7ca ("mt76: fix double DMA unmap of the first buffer on
+ carnil> 7615/7915"). Vulnerable versions: 5.10-rc1.
+Bugs:
+upstream: released (5.13-rc1) [7dcf3c04f0aca746517a77433b33d40868ca4749]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [4e7914ce23306b28d377ec395e00e5fde0e6f96e]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47033 b/retired/CVE-2021-47033
new file mode 100644
index 00000000..6900464b
--- /dev/null
+++ b/retired/CVE-2021-47033
@@ -0,0 +1,16 @@
+Description: mt76: mt7615: fix tx skb dma unmap
+References:
+Notes:
+ carnil> Introduced in 27d5c528a7ca ("mt76: fix double DMA unmap of the first buffer on
+ carnil> 7615/7915"). Vulnerable versions: 5.10-rc1.
+Bugs:
+upstream: released (5.13-rc1) [ebee7885bb12a8fe2c2f9bac87dbd87a05b645f9]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [75bc5f779a7664d1fc19cb915039439c6e58bb94]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47034 b/retired/CVE-2021-47034
new file mode 100644
index 00000000..d2164f4b
--- /dev/null
+++ b/retired/CVE-2021-47034
@@ -0,0 +1,16 @@
+Description: powerpc/64s: Fix pte update for kernel memory on radix
+References:
+Notes:
+ carnil> Introduced in f1cb8f9beba8 ("powerpc/64s/radix: avoid ptesync after set_pte and
+ carnil> ptep_set_access_flags"). Vulnerable versions: 4.18-rc1.
+Bugs:
+upstream: released (5.13-rc1) [b8b2f37cf632434456182e9002d63cbc4cccc50c]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [84c0762633f2a7ac8399e6b97d3b9bb8e6e1d50f]
+4.19-upstream-stable: released (4.19.191) [b3d5d0983388d6c4fb35f7d722556d5595f167a7]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47035 b/retired/CVE-2021-47035
new file mode 100644
index 00000000..461ab699
--- /dev/null
+++ b/retired/CVE-2021-47035
@@ -0,0 +1,16 @@
+Description: iommu/vt-d: Remove WO permissions on second-level paging entries
+References:
+Notes:
+ carnil> Introduced in b802d070a52a1 ("iommu/vt-d: Use iova over first level").
+ carnil> Vulnerable versions: 5.6-rc1.
+Bugs:
+upstream: released (5.13-rc1) [eea53c5816889ee8b64544fa2e9311a81184ff9c]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.38) [89bd620798704a8805fc9db0d71d7f812cf5b3d2]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47038 b/retired/CVE-2021-47038
new file mode 100644
index 00000000..f9fca470
--- /dev/null
+++ b/retired/CVE-2021-47038
@@ -0,0 +1,16 @@
+Description: Bluetooth: avoid deadlock between hci_dev->lock and socket lock
+References:
+Notes:
+ carnil> Introduced in eab2404ba798 ("Bluetooth: Add BT_PHY socket option"). Vulnerable
+ carnil> versions: 5.7-rc1.
+Bugs:
+upstream: released (5.13-rc1) [17486960d79b900c45e0bb8fbcac0262848582ba]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [7cc0ba67883c6c8d3bddb283f56c167fc837a555]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47039 b/retired/CVE-2021-47039
new file mode 100644
index 00000000..6d4d359a
--- /dev/null
+++ b/retired/CVE-2021-47039
@@ -0,0 +1,16 @@
+Description: ataflop: potential out of bounds in do_format()
+References:
+Notes:
+ carnil> Introduced in bf9c0538e485 ("ataflop: use a separate gendisk for each media
+ carnil> format"). Vulnerable versions: 5.11-rc1.
+Bugs:
+upstream: released (5.13-rc1) [1ffec389a6431782a8a28805830b6fae9bf00af1]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47040 b/retired/CVE-2021-47040
new file mode 100644
index 00000000..329255c7
--- /dev/null
+++ b/retired/CVE-2021-47040
@@ -0,0 +1,16 @@
+Description: io_uring: fix overflows checks in provide buffers
+References:
+Notes:
+ carnil> Introduced in efe68c1ca8f49 ("io_uring: validate the full range of provided
+ carnil> buffers for access"). Vulnerable versions: 5.8-rc1.
+Bugs:
+upstream: released (5.13-rc1) [38134ada0ceea3e848fe993263c0ff6207fd46e7]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [cbbc13b115b8f18e0a714d89f87fbdc499acfe2d]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47041 b/retired/CVE-2021-47041
new file mode 100644
index 00000000..abf3973b
--- /dev/null
+++ b/retired/CVE-2021-47041
@@ -0,0 +1,16 @@
+Description: nvmet-tcp: fix incorrect locking in state_change sk callback
+References:
+Notes:
+ carnil> Introduced in 872d26a391da ("nvmet-tcp: add NVMe over TCP target driver").
+ carnil> Vulnerable versions: 5.0-rc1.
+Bugs:
+upstream: released (5.13-rc1) [b5332a9f3f3d884a1b646ce155e664cc558c1722]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [60ade0d56b06537a28884745059b3801c78e03bc]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47042 b/retired/CVE-2021-47042
new file mode 100644
index 00000000..abe04fdb
--- /dev/null
+++ b/retired/CVE-2021-47042
@@ -0,0 +1,16 @@
+Description: drm/amd/display: Free local data after use
+References:
+Notes:
+ carnil> Introduced in 3a00c04212d1cf ("drm/amd/display/dc/core/dc_link: Move some local
+ carnil> data from the stack to the heap"). Vulnerable versions: 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc1) [616cf23b6cf40ad6f03ffbddfa1b6c4eb68d8ae1]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47043 b/retired/CVE-2021-47043
new file mode 100644
index 00000000..cb60fffe
--- /dev/null
+++ b/retired/CVE-2021-47043
@@ -0,0 +1,16 @@
+Description: media: venus: core: Fix some resource leaks in the error path of 'venus_probe()'
+References:
+Notes:
+ carnil> Introduced in 32f0a6ddc8c9 ("media: venus: Use on-chip interconnect API").
+ carnil> Vulnerable versions: 5.5-rc1.
+Bugs:
+upstream: released (5.13-rc1) [5a465c5391a856a0c1e9554964d660676c35d1b2]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [00b68a7478343afdf83f30c43e64db5296057030]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47044 b/retired/CVE-2021-47044
new file mode 100644
index 00000000..3baec611
--- /dev/null
+++ b/retired/CVE-2021-47044
@@ -0,0 +1,16 @@
+Description: sched/fair: Fix shift-out-of-bounds in load_balance()
+References:
+Notes:
+ carnil> Introduced in 5a7f55590467 ("sched/fair: Relax constraint on task's load during
+ carnil> load balance"). Vulnerable versions: 5.10-rc1.
+Bugs:
+upstream: released (5.13-rc1) [39a2a6eb5c9b66ea7c8055026303b3aa681b49a5]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [80862cbf76c2646f709a57c4517aefe0b094c774]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47045 b/retired/CVE-2021-47045
new file mode 100644
index 00000000..771d0536
--- /dev/null
+++ b/retired/CVE-2021-47045
@@ -0,0 +1,16 @@
+Description: scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb()
+References:
+Notes:
+ carnil> Introduced in 4430f7fd09ec ("scsi: lpfc: Rework locations of ndlp reference
+ carnil> taking"). Vulnerable versions: 5.11-rc1.
+Bugs:
+upstream: released (5.13-rc1) [8dd1c125f7f838abad009b64bff5f0a11afe3cb6]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47046 b/retired/CVE-2021-47046
new file mode 100644
index 00000000..ad8ba15e
--- /dev/null
+++ b/retired/CVE-2021-47046
@@ -0,0 +1,16 @@
+Description: drm/amd/display: Fix off by one in hdmi_14_process_transaction()
+References:
+Notes:
+ carnil> Introduced in 4c283fdac08a ("drm/amd/display: Add HDCP module"). Vulnerable
+ carnil> versions: 5.5-rc1.
+Bugs:
+upstream: released (5.13-rc1) [8e6fafd5a22e7a2eb216f5510db7aab54cc545c1]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [403c4528e5887af3deb9838cb77a557631d1e138]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47047 b/retired/CVE-2021-47047
new file mode 100644
index 00000000..7402934c
--- /dev/null
+++ b/retired/CVE-2021-47047
@@ -0,0 +1,16 @@
+Description: spi: spi-zynqmp-gqspi: return -ENOMEM if dma_map_single fails
+References:
+Notes:
+ carnil> Introduced in 1c26372e5aa9 ("spi: spi-zynqmp-gqspi: Update driver to use
+ carnil> spi-mem framework"). Vulnerable versions: 5.10-rc3.
+Bugs:
+upstream: released (5.13-rc1) [126bdb606fd2802454e6048caef1be3e25dd121e]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [5980a3b9c933408bc22b0e349b78c3ebd7cbf880]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6 .1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47048 b/retired/CVE-2021-47048
new file mode 100644
index 00000000..aa3980ae
--- /dev/null
+++ b/retired/CVE-2021-47048
@@ -0,0 +1,16 @@
+Description: spi: spi-zynqmp-gqspi: fix use-after-free in zynqmp_qspi_exec_op
+References:
+Notes:
+ carnil> Introduced in 1c26372e5aa9 ("spi: spi-zynqmp-gqspi: Update driver to use
+ carnil> spi-mem framework"). Vulnerable versions: 5.10-rc3.
+Bugs:
+upstream: released (5.13-rc1) [a2c5bedb2d55dd27c642c7b9fb6886d7ad7bdb58]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [1231279389b5e638bc3b66b9741c94077aed4b5a]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47050 b/retired/CVE-2021-47050
new file mode 100644
index 00000000..ab77ed8f
--- /dev/null
+++ b/retired/CVE-2021-47050
@@ -0,0 +1,16 @@
+Description: memory: renesas-rpc-if: fix possible NULL pointer dereference of resource
+References:
+Notes:
+ carnil> Introduced in ca7d8b980b67 ("memory: add Renesas RPC-IF driver"). Vulnerable
+ carnil> versions: 5.9-rc2.
+Bugs:
+upstream: released (5.13-rc1) [59e27d7c94aa02da039b000d33c304c179395801]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [71bcc1b4a1743534d8abdcb57ff912e6bc390438]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47051 b/retired/CVE-2021-47051
new file mode 100644
index 00000000..c7956550
--- /dev/null
+++ b/retired/CVE-2021-47051
@@ -0,0 +1,16 @@
+Description: spi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware()
+References:
+Notes:
+ carnil> Introduced in 944c01a889d9 ("spi: lpspi: enable runtime pm for lpspi").
+ carnil> Vulnerable versions: 5.2-rc5.
+Bugs:
+upstream: released (5.13-rc1) [a03675497970a93fcf25d81d9d92a59c2d7377a7]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [ce02e58ddf8658a4c3bed2296f32a5873b3f7cce]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47052 b/retired/CVE-2021-47052
new file mode 100644
index 00000000..4703bfdf
--- /dev/null
+++ b/retired/CVE-2021-47052
@@ -0,0 +1,16 @@
+Description: crypto: sa2ul - Fix memory leak of rxd
+References:
+Notes:
+ carnil> Introduced in 00c9211f60db ("crypto: sa2ul - Fix DMA mapping API usage").
+ carnil> Vulnerable versions: 5.10-rc1.
+Bugs:
+upstream: released (5.13-rc1) [854b7737199848a91f6adfa0a03cf6f0c46c86e8]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [0e596b3734649041ed77edc86a23c0442bbe062b]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47053 b/retired/CVE-2021-47053
new file mode 100644
index 00000000..b676ead5
--- /dev/null
+++ b/retired/CVE-2021-47053
@@ -0,0 +1,16 @@
+Description: crypto: sun8i-ss - Fix memory leak of pad
+References:
+Notes:
+ carnil> Introduced in d9b45418a917 ("crypto: sun8i-ss - support hash algorithms").
+ carnil> Vulnerable versions: 5.10-rc1.
+Bugs:
+upstream: released (5.13-rc1) [50274b01ac1689b1a3f6bc4b5b3dbf361a55dd3a]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [2c67a9333da9d0a3b87310e0d116b7c9070c7b00]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47054 b/retired/CVE-2021-47054
new file mode 100644
index 00000000..1cd055ab
--- /dev/null
+++ b/retired/CVE-2021-47054
@@ -0,0 +1,16 @@
+Description: bus: qcom: Put child node before return
+References:
+Notes:
+ carnil> Introduced in 335a12754808 ("bus: qcom: add EBI2 driver"). Vulnerable versions:
+ carnil> 4.9-rc1.
+Bugs:
+upstream: released (5.13-rc1) [ac6ad7c2a862d682bb584a4bc904d89fa7721af8]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [00f6abd3509b1d70d0ab0fbe65ce5685cebed8be]
+4.19-upstream-stable: released (4.19.191) [a399dd80e697a02cfb23e2fc09b87849994043d9]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47055 b/retired/CVE-2021-47055
new file mode 100644
index 00000000..0a618193
--- /dev/null
+++ b/retired/CVE-2021-47055
@@ -0,0 +1,17 @@
+Description: mtd: require write permissions for locking and badblock ioctls
+References:
+Notes:
+ carnil> Introduced in f7e6b19bc764 ("mtd: properly check all write ioctls for
+ carnil> permissions"). Vulnerable versions: 4.4.233 4.9.233 4.14.194 4.19.139 5.4.58
+ carnil> 5.7.15 5.8.1 5.9-rc1.
+Bugs:
+upstream: released (5.13-rc1) [1e97743fd180981bef5f01402342bb54bf1c6366]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [7b6552719c0ccbbea29dde4be141da54fdb5877e]
+4.19-upstream-stable: released (4.19.191) [75ed985bd6c8ac1d4e673e93ea9d96c9908c1d37]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47056 b/retired/CVE-2021-47056
new file mode 100644
index 00000000..4997c4e8
--- /dev/null
+++ b/retired/CVE-2021-47056
@@ -0,0 +1,16 @@
+Description: crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init
+References:
+Notes:
+ carnil> Introduced in 25c6ffb249f6 ("crypto: qat - check if PF is running"). Vulnerable
+ carnil> versions: 4.7-rc1.
+Bugs:
+upstream: released (5.13-rc1) [8609f5cfdc872fc3a462efa6a3eca5cb1e2f6446]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [1f50392650ae794a1aea41c213c6a3e1c824413c]
+4.19-upstream-stable: released (4.19.191) [09d16cee6285d37cc76311c29add6d97a7e4acda]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47057 b/retired/CVE-2021-47057
new file mode 100644
index 00000000..38e12f22
--- /dev/null
+++ b/retired/CVE-2021-47057
@@ -0,0 +1,16 @@
+Description: crypto: sun8i-ss - Fix memory leak of object d when dma_iv fails to map
+References:
+Notes:
+ carnil> Introduced in ac2614d721de ("crypto: sun8i-ss - Add support for the PRNG").
+ carnil> Vulnerable versions: 5.10-rc1.
+Bugs:
+upstream: released (5.13-rc1) [98b5ef3e97b16eaeeedb936f8bda3594ff84a70e]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [617ec35ed51f731a593ae7274228ef2cfc9cb781]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47058 b/retired/CVE-2021-47058
new file mode 100644
index 00000000..6d41a6f3
--- /dev/null
+++ b/retired/CVE-2021-47058
@@ -0,0 +1,16 @@
+Description: regmap: set debugfs_name to NULL after it is freed
+References:
+Notes:
+ carnil> Introduced in cffa4b2122f5 ("regmap: debugfs: Fix a memory leak when calling
+ carnil> regmap_attach_dev"). Vulnerable versions: 4.19.168 5.4.90 5.10.8 5.11-rc3.
+Bugs:
+upstream: released (5.13-rc1) [e41a962f82e7afb5b1ee644f48ad0b3aee656268]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [eb949f891226c012138ffd9df90d1e509f428ae6]
+4.19-upstream-stable: released (4.19.191) [2dc1554d5f0fdaf47cc5bea442b84b9226fea867]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47059 b/retired/CVE-2021-47059
new file mode 100644
index 00000000..ddb3ebd2
--- /dev/null
+++ b/retired/CVE-2021-47059
@@ -0,0 +1,16 @@
+Description: crypto: sun8i-ss - fix result memory leak on error path
+References:
+Notes:
+ carnil> Introduced in d9b45418a917 ("crypto: sun8i-ss - support hash algorithms").
+ carnil> Vulnerable versions: 5.10-rc1.
+Bugs:
+upstream: released (5.13-rc1) [1dbc6a1e25be8575d6c4114d1d2b841a796507f7]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [1f12aaf07f61122cf5074d29714ee26f8d44b0e7]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47062 b/retired/CVE-2021-47062
new file mode 100644
index 00000000..981662cf
--- /dev/null
+++ b/retired/CVE-2021-47062
@@ -0,0 +1,16 @@
+Description: KVM: SVM: Use online_vcpus, not created_vcpus, to iterate over vCPUs
+References:
+Notes:
+ carnil> Introduced in ad73109ae7ec ("KVM: SVM: Provide support to launch and run an
+ carnil> SEV-ES guest"). Vulnerable versions: 5.11-rc1.
+Bugs:
+upstream: released (5.13-rc1) [c36b16d29f3af5f32fc1b2a3401bf48f71cabee1]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47064 b/retired/CVE-2021-47064
new file mode 100644
index 00000000..81c601af
--- /dev/null
+++ b/retired/CVE-2021-47064
@@ -0,0 +1,16 @@
+Description: mt76: fix potential DMA mapping leak
+References:
+Notes:
+ carnil> Introduced in 27d5c528a7ca ("mt76: fix double DMA unmap of the first buffer on
+ carnil> 7615/7915"). Vulnerable versions: 5.10-rc1.
+Bugs:
+upstream: released (5.13-rc1) [b4403cee6400c5f679e9c4a82b91d61aa961eccf]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [9fa26701cd1fc4d932d431971efc5746325bdfce]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47065 b/retired/CVE-2021-47065
new file mode 100644
index 00000000..561d95c0
--- /dev/null
+++ b/retired/CVE-2021-47065
@@ -0,0 +1,16 @@
+Description: rtw88: Fix array overrun in rtw_get_tx_power_params()
+References:
+Notes:
+ carnil> Introduced in fa6dfe6bff24 ("rtw88: resolve order of tx power setting
+ carnil> routines"). Vulnerable versions: 5.3-rc1.
+Bugs:
+upstream: released (5.13-rc1) [2ff25985ea9ccc6c9af2c77b0b49045adcc62e0e]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [95fb153c6027924cda3422120169d1890737f3a0]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47066 b/retired/CVE-2021-47066
new file mode 100644
index 00000000..f9518492
--- /dev/null
+++ b/retired/CVE-2021-47066
@@ -0,0 +1,16 @@
+Description: async_xor: increase src_offs when dropping destination page
+References:
+Notes:
+ carnil> Introduced in 29bcff787a25 ("md/raid5: add new xor function to support
+ carnil> different page offset"). Vulnerable versions: 5.10-rc1.
+Bugs:
+upstream: released (5.13-rc1) [ceaf2966ab082bbc4d26516f97b3ca8a676e2af8]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [cab2e8e5997b592fdb7d02cf2387b4b8e3057174]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47067 b/retired/CVE-2021-47067
new file mode 100644
index 00000000..724bceae
--- /dev/null
+++ b/retired/CVE-2021-47067
@@ -0,0 +1,16 @@
+Description: soc/tegra: regulators: Fix locking up when voltage-spread is out of range
+References:
+Notes:
+ carnil> Introduced in 783807436f36 ("soc/tegra: regulators: Add regulators coupler for
+ carnil> Tegra30"). Vulnerable versions: 5.5-rc1.
+Bugs:
+upstream: released (5.13-rc1) [ef85bb582c41524e9e68dfdbde48e519dac4ab3d]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [a1ad124c836816fac8bd5e461d36eaf33cee4e24]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47068 b/retired/CVE-2021-47068
new file mode 100644
index 00000000..efc01dc2
--- /dev/null
+++ b/retired/CVE-2021-47068
@@ -0,0 +1,17 @@
+Description: net/nfc: fix use-after-free llcp_sock_bind/connect
+References:
+Notes:
+ carnil> Introduced in c33b1cc62 ("nfc: fix refcount leak in llcp_sock_bind()").
+ carnil> Vulnerable versions: 4.4.267 4.9.267 4.14.231 4.19.187 5.4.112 5.10.30 5.11.14
+ carnil> 5.12-rc7.
+Bugs:
+upstream: released (5.13-rc1) [c61760e6940dd4039a7f5e84a6afc9cdbf4d82b6]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.37) [6b7021ed36dabf29e56842e3408781cd3b82ef6e]
+4.19-upstream-stable: released (4.19.191) [48fba458fe54cc2a980a05c13e6c19b8b2cfb610]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47069 b/retired/CVE-2021-47069
new file mode 100644
index 00000000..5e20cf08
--- /dev/null
+++ b/retired/CVE-2021-47069
@@ -0,0 +1,18 @@
+Description: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry
+References:
+Notes:
+ carnil> Introduced in c5b2cbdbdac563 ("ipc/mqueue.c: update/document memory barriers")
+ carnil> 8116b54e7e23ef ("ipc/sem.c: document and update memory barriers")
+ carnil> 0d97a82ba830d8 ("ipc/msg.c: update and document memory barriers"). Vulnerable
+ carnil> versions: 5.6-rc1.
+Bugs:
+upstream: released (5.13-rc3) [a11ddb37bf367e6b5239b95ca759e5389bb46048]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.40) [4528c0c323085e645b8765913b4a7fd42cf49b65]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.40-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47071 b/retired/CVE-2021-47071
new file mode 100644
index 00000000..ff3dbfe7
--- /dev/null
+++ b/retired/CVE-2021-47071
@@ -0,0 +1,16 @@
+Description: uio_hv_generic: Fix a memory leak in error handling paths
+References:
+Notes:
+ carnil> Introduced in cdfa835c6e5e ("uio_hv_generic: defer opening vmbus until first
+ carnil> use"). Vulnerable versions: 4.20-rc1.
+Bugs:
+upstream: released (5.13-rc3) [3ee098f96b8b6c1a98f7f97915f8873164e6af9d]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.40) [d84b5e912212b05f6b5bde9f682046accfbe0354]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.40-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47072 b/retired/CVE-2021-47072
new file mode 100644
index 00000000..b05ec7a6
--- /dev/null
+++ b/retired/CVE-2021-47072
@@ -0,0 +1,16 @@
+Description: btrfs: fix removed dentries still existing after log is synced
+References:
+Notes:
+ carnil> Introduced in 64d6b281ba4db0 ("btrfs: remove unnecessary
+ carnil> check_parent_dirs_for_sync()"). Vulnerable versions: 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc3) [54a40fc3a1da21b52dbf19f72fdc27a2ec740760]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47073 b/retired/CVE-2021-47073
new file mode 100644
index 00000000..82b98448
--- /dev/null
+++ b/retired/CVE-2021-47073
@@ -0,0 +1,16 @@
+Description: platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios
+References:
+Notes:
+ carnil> Introduced in 1a258e670434 ("platform/x86: dell-smbios-wmi: Add new WMI
+ carnil> dispatcher driver"). Vulnerable versions: 4.15-rc1.
+Bugs:
+upstream: released (5.13-rc3) [3a53587423d25c87af4b4126a806a0575104b45e]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.40) [0cf036a0d325200e6c27b90908e51195bbc557b1]
+4.19-upstream-stable: released (4.19.192) [75cfc833da4a2111106d4c134e93e0c7f41e35e7]
+sid: released (5.10.40-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47075 b/retired/CVE-2021-47075
new file mode 100644
index 00000000..2d31abef
--- /dev/null
+++ b/retired/CVE-2021-47075
@@ -0,0 +1,16 @@
+Description: nvmet: fix memory leak in nvmet_alloc_ctrl()
+References:
+Notes:
+ carnil> Introduced in 94a39d61f80f ("nvmet: make ctrl-id configurable"). Vulnerable
+ carnil> versions: 5.7-rc1.
+Bugs:
+upstream: released (5.13-rc3) [fec356a61aa3d3a66416b4321f1279e09e0f256f]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.40) [4720f29acb3fe67aa8aa71e6b675b079d193aaeb]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.40-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47078 b/retired/CVE-2021-47078
new file mode 100644
index 00000000..f66a2904
--- /dev/null
+++ b/retired/CVE-2021-47078
@@ -0,0 +1,15 @@
+Description: RDMA/rxe: Clear all QP fields if creation failed
+References:
+Notes:
+ carnil> Introduced in 8700e3e7c485 ("Soft RoCE driver"). Vulnerable versions: 4.8-rc1.
+Bugs:
+upstream: released (5.13-rc3) [67f29896fdc83298eed5a6576ff8f9873f709228]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.40) [2ee4d79c364914989c80de382c0b1a7259a7e4b3]
+4.19-upstream-stable: released (4.19.192) [f3783c415bf6d2ead3d7aa2c38802bbe10723646]
+sid: released (5.10.40-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47079 b/retired/CVE-2021-47079
new file mode 100644
index 00000000..51978990
--- /dev/null
+++ b/retired/CVE-2021-47079
@@ -0,0 +1,16 @@
+Description: platform/x86: ideapad-laptop: fix a NULL pointer dereference
+References:
+Notes:
+ carnil> Introduced in ff36b0d953dc4 ("platform/x86: ideapad-laptop: rework and create
+ carnil> new ACPI helpers"). Vulnerable versions: 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc3) [ff67dbd554b2aaa22be933eced32610ff90209dd]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47080 b/retired/CVE-2021-47080
new file mode 100644
index 00000000..ea9ce187
--- /dev/null
+++ b/retired/CVE-2021-47080
@@ -0,0 +1,16 @@
+Description: RDMA/core: Prevent divide-by-zero error triggered by the user
+References:
+Notes:
+ carnil> Introduced in 9f85cbe50aa0 ("RDMA/uverbs: Expose the new GID query API to user
+ carnil> space"). Vulnerable versions: 5.10-rc1.
+Bugs:
+upstream: released (5.13-rc3) [54d87913f147a983589923c7f651f97de9af5be1]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.40) [66ab7fcdac34b890017f04f391507ef5b2b89a13]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.40-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47081 b/retired/CVE-2021-47081
new file mode 100644
index 00000000..ee49ee5b
--- /dev/null
+++ b/retired/CVE-2021-47081
@@ -0,0 +1,16 @@
+Description: habanalabs/gaudi: Fix a potential use after free in gaudi_memset_device_memory
+References:
+Notes:
+ carnil> Introduced in 423815bf02e25 ("habanalabs/gaudi: remove PCI access to SM
+ carnil> block"). Vulnerable versions: 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc3) [115726c5d312b462c9d9931ea42becdfa838a076]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47082 b/retired/CVE-2021-47082
new file mode 100644
index 00000000..e899aa55
--- /dev/null
+++ b/retired/CVE-2021-47082
@@ -0,0 +1,15 @@
+Description: tun: avoid double free in tun_free_netdev
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.16-rc7) [158b515f703e75e7d68289bf4d98c664e1d632df]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.136) [a01a4e9f5dc93335c716fa4023b1901956e8c904]
+4.19-upstream-stable: released (4.19.280) [8eb43d635950e27c29f1e9e49a23b31637f37757]
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.136-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2021-47086 b/retired/CVE-2021-47086
new file mode 100644
index 00000000..f06d9fb0
--- /dev/null
+++ b/retired/CVE-2021-47086
@@ -0,0 +1,15 @@
+Description: phonet/pep: refuse to enable an unbound pipe
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.16-rc7) [75a2f31520095600f650597c0ac41f48b5ba0068]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.89) [52ad5da8e316fa11e3a50b3f089aa63e4089bf52]
+4.19-upstream-stable: released (4.19.223) [982b6ba1ce626ef87e5c29f26f2401897554f235]
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/retired/CVE-2021-47087 b/retired/CVE-2021-47087
new file mode 100644
index 00000000..e5d2150a
--- /dev/null
+++ b/retired/CVE-2021-47087
@@ -0,0 +1,16 @@
+Description: tee: optee: Fix incorrect page free bug
+References:
+Notes:
+ carnil> Introduced in ec185dd3ab25 ("optee: Fix memory leak when failing to register
+ carnil> shm pages"). Vulnerable versions: 5.4.140 5.10.58 5.13.10 5.14-rc5.
+Bugs:
+upstream: released (5.16-rc7) [18549bf4b21c739a9def39f27dcac53e27286ab5]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.89) [ad338d825e3f7b96ee542bf313728af2d19fe9ad]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47088 b/retired/CVE-2021-47088
new file mode 100644
index 00000000..defea2ea
--- /dev/null
+++ b/retired/CVE-2021-47088
@@ -0,0 +1,16 @@
+Description: mm/damon/dbgfs: protect targets destructions with kdamond_lock
+References:
+Notes:
+ carnil> Introduced in 4bc05954d007 ("mm/damon: implement a debugfs-based user space
+ carnil> interface"). Vulnerable versions: 5.15-rc1.
+Bugs:
+upstream: released (5.16-rc7) [34796417964b8d0aef45a99cf6c2d20cebe33733]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47089 b/retired/CVE-2021-47089
new file mode 100644
index 00000000..f9c0f686
--- /dev/null
+++ b/retired/CVE-2021-47089
@@ -0,0 +1,16 @@
+Description: kfence: fix memory leak when cat kfence objects
+References:
+Notes:
+ carnil> Introduced in 0ce20dd84089 ("mm: add Kernel Electric-Fence infrastructure").
+ carnil> Vulnerable versions: 5.12-rc1.
+Bugs:
+upstream: released (5.16-rc7) [0129ab1f268b6cf88825eae819b9b84aa0a85634]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47090 b/retired/CVE-2021-47090
new file mode 100644
index 00000000..b37f8556
--- /dev/null
+++ b/retired/CVE-2021-47090
@@ -0,0 +1,16 @@
+Description: mm/hwpoison: clear MF_COUNT_INCREASED before retrying get_any_page()
+References:
+Notes:
+ carnil> Introduced in b94e02822deb ("mm,hwpoison: try to narrow window race for free
+ carnil> pages"). Vulnerable versions: 5.10-rc1.
+Bugs:
+upstream: released (5.16-rc7) [2a57d83c78f889bf3f54eede908d0643c40d5418]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.89) [1f207076740101fed87074a6bc924dbe806f08a5]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47091 b/retired/CVE-2021-47091
new file mode 100644
index 00000000..87fc79e6
--- /dev/null
+++ b/retired/CVE-2021-47091
@@ -0,0 +1,16 @@
+Description: mac80211: fix locking in ieee80211_start_ap error path
+References:
+Notes:
+ carnil> Introduced in 295b02c4be74 ("mac80211: Add FILS discovery support"). Vulnerable
+ carnil> versions: 5.10-rc1.
+Bugs:
+upstream: released (5.16-rc7) [87a270625a89fc841f1a7e21aae6176543d8385c]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.89) [ac61b9c6c0549aaeb98194cf429d93c41bfe5f79]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47092 b/retired/CVE-2021-47092
new file mode 100644
index 00000000..53257ac9
--- /dev/null
+++ b/retired/CVE-2021-47092
@@ -0,0 +1,16 @@
+Description: KVM: VMX: Always clear vmx->fail on emulation_required
+References:
+Notes:
+ carnil> Introduced in c8607e4a086f ("KVM: x86: nVMX: don't fail nested VM entry on
+ carnil> invalid guest state if !from_vmentry"). Vulnerable versions: 5.15-rc4.
+Bugs:
+upstream: released (5.16-rc7) [a80dfc025924024d2c61a4c1b8ef62b2fce76a04]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47093 b/retired/CVE-2021-47093
new file mode 100644
index 00000000..9da02033
--- /dev/null
+++ b/retired/CVE-2021-47093
@@ -0,0 +1,16 @@
+Description: platform/x86: intel_pmc_core: fix memleak on registration failure
+References:
+Notes:
+ carnil> Introduced in 938835aa903a ("platform/x86: intel_pmc_core: do not create a
+ carnil> static struct device"). Vulnerable versions: 5.9.
+Bugs:
+upstream: released (5.16-rc7) [26a8b09437804fabfb1db080d676b96c0de68e7c]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.89) [7a37f2e370699e2feca3dca6c8178c71ceee7e8a]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47095 b/retired/CVE-2021-47095
new file mode 100644
index 00000000..230bbce4
--- /dev/null
+++ b/retired/CVE-2021-47095
@@ -0,0 +1,16 @@
+Description: ipmi: ssif: initialize ssif_info->client early
+References:
+Notes:
+ carnil> Introduced in c4436c9149c5 ("ipmi_ssif: avoid registering duplicate ssif
+ carnil> interface"). Vulnerable versions: 5.4-rc1.
+Bugs:
+upstream: released (5.16-rc7) [34f35f8f14bc406efc06ee4ff73202c6fd245d15]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.89) [1f6ab847461ce7dd89ae9db2dd4658c993355d7c]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47096 b/retired/CVE-2021-47096
new file mode 100644
index 00000000..bb2dad10
--- /dev/null
+++ b/retired/CVE-2021-47096
@@ -0,0 +1,16 @@
+Description: ALSA: rawmidi - fix the uninitalized user_pversion
+References:
+Notes:
+ carnil> Introduced in 09d23174402d ("ALSA: rawmidi: introduce
+ carnil> SNDRV_RAWMIDI_IOCTL_USER_PVERSION"). Vulnerable versions: 5.14.10 5.15-rc4.
+Bugs:
+upstream: released (5.16-rc7) [39a8fc4971a00d22536aeb7d446ee4a97810611b]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47097 b/retired/CVE-2021-47097
new file mode 100644
index 00000000..a98b7fad
--- /dev/null
+++ b/retired/CVE-2021-47097
@@ -0,0 +1,16 @@
+Description: Input: elantech - fix stack out of bound access in elantech_change_report_id()
+References:
+Notes:
+ carnil> Introduced in e4c9062717fe ("Input: elantech - fix protocol errors for some
+ carnil> trackpoints in SMBus mode"). Vulnerable versions: 5.4.103 5.10.21 5.11-rc1.
+Bugs:
+upstream: released (5.16-rc7) [1d72d9f960ccf1052a0630a68c3d358791dbdaaa]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.89) [676c572439e58b7ee6b7ca3f1e5595382921045c]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47098 b/retired/CVE-2021-47098
new file mode 100644
index 00000000..2a30b16f
--- /dev/null
+++ b/retired/CVE-2021-47098
@@ -0,0 +1,16 @@
+Description: hwmon: (lm90) Prevent integer overflow/underflow in hysteresis calculations
+References:
+Notes:
+ carnil> Introduced in b50aa49638c7 ("hwmon: (lm90) Prevent integer underflows of
+ carnil> temperature calculations"). Vulnerable versions: 5.14-rc1.
+Bugs:
+upstream: released (5.16-rc7) [55840b9eae5367b5d5b29619dc2fb7e4596dba46]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47099 b/retired/CVE-2021-47099
new file mode 100644
index 00000000..766441a7
--- /dev/null
+++ b/retired/CVE-2021-47099
@@ -0,0 +1,16 @@
+Description: veth: ensure skb entering GRO are not cloned.
+References:
+Notes:
+ carnil> Introduced in d3256efd8e8b ("veth: allow enabling NAPI even without XDP").
+ carnil> Vulnerable versions: 5.13-rc1.
+Bugs:
+upstream: released (5.16-rc7) [9695b7de5b4760ed22132aca919570c0190cb0ce]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47100 b/retired/CVE-2021-47100
new file mode 100644
index 00000000..8c185311
--- /dev/null
+++ b/retired/CVE-2021-47100
@@ -0,0 +1,16 @@
+Description: ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module
+References:
+Notes:
+ carnil> Introduced in b2cfd8ab4add ("ipmi: Rework device id and guid handling to catch
+ carnil> changing BMCs"). Vulnerable versions: 4.15-rc1.
+Bugs:
+upstream: released (5.16-rc7) [ffb76a86f8096a8206be03b14adda6092e18e275]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.89) [6809da5185141e61401da5b01896b79a4deed1ad]
+4.19-upstream-stable: released (4.19.223) [925229d552724e1bba1abf01d3a0b1318539b012]
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/retired/CVE-2021-47102 b/retired/CVE-2021-47102
new file mode 100644
index 00000000..0deb5cc4
--- /dev/null
+++ b/retired/CVE-2021-47102
@@ -0,0 +1,16 @@
+Description: net: marvell: prestera: fix incorrect structure access
+References:
+Notes:
+ carnil> Introduced in 3d5048cc54bd ("net: marvell: prestera: move netdev topology
+ carnil> validation to prestera_main"). Vulnerable versions: 5.14-rc1.
+Bugs:
+upstream: released (5.16-rc7) [2efc2256febf214e7b2bdaa21fe6c3c3146acdcb]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47103 b/retired/CVE-2021-47103
new file mode 100644
index 00000000..81dc65fa
--- /dev/null
+++ b/retired/CVE-2021-47103
@@ -0,0 +1,16 @@
+Description: inet: fully convert sk->sk_rx_dst to RCU rules
+References:
+Notes:
+ carnil> Introduced in 41063e9dd119 ("ipv4: Early TCP socket demux."). Vulnerable
+ carnil> versions: 3.6-rc1.
+Bugs:
+upstream: released (5.16-rc7) [8f905c0e7354ef261360fb7535ea079b1082c105]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.150) [f039b43cbaea5e0700980c2f0052da05a70782e0]
+4.19-upstream-stable: released (4.19.262) [75a578000ae5e511e5d0e8433c94a14d9c99c412]
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.158-1)
+4.19-buster-security: released (4.19.269-1)
diff --git a/retired/CVE-2021-47104 b/retired/CVE-2021-47104
new file mode 100644
index 00000000..c2c0236b
--- /dev/null
+++ b/retired/CVE-2021-47104
@@ -0,0 +1,17 @@
+Description: IB/qib: Fix memory leak in qib_user_sdma_queue_pkts()
+References:
+Notes:
+ carnil> Introduced in d39bf40e55e6 ("IB/qib: Protect from buffer overflow in struct
+ carnil> qib_user_sdma_pkt fields"). Vulnerable versions: 4.4.292 4.9.290 4.14.255
+ carnil> 4.19.216 5.4.157 5.10.77 5.14.16 5.15.
+Bugs:
+upstream: released (5.16-rc7) [bee90911e0138c76ee67458ac0d58b38a3190f65]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.89) [7cf6466e00a77b0a914b7b2c28a1fc7947d55e59]
+4.19-upstream-stable: released (4.19.223) [0aaec9c5f60754b56f84460ea439b8c5e91f4caa]
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/retired/CVE-2021-47106 b/retired/CVE-2021-47106
new file mode 100644
index 00000000..c49f691f
--- /dev/null
+++ b/retired/CVE-2021-47106
@@ -0,0 +1,16 @@
+Description: netfilter: nf_tables: fix use-after-free in nft_set_catchall_destroy()
+References:
+Notes:
+ carnil> Introduced in aaa31047a6d2 ("netfilter: nftables: add catch-all set element
+ carnil> support"). Vulnerable versions: 5.13-rc1.
+Bugs:
+upstream: released (5.16-rc7) [0f7d9b31ce7abdbb29bf018131ac920c9f698518]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47107 b/retired/CVE-2021-47107
new file mode 100644
index 00000000..b66b83ed
--- /dev/null
+++ b/retired/CVE-2021-47107
@@ -0,0 +1,18 @@
+Description: NFSD: Fix READDIR buffer overflow
+References:
+Notes:
+ carnil> Introduced in f5dcccd647da ("NFSD: Update the NFSv2 READDIR entry encoder to
+ carnil> use struct xdr_stream")
+ carnil> 7f87fc2d34d4 ("NFSD: Update NFSv3 READDIR entry encoders to use struct
+ carnil> xdr_stream"). Vulnerable versions: 5.13-rc1.
+Bugs:
+upstream: released (5.16-rc7) [53b1119a6e5028b125f431a0116ba73510d82a72]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47108 b/retired/CVE-2021-47108
new file mode 100644
index 00000000..f1e0fe12
--- /dev/null
+++ b/retired/CVE-2021-47108
@@ -0,0 +1,17 @@
+Description: drm/mediatek: hdmi: Perform NULL pointer check for mtk_hdmi_conf
+References:
+Notes:
+ carnil> Introduced in 41ca9caaae0b ("drm/mediatek: hdmi: Add check for CEA modes only")
+ carnil> c91026a938c2 ("drm/mediatek: hdmi: Add optional limit on maximal HDMI mode
+ carnil> clock"). Vulnerable versions: 5.14-rc1.
+Bugs:
+upstream: released (5.16-rc7) [3b8e19a0aa3933a785be9f1541afd8d398c4ec69]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47109 b/retired/CVE-2021-47109
new file mode 100644
index 00000000..54604371
--- /dev/null
+++ b/retired/CVE-2021-47109
@@ -0,0 +1,16 @@
+Description: neighbour: allow NUD_NOARP entries to be forced GCed
+References:
+Notes:
+ carnil> Introduced in 58956317c8de (neighbor: Improve garbage collection). Vulnerable
+ carnil> versions: 5.0-rc1.
+Bugs:
+upstream: released (5.13-rc7) [7a6b1ab7475fd6478eeaf5c9d1163e7a18125c8f]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [d17d47da59f726dc4c87caebda3a50333d7e2fd3]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47111 b/retired/CVE-2021-47111
new file mode 100644
index 00000000..065a14aa
--- /dev/null
+++ b/retired/CVE-2021-47111
@@ -0,0 +1,16 @@
+Description: xen-netback: take a reference to the RX task thread
+References:
+Notes:
+ carnil> Introduced in 2ac061ce97f4 ('xen/netback: cleanup init and deinit code').
+ carnil> Vulnerable versions: 5.5-rc1.
+Bugs:
+upstream: released (5.13-rc6) [107866a8eb0b664675a260f1ba0655010fac1e08]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [6b53db8c4c14b4e7256f058d202908b54a7b85b4]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47114 b/retired/CVE-2021-47114
new file mode 100644
index 00000000..b40b06d4
--- /dev/null
+++ b/retired/CVE-2021-47114
@@ -0,0 +1,15 @@
+Description: ocfs2: fix data corruption by fallocate
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.13-rc5) [6bba4471f0cc1296fe3c2089b9e52442d3074b2e]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [c8d5faee46242c3f33b8a71a4d7d52214785bfcc]
+4.19-upstream-stable: released (4.19.194) [cec4e857ffaa8c447f51cd8ab4e72350077b6770]
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47117 b/retired/CVE-2021-47117
new file mode 100644
index 00000000..83a24607
--- /dev/null
+++ b/retired/CVE-2021-47117
@@ -0,0 +1,15 @@
+Description: ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.13-rc5) [082cd4ec240b8734a82a89ffb890216ac98fec68]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [d3b668b96ad3192c0581a248ae2f596cd054792a]
+4.19-upstream-stable: released (4.19.194) [569496aa3776eea1ff0d49d0174ac1b7e861e107]
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47118 b/retired/CVE-2021-47118
new file mode 100644
index 00000000..210b07e5
--- /dev/null
+++ b/retired/CVE-2021-47118
@@ -0,0 +1,16 @@
+Description: pid: take a reference when initializing `cad_pid`
+References:
+Notes:
+ carnil> Introduced in 9ec52099e4b8678a ("[PATCH] replace cad_pid by a struct pid").
+ carnil> Vulnerable versions: 2.6.19-rc1.
+Bugs:
+upstream: released (5.13-rc5) [0711f0d7050b9e07c44bc159bbc64ac0a1022c7f]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [7178be006d495ffb741c329012da289b62dddfe6]
+4.19-upstream-stable: released (4.19.194) [d106f05432e60f9f62d456ef017687f5c73cb414]
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47120 b/retired/CVE-2021-47120
new file mode 100644
index 00000000..7ccb3f60
--- /dev/null
+++ b/retired/CVE-2021-47120
@@ -0,0 +1,16 @@
+Description: HID: magicmouse: fix NULL-deref on disconnect
+References:
+Notes:
+ carnil> Introduced in 9d7b18668956 ("HID: magicmouse: add support for Apple Magic
+ carnil> Trackpad 2"). Vulnerable versions: 4.20-rc1.
+Bugs:
+upstream: released (5.13-rc5) [4b4f6cecca446abcb686c6e6c451d4f1ec1a7497]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [b5d013c4c76b276890135b5d32803c4c63924b77]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47121 b/retired/CVE-2021-47121
new file mode 100644
index 00000000..62703df2
--- /dev/null
+++ b/retired/CVE-2021-47121
@@ -0,0 +1,16 @@
+Description: net: caif: fix memory leak in cfusbl_device_notify
+References:
+Notes:
+ carnil> Introduced in 7ad65bf68d70 ("caif: Add support for CAIF over CDC NCM USB
+ carnil> interface"). Vulnerable versions: 3.3-rc1.
+Bugs:
+upstream: released (5.13-rc5) [7f5d86669fa4d485523ddb1d212e0a2d90bd62bb]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [46403c1f80b0d3f937ff9c4f5edc63bb64bc5051]
+4.19-upstream-stable: released (4.19.194) [9ea0ab48e755d8f29fe89eb235fb86176fdb597f]
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47122 b/retired/CVE-2021-47122
new file mode 100644
index 00000000..6c9933cd
--- /dev/null
+++ b/retired/CVE-2021-47122
@@ -0,0 +1,16 @@
+Description: net: caif: fix memory leak in caif_device_notify
+References:
+Notes:
+ carnil> Introduced in 7c18d2205ea7 ("caif: Restructure how link caif link layer
+ carnil> enroll"). Vulnerable versions: 3.3-rc1.
+Bugs:
+upstream: released (5.13-rc5) [b53558a950a89824938e9811eddfc8efcd94e1bb]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [af2806345a37313f01b1c9f15e046745b8ee2daa]
+4.19-upstream-stable: released (4.19.194) [3be863c11cab725add9fef4237ed4e232c3fc3bb]
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47123 b/retired/CVE-2021-47123
new file mode 100644
index 00000000..d1c163e4
--- /dev/null
+++ b/retired/CVE-2021-47123
@@ -0,0 +1,16 @@
+Description: io_uring: fix ltout double free on completion race
+References:
+Notes:
+ carnil> Introduced in 90cd7e424969d ("io_uring: track link timeout's master
+ carnil> explicitly"). Vulnerable versions: 5.11-rc1.
+Bugs:
+upstream: released (5.13-rc2) [447c19f3b5074409c794b350b10306e1da1ef4ba]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47124 b/retired/CVE-2021-47124
new file mode 100644
index 00000000..23c07b01
--- /dev/null
+++ b/retired/CVE-2021-47124
@@ -0,0 +1,16 @@
+Description: io_uring: fix link timeout refs
+References:
+Notes:
+ carnil> Introduced in 9ae1f8dd372e0 ("io_uring: fix inconsistent lock state").
+ carnil> Vulnerable versions: 5.10.26 5.11.6 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc2) [a298232ee6b9a1d5d732aa497ff8be0d45b5bd82]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.55) [6f5d7a45f58d3abe3a936de1441b8d6318f978ff]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.70-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47125 b/retired/CVE-2021-47125
new file mode 100644
index 00000000..202a0e78
--- /dev/null
+++ b/retired/CVE-2021-47125
@@ -0,0 +1,16 @@
+Description: sch_htb: fix refcount leak in htb_parent_to_leaf_offload
+References:
+Notes:
+ carnil> Introduced in ae81feb7338c ("sch_htb: fix null pointer dereference on a null
+ carnil> new_q"). Vulnerable versions: 5.12-rc7.
+Bugs:
+upstream: released (5.13-rc5) [944d671d5faa0d78980a3da5c0f04960ef1ad893]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47126 b/retired/CVE-2021-47126
new file mode 100644
index 00000000..7469aed5
--- /dev/null
+++ b/retired/CVE-2021-47126
@@ -0,0 +1,18 @@
+Description: ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions
+References:
+Notes:
+ carnil> Introduced in f88d8ea67fbdb ("ipv6: Plumb support for nexthop object in a
+ carnil> fib6_info")
+ carnil> 706ec91916462 ("ipv6: Fix nexthop refcnt leak when creating ipv6 route info").
+ carnil> Vulnerable versions: 5.3-rc1 5.4.58 5.7.15 5.8.
+Bugs:
+upstream: released (5.13-rc5) [821bbf79fe46a8b1d18aa456e8ed0a3c208c3754]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [09870235827451409ff546b073d754a19fd17e2e]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47127 b/retired/CVE-2021-47127
new file mode 100644
index 00000000..db6c7394
--- /dev/null
+++ b/retired/CVE-2021-47127
@@ -0,0 +1,16 @@
+Description: ice: track AF_XDP ZC enabled queues in bitmap
+References:
+Notes:
+ carnil> Introduced in c7a219048e45 ("ice: Remove xsk_buff_pool from VSI structure").
+ carnil> Vulnerable versions: 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc5) [e102db780e1c14f10c70dafa7684af22a745b51d]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47128 b/retired/CVE-2021-47128
new file mode 100644
index 00000000..529b4471
--- /dev/null
+++ b/retired/CVE-2021-47128
@@ -0,0 +1,16 @@
+Description: bpf, lockdown, audit: Fix buggy SELinux lockdown permission checks
+References:
+Notes:
+ carnil> Introduced in 59438b46471a ("security,lockdown,selinux: implement SELinux
+ carnil> lockdown"). Vulnerable versions: 5.6-rc1.
+Bugs:
+upstream: released (5.13-rc5) [ff40e51043af63715ab413995ff46996ecf9583f]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [ff5039ec75c83d2ed5b781dc7733420ee8c985fc]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47129 b/retired/CVE-2021-47129
new file mode 100644
index 00000000..f9838405
--- /dev/null
+++ b/retired/CVE-2021-47129
@@ -0,0 +1,16 @@
+Description: netfilter: nft_ct: skip expectations for confirmed conntrack
+References:
+Notes:
+ carnil> Introduced in 857b46027d6f ("netfilter: nft_ct: add ct expectations support").
+ carnil> Vulnerable versions: 5.3-rc1.
+Bugs:
+upstream: released (5.13-rc5) [1710eb913bdcda3917f44d383c32de6bdabfc836]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [5f3429c05e4028a0e241afdad856dd15dec2ffb9]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47130 b/retired/CVE-2021-47130
new file mode 100644
index 00000000..ee2d4af1
--- /dev/null
+++ b/retired/CVE-2021-47130
@@ -0,0 +1,16 @@
+Description: nvmet: fix freeing unallocated p2pmem
+References:
+Notes:
+ carnil> Introduced in c6e3f1339812 ("nvmet: add metadata support for block devices").
+ carnil> Vulnerable versions: 5.8-rc1.
+Bugs:
+upstream: released (5.13-rc5) [bcd9a0797d73eeff659582f23277e7ab6e5f18f3]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [c440cd080761b18a52cac20f2a42e5da1e3995af]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47132 b/retired/CVE-2021-47132
new file mode 100644
index 00000000..bf34c4f8
--- /dev/null
+++ b/retired/CVE-2021-47132
@@ -0,0 +1,16 @@
+Description: mptcp: fix sk_forward_memory corruption on retransmission
+References:
+Notes:
+ carnil> Introduced in 64b9cea7a0af ("mptcp: fix spurious retransmissions"). Vulnerable
+ carnil> versions: 5.11.4 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc5) [b5941f066b4ca331db225a976dae1d6ca8cf0ae3]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47133 b/retired/CVE-2021-47133
new file mode 100644
index 00000000..4a78e032
--- /dev/null
+++ b/retired/CVE-2021-47133
@@ -0,0 +1,16 @@
+Description: HID: amd_sfh: Fix memory leak in amd_sfh_work
+References:
+Notes:
+ carnil> Introduced in 4b2c53d93a4b ("SFH:Transport Driver to add support of AMD Sensor
+ carnil> Fusion Hub (SFH)"). Vulnerable versions: 5.11-rc1.
+Bugs:
+upstream: released (5.13-rc5) [5ad755fd2b326aa2bc8910b0eb351ee6aece21b1]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47134 b/retired/CVE-2021-47134
new file mode 100644
index 00000000..8958a6f6
--- /dev/null
+++ b/retired/CVE-2021-47134
@@ -0,0 +1,16 @@
+Description: efi/fdt: fix panic when no valid fdt found
+References:
+Notes:
+ carnil> Introduced in b91540d52a08b ("RISC-V: Add EFI runtime services"). Vulnerable
+ carnil> versions: 5.10-rc1.
+Bugs:
+upstream: released (5.13-rc5) [668a84c1bfb2b3fd5a10847825a854d63fac7baa]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [5148066edbdc89c6fe5bc419c31a5c22e5f83bdb]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47135 b/retired/CVE-2021-47135
new file mode 100644
index 00000000..8aece323
--- /dev/null
+++ b/retired/CVE-2021-47135
@@ -0,0 +1,16 @@
+Description: mt76: mt7921: fix possible AOOB issue in mt7921_mcu_tx_rate_report
+References:
+Notes:
+ carnil> Introduced in 1c099ab44727c ("mt76: mt7921: add MCU support"). Vulnerable
+ carnil> versions: 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc5) [d874e6c06952382897d35bf4094193cd44ae91bd]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47136 b/retired/CVE-2021-47136
new file mode 100644
index 00000000..d2e8a29c
--- /dev/null
+++ b/retired/CVE-2021-47136
@@ -0,0 +1,18 @@
+Description: net: zero-initialize tc skb extension on allocation
+References:
+Notes:
+ carnil> Introduced in 038ebb1a713d ("net/sched: act_ct: fix miss set mru for ovs after
+ carnil> defrag in act_ct")
+ carnil> d29334c15d33 ("net/sched: act_api: fix miss set post_ct for ovs after do
+ carnil> conntrack in act_ct"). Vulnerable versions: 5.7.15 5.9-rc1 5.12-rc5.
+Bugs:
+upstream: released (5.13-rc4) [9453d45ecb6c2199d72e73c993e9d98677a2801b]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [ac493452e937b8939eaf2d24cac51a4804b6c20e]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47137 b/retired/CVE-2021-47137
new file mode 100644
index 00000000..60a7a4e1
--- /dev/null
+++ b/retired/CVE-2021-47137
@@ -0,0 +1,16 @@
+Description: net: lantiq: fix memory corruption in RX ring
+References:
+Notes:
+ carnil> Introduced in fe1a56420cf2 ("net: lantiq: Add Lantiq / Intel VRX200 Ethernet
+ carnil> driver "). Vulnerable versions: 4.20-rc1.
+Bugs:
+upstream: released (5.13-rc4) [c7718ee96dbc2f9c5fc3b578abdf296dd44b9c20]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [5ac72351655f8b033a2935646f53b7465c903418]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47138 b/retired/CVE-2021-47138
new file mode 100644
index 00000000..f9ac6665
--- /dev/null
+++ b/retired/CVE-2021-47138
@@ -0,0 +1,16 @@
+Description: cxgb4: avoid accessing registers when clearing filters
+References:
+Notes:
+ carnil> Introduced in b1a79360ee86 ("cxgb4: Delete all hash and TCAM filters before
+ carnil> resource cleanup"). Vulnerable versions: 5.2-rc1.
+Bugs:
+upstream: released (5.13-rc4) [88c380df84fbd03f9b137c2b9d0a44b9f2f553b0]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [02f03883fdb10ad7e66717c70ea163a8d27ae6e7]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47139 b/retired/CVE-2021-47139
new file mode 100644
index 00000000..cc3aba9d
--- /dev/null
+++ b/retired/CVE-2021-47139
@@ -0,0 +1,16 @@
+Description: net: hns3: put off calling register_netdev() until client initialize complete
+References:
+Notes:
+ carnil> Introduced in 08a100689d4b ("net: hns3: re-organize vector handle"). Vulnerable
+ carnil> versions: 5.6-rc1.
+Bugs:
+upstream: released (5.13-rc4) [a289a7e5c1d49b7d47df9913c1cc81fb48fab613]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [a663c1e418a3b5b8e8edfad4bc8e7278c312d6fc]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47140 b/retired/CVE-2021-47140
new file mode 100644
index 00000000..1b26ce39
--- /dev/null
+++ b/retired/CVE-2021-47140
@@ -0,0 +1,16 @@
+Description: iommu/amd: Clear DMA ops when switching domain
+References:
+Notes:
+ carnil> Introduced in 08a27c1c3ecf ("iommu: Add support to change default domain of an
+ carnil> iommu group"). Vulnerable versions: 5.11-rc1.
+Bugs:
+upstream: released (5.13-rc4) [d6177a6556f853785867e2ec6d5b7f4906f0d809]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47141 b/retired/CVE-2021-47141
new file mode 100644
index 00000000..a520a37d
--- /dev/null
+++ b/retired/CVE-2021-47141
@@ -0,0 +1,16 @@
+Description: gve: Add NULL pointer checks when freeing irqs.
+References:
+Notes:
+ carnil> Introduced in 893ce44df565 ("gve: Add basic driver framework for Compute Engine
+ carnil> Virtual NIC"). Vulnerable versions: 5.3-rc1.
+Bugs:
+upstream: released (5.13-rc4) [5218e919c8d06279884aa0baf76778a6817d5b93]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [da21a35c00ff1a1794d4f166d3b3fa8db4d0f6fb]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47142 b/retired/CVE-2021-47142
new file mode 100644
index 00000000..f7a40fe7
--- /dev/null
+++ b/retired/CVE-2021-47142
@@ -0,0 +1,15 @@
+Description: drm/amdgpu: Fix a use-after-free
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.13-rc3) [1e5c37385097c35911b0f8a0c67ffd10ee1af9a2]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [f98cdf084405333ee2f5be548a91b2d168e49276]
+4.19-upstream-stable: released (4.19.193) [a849e218556f932576c0fb1c5a88714b61709a17]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47144 b/retired/CVE-2021-47144
new file mode 100644
index 00000000..10e65ecd
--- /dev/null
+++ b/retired/CVE-2021-47144
@@ -0,0 +1,15 @@
+Description: drm/amd/amdgpu: fix refcount leak
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.13-rc3) [fa7e6abc75f3d491bc561734312d065dc9dc2a77]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [9fdb8ed37a3a44f9c49372b69f87fd5f61cb3240]
+4.19-upstream-stable: released (4.19.193) [599e5d61ace952b0bb9bd942b198bbd0cfded1d7]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47145 b/retired/CVE-2021-47145
new file mode 100644
index 00000000..e94f00c4
--- /dev/null
+++ b/retired/CVE-2021-47145
@@ -0,0 +1,15 @@
+Description: btrfs: do not BUG_ON in link_to_fixup_dir
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.13-rc3) [91df99a6eb50d5a1bc70fff4a09a0b7ae6aab96d]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [7e13db503918820e6333811cdc6f151dcea5090a]
+4.19-upstream-stable: released (4.19.193) [6eccfb28f8dca70c9b1b3bb3194ca54cbe73a9fa]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47146 b/retired/CVE-2021-47146
new file mode 100644
index 00000000..b2eada1e
--- /dev/null
+++ b/retired/CVE-2021-47146
@@ -0,0 +1,16 @@
+Description: mld: fix panic in mld_newpack()
+References:
+Notes:
+ carnil> Introduced in 72e09ad107e7 ("ipv6: avoid high order allocations"). Vulnerable
+ carnil> versions: 2.6.35-rc3.
+Bugs:
+upstream: released (5.13-rc4) [020ef930b826d21c5446fdc9db80fd72a791bc21]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [beb39adb150f8f3b516ddf7c39835a9788704d23]
+4.19-upstream-stable: released (4.19.193) [4b77ad9097067b31237eeeee0bf70f80849680a0]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47147 b/retired/CVE-2021-47147
new file mode 100644
index 00000000..c5cc5ffa
--- /dev/null
+++ b/retired/CVE-2021-47147
@@ -0,0 +1,16 @@
+Description: ptp: ocp: Fix a resource leak in an error handling path
+References:
+Notes:
+ carnil> Introduced in a7e1abad13f3 ("ptp: Add clock driver for the OpenCompute
+ carnil> TimeCard."). Vulnerable versions: 5.11-rc1.
+Bugs:
+upstream: released (5.13-rc4) [9c1bb37f8cad5e2ee1933fa1da9a6baa7876a8e4]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47148 b/retired/CVE-2021-47148
new file mode 100644
index 00000000..5df6864e
--- /dev/null
+++ b/retired/CVE-2021-47148
@@ -0,0 +1,16 @@
+Description: octeontx2-pf: fix a buffer overflow in otx2_set_rxfh_context()
+References:
+Notes:
+ carnil> Introduced in 81a4362016e7 ("octeontx2-pf: Add RSS multi group support").
+ carnil> Vulnerable versions: 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc4) [e5cc361e21648b75f935f9571d4003aaee480214]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47149 b/retired/CVE-2021-47149
new file mode 100644
index 00000000..b1b1ca41
--- /dev/null
+++ b/retired/CVE-2021-47149
@@ -0,0 +1,15 @@
+Description: net: fujitsu: fix potential null-ptr-deref
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.13-rc3) [52202be1cd996cde6e8969a128dc27ee45a7cb5e]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [71723a796ab7881f491d663c6cd94b29be5fba50]
+4.19-upstream-stable: released (4.19.193) [7883d3895d0fbb0ba9bff0f8665f99974b45210f]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47150 b/retired/CVE-2021-47150
new file mode 100644
index 00000000..bd562813
--- /dev/null
+++ b/retired/CVE-2021-47150
@@ -0,0 +1,16 @@
+Description: net: fec: fix the potential memory leak in fec_enet_init()
+References:
+Notes:
+ carnil> Introduced in 59d0f7465644 ("net: fec: init multi queue date structure").
+ carnil> Vulnerable versions: 3.18-rc1.
+Bugs:
+upstream: released (5.13-rc4) [619fee9eb13b5d29e4267cb394645608088c28a8]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [8ee7ef4a57a9e1228b6f345aaa70aa8951c7e9cd]
+4.19-upstream-stable: released (4.19.193) [15102886bc8f5f29daaadf2d925591d564c17e9f]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47151 b/retired/CVE-2021-47151
new file mode 100644
index 00000000..cbb1acff
--- /dev/null
+++ b/retired/CVE-2021-47151
@@ -0,0 +1,16 @@
+Description: interconnect: qcom: bcm-voter: add a missing of_node_put()
+References:
+Notes:
+ carnil> Introduced in 976daac4a1c5 ("interconnect: qcom: Consolidate interconnect RPMh
+ carnil> support"). Vulnerable versions: 5.7-rc1.
+Bugs:
+upstream: released (5.13-rc4) [a00593737f8bac2c9e97b696e7ff84a4446653e8]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [4e3cea8035b6f1b9055e69cc6ebf9fa4e50763ae]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47152 b/retired/CVE-2021-47152
new file mode 100644
index 00000000..00fefcfc
--- /dev/null
+++ b/retired/CVE-2021-47152
@@ -0,0 +1,16 @@
+Description: mptcp: fix data stream corruption
+References:
+Notes:
+ carnil> Introduced in 18b683bff89d ("mptcp: queue data for mptcp level
+ carnil> retransmission"). Vulnerable versions: 5.7-rc1.
+Bugs:
+upstream: released (5.13-rc4) [29249eac5225429b898f278230a6ca2baa1ae154]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [3267a061096efc91eda52c2a0c61ba76e46e4b34]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47153 b/retired/CVE-2021-47153
new file mode 100644
index 00000000..993c17ba
--- /dev/null
+++ b/retired/CVE-2021-47153
@@ -0,0 +1,16 @@
+Description: i2c: i801: Don't generate an interrupt on bus reset
+References:
+Notes:
+ carnil> Introduced in 636752bcb517 ("i2c-i801: Enable IRQ for SMBus transactions").
+ carnil> Vulnerable versions: 3.6-rc1.
+Bugs:
+upstream: released (5.13-rc4) [e4d8716c3dcec47f1557024add24e1f3c09eb24b]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [b523feb7e8e44652f92f3babb953a976e7ccbbef]
+4.19-upstream-stable: released (4.19.193) [c70e1ba2e7e65255a0ce004f531dd90dada97a8c]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47158 b/retired/CVE-2021-47158
new file mode 100644
index 00000000..cef78d31
--- /dev/null
+++ b/retired/CVE-2021-47158
@@ -0,0 +1,18 @@
+Description: net: dsa: sja1105: add error handling in sja1105_setup()
+References:
+Notes:
+ carnil> Introduced in 0a7bdbc23d8a ("net: dsa: sja1105: move devlink param code to
+ carnil> sja1105_devlink.c")
+ carnil> 8aa9ebccae87 ("net: dsa: Introduce driver for NXP SJA1105 5-port L2 switch").
+ carnil> Vulnerable versions: 5.2-rc1 5.10-rc1.
+Bugs:
+upstream: released (5.13-rc4) [cec279a898a3b004411682f212215ccaea1cd0fb]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [dd8609f203448ca6d58ae71461208b3f6b0329b0]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47159 b/retired/CVE-2021-47159
new file mode 100644
index 00000000..6893562f
--- /dev/null
+++ b/retired/CVE-2021-47159
@@ -0,0 +1,16 @@
+Description: net: dsa: fix a crash if ->get_sset_count() fails
+References:
+Notes:
+ carnil> Introduced in badf3ada60ab ("net: dsa: Provide CPU port statistics to master
+ carnil> netdev"). Vulnerable versions: 4.7-rc1.
+Bugs:
+upstream: released (5.13-rc4) [a269333fa5c0c8e53c92b5a28a6076a28cde3e83]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [caff86f85512b8e0d9830e8b8b0dfe13c68ce5b6]
+4.19-upstream-stable: released (4.19.193) [0f2cb08c57edefb0e7b5045e0e3e9980a3d3aa37]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47160 b/retired/CVE-2021-47160
new file mode 100644
index 00000000..ed97bcd9
--- /dev/null
+++ b/retired/CVE-2021-47160
@@ -0,0 +1,16 @@
+Description: net: dsa: mt7530: fix VLAN traffic leaks
+References:
+Notes:
+ carnil> Introduced in 83163f7dca56 ("net: dsa: mediatek: add VLAN support for MT7530").
+ carnil> Vulnerable versions: 4.16-rc1.
+Bugs:
+upstream: released (5.13-rc4) [474a2ddaa192777522a7499784f1d60691cd831a]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [b91117b66fe875723a4e79ec6263526fffdb44d2]
+4.19-upstream-stable: released (4.19.193) [ae389812733b1b1e8e07fcc238e41db166b5c78d]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47161 b/retired/CVE-2021-47161
new file mode 100644
index 00000000..adeb7427
--- /dev/null
+++ b/retired/CVE-2021-47161
@@ -0,0 +1,16 @@
+Description: spi: spi-fsl-dspi: Fix a resource leak in an error handling path
+References:
+Notes:
+ carnil> Introduced in 90ba37033cb9 ("spi: spi-fsl-dspi: Add DMA support for Vybrid").
+ carnil> Vulnerable versions: 4.10-rc1.
+Bugs:
+upstream: released (5.13-rc4) [680ec0549a055eb464dce6ffb4bfb736ef87236e]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [fe6921e3b8451a537e01c031b8212366bb386e3e]
+4.19-upstream-stable: released (4.19.199) [00450ed03a17143e2433b461a656ef9cd17c2f1d]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.208-1)
diff --git a/retired/CVE-2021-47162 b/retired/CVE-2021-47162
new file mode 100644
index 00000000..fe078ee1
--- /dev/null
+++ b/retired/CVE-2021-47162
@@ -0,0 +1,16 @@
+Description: tipc: skb_linearize the head skb when reassembling msgs
+References:
+Notes:
+ carnil> Introduced in 45c8b7b175ce ("tipc: allow non-linear first fragment buffer").
+ carnil> Vulnerable versions: 4.1.14 4.2.7 4.3.
+Bugs:
+upstream: released (5.13-rc4) [b7df21cf1b79ab7026f545e7bf837bd5750ac026]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [6da24cfc83ba4f97ea44fc7ae9999a006101755c]
+4.19-upstream-stable: released (4.19.193) [4b1761898861117c97066aea6c58f68a7787f0bf]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47164 b/retired/CVE-2021-47164
new file mode 100644
index 00000000..9d7688fd
--- /dev/null
+++ b/retired/CVE-2021-47164
@@ -0,0 +1,16 @@
+Description: net/mlx5e: Fix null deref accessing lag dev
+References:
+Notes:
+ carnil> Introduced in 7e51891a237f ("net/mlx5e: Use netdev events to set/del egress acl
+ carnil> forward-to-vport rule"). Vulnerable versions: 5.8-rc1.
+Bugs:
+upstream: released (5.13-rc4) [83026d83186bc48bb41ee4872f339b83f31dfc55]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [2e4b0b95a489259f9d35a3db17023061f8f3d587]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47165 b/retired/CVE-2021-47165
new file mode 100644
index 00000000..9c53fc7b
--- /dev/null
+++ b/retired/CVE-2021-47165
@@ -0,0 +1,16 @@
+Description: drm/meson: fix shutdown crash when component not probed
+References:
+Notes:
+ carnil> Introduced in fa0c16caf3d7 ("drm: meson_drv add shutdown function"). Vulnerable
+ carnil> versions: 4.14.226 4.19.181 5.4.106 5.10.24 5.11.7 5.12-rc3.
+Bugs:
+upstream: released (5.13-rc4) [7cfc4ea78fc103ea51ecbacd9236abb5b1c490d2]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [d66083c0d6f5125a4d982aa177dd71ab4cd3d212]
+4.19-upstream-stable: released (4.19.193) [e256a0eb43e17209e347409a80805b1659398d68]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47166 b/retired/CVE-2021-47166
new file mode 100644
index 00000000..391bf256
--- /dev/null
+++ b/retired/CVE-2021-47166
@@ -0,0 +1,16 @@
+Description: NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce()
+References:
+Notes:
+ carnil> Introduced in a7d42ddb3099 ("nfs: add mirroring support to pgio layer").
+ carnil> Vulnerable versions: 4.0-rc1 4.1.52 4.4.124 4.9.90.
+Bugs:
+upstream: released (5.13-rc4) [0d0ea309357dea0d85a82815f02157eb7fcda39f]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [7087db95c0a06ab201b8ebfac6a7ec1e34257997]
+4.19-upstream-stable: released (4.19.193) [40f139a6d50c232c0d1fd1c5e65a845c62db0ede]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47168 b/retired/CVE-2021-47168
new file mode 100644
index 00000000..8b97c4cc
--- /dev/null
+++ b/retired/CVE-2021-47168
@@ -0,0 +1,16 @@
+Description: NFS: fix an incorrect limit in filelayout_decode_layout()
+References:
+Notes:
+ carnil> Introduced in 16b374ca439f ("NFSv4.1: pnfs: filelayout: add driver's LAYOUTGET
+ carnil> and GETDEVICEINFO infrastructure"). Vulnerable versions: 2.6.37-rc1.
+Bugs:
+upstream: released (5.13-rc4) [769b01ea68b6c49dc3cde6adf7e53927dacbd3a8]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [9b367fe770b1b80d7bf64ed0d177544a44405f6e]
+4.19-upstream-stable: released (4.19.193) [945ebef997227ca8c20bad7f8a8358c8ee57a84a]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47169 b/retired/CVE-2021-47169
new file mode 100644
index 00000000..54ce9fb6
--- /dev/null
+++ b/retired/CVE-2021-47169
@@ -0,0 +1,15 @@
+Description: serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait'
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.13-rc4) [016002848c82eeb5d460489ce392d91fe18c475c]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [6a931ceb0b9401fe18d0c500e08164bf9cc7be4b]
+4.19-upstream-stable: released (4.19.193) [35265552c7fe9553c75e324c80f45e28ff14eb6e]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47170 b/retired/CVE-2021-47170
new file mode 100644
index 00000000..65b51338
--- /dev/null
+++ b/retired/CVE-2021-47170
@@ -0,0 +1,15 @@
+Description: USB: usbfs: Don't WARN about excessively large memory allocations
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.13-rc4) [4f2629ea67e7225c3fd292c7fe4f5b3c9d6392de]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [8d83f109e920d2776991fa142bb904d985dca2ed]
+4.19-upstream-stable: released (4.19.193) [2ab21d6e1411999b5fb43434f421f00bf50002eb]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47171 b/retired/CVE-2021-47171
new file mode 100644
index 00000000..f69056a3
--- /dev/null
+++ b/retired/CVE-2021-47171
@@ -0,0 +1,17 @@
+Description: net: usb: fix memory leak in smsc75xx_bind
+References:
+Notes:
+ carnil> Introduced in d0cad871703b ("smsc75xx: SMSC LAN75xx USB gigabit ethernet
+ carnil> adapter driver"). Vulnerable versions: 2.6.34-rc2 3.16.61 3.18.120 4.4.152
+ carnil> 4.9.124 4.14.67 4.17.19.
+Bugs:
+upstream: released (5.13-rc4) [46a8b29c6306d8bbfd92b614ef65a47c900d8e70]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [635ac38b36255d3cfb8312cf7c471334f4d537e0]
+4.19-upstream-stable: released (4.19.193) [9e6a3eccb28779710cbbafc4f4258d92509c6d07]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47172 b/retired/CVE-2021-47172
new file mode 100644
index 00000000..def6a22a
--- /dev/null
+++ b/retired/CVE-2021-47172
@@ -0,0 +1,16 @@
+Description: iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers
+References:
+Notes:
+ carnil> Introduced in d7857e4ee1ba6 ("iio: adc: ad7124: Fix DT channel configuration").
+ carnil> Vulnerable versions: 5.4.14 5.5-rc7.
+Bugs:
+upstream: released (5.13-rc4) [f2a772c51206b0c3f262e4f6a3812c89a650191b]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [f70122825076117787b91e7f219e21c09f11a5b9]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47173 b/retired/CVE-2021-47173
new file mode 100644
index 00000000..7d6b3624
--- /dev/null
+++ b/retired/CVE-2021-47173
@@ -0,0 +1,16 @@
+Description: misc/uss720: fix memory leak in uss720_probe
+References:
+Notes:
+ carnil> Introduced in 0f36163d3abe ("[PATCH] usb: fix uss720 schedule with interrupts
+ carnil> off"). Vulnerable versions: 2.6.14-rc1.
+Bugs:
+upstream: released (5.13-rc4) [dcb4b8ad6a448532d8b681b5d1a7036210b622de]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [5394ae9d8c7961dd93807fdf1b12a1dde96b0a55]
+4.19-upstream-stable: released (4.19.193) [386918878ce4cd676e4607233866e03c9399a46a]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47174 b/retired/CVE-2021-47174
new file mode 100644
index 00000000..95f78369
--- /dev/null
+++ b/retired/CVE-2021-47174
@@ -0,0 +1,16 @@
+Description: netfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to non-AVX2 version
+References:
+Notes:
+ carnil> Introduced in 7400b063969b ("nft_set_pipapo: Introduce AVX2-based lookup
+ carnil> implementation"). Vulnerable versions: 5.7-rc1.
+Bugs:
+upstream: released (5.13-rc4) [f0b3d338064e1fe7531f0d2977e35f3b334abfb4]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [b1f45a26bd322525c14edd9504f6d46dfad679a4]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47175 b/retired/CVE-2021-47175
new file mode 100644
index 00000000..4a578144
--- /dev/null
+++ b/retired/CVE-2021-47175
@@ -0,0 +1,16 @@
+Description: net/sched: fq_pie: fix OOB access in the traffic path
+References:
+Notes:
+ carnil> Introduced in ec97ecf1ebe4 ("net: sched: add Flow Queue PIE packet scheduler").
+ carnil> Vulnerable versions: 5.6-rc1.
+Bugs:
+upstream: released (5.13-rc4) [e70f7a11876a1a788ceadf75e9e5f7af2c868680]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [e6294c06e7c62ffdd5bf3df696d3a4fcbb753d3c]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47176 b/retired/CVE-2021-47176
new file mode 100644
index 00000000..5fee9edd
--- /dev/null
+++ b/retired/CVE-2021-47176
@@ -0,0 +1,16 @@
+Description: s390/dasd: add missing discipline function
+References:
+Notes:
+ carnil> Introduced in b72949328869 ("s390/dasd: Prepare for additional path event
+ carnil> handling"). Vulnerable versions: 5.4.235 5.10.173 5.11-rc1.
+Bugs:
+upstream: released (5.13-rc4) [c0c8a8397fa8a74d04915f4d3d28cb4a5d401427]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.175) [aa8579bc084673c651204f7cd0d6308a47dffc16]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-47177 b/retired/CVE-2021-47177
new file mode 100644
index 00000000..ca669707
--- /dev/null
+++ b/retired/CVE-2021-47177
@@ -0,0 +1,16 @@
+Description: iommu/vt-d: Fix sysfs leak in alloc_iommu()
+References:
+Notes:
+ carnil> Introduced in 39ab9555c2411 ("iommu: Add sysfs bindings for struct
+ carnil> iommu_device"). Vulnerable versions: 4.11-rc1.
+Bugs:
+upstream: released (5.13-rc4) [0ee74d5a48635c848c20f152d0d488bf84641304]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [f01134321d04f47c718bb41b799bcdeda27873d2]
+4.19-upstream-stable: released (4.19.193) [2ec5e9bb6b0560c90d315559c28a99723c80b996]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47179 b/retired/CVE-2021-47179
new file mode 100644
index 00000000..68fe90c7
--- /dev/null
+++ b/retired/CVE-2021-47179
@@ -0,0 +1,17 @@
+Description: NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return()
+References:
+Notes:
+ carnil> Introduced in de144ff4234f ("NFSv4: Don't discard segments marked for return in
+ carnil> _pnfs_return_layout()"). Vulnerable versions: 4.9.269 4.14.233 4.19.191 5.4.118
+ carnil> 5.10.36 5.11.20 5.12.3 5.13-rc1.
+Bugs:
+upstream: released (5.13-rc4) [a421d218603ffa822a0b8045055c03eae394a7eb]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [f9890652185b72b8de9ebeb4406037640b6e1b53]
+4.19-upstream-stable: released (4.19.193) [39785761feadf261bc5101372b0b0bbaf6a94494]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-47180 b/retired/CVE-2021-47180
new file mode 100644
index 00000000..68dfae55
--- /dev/null
+++ b/retired/CVE-2021-47180
@@ -0,0 +1,16 @@
+Description: NFC: nci: fix memory leak in nci_allocate_device
+References:
+Notes:
+ carnil> Introduced in 11f54f228643 ("NFC: nci: Add HCI over NCI protocol support").
+ carnil> Vulnerable versions: 4.0-rc1.
+Bugs:
+upstream: released (5.13-rc4) [e0652f8bb44d6294eeeac06d703185357f25d50b]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.41) [b34cb7ac32cc8e5471dc773180ea9ae676b1a745]
+4.19-upstream-stable: released (4.19.193) [0365701bc44e078682ee1224866a71897495c7ef]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2022-0001 b/retired/CVE-2022-0001
new file mode 100644
index 00000000..5cf3b1ea
--- /dev/null
+++ b/retired/CVE-2022-0001
@@ -0,0 +1,15 @@
+Description: Sharing of branch predictor selectors between contexts on Intel CPUs
+References:
+ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html
+ https://github.com/vusec/bhi-spectre-bhb
+Notes:
+ bwh> A.k.a. "Spectre BHB". Details to be published in INTEL-SA-00598
+Bugs:
+upstream: released (5.17-rc8) [d45476d9832409371537013ebdd8dc1a7781f97a, 1e19da8522c81bf46b335f84137165741e0d82b7, 5ad3eb1132453b9795ce5fd4572b1c18b292cca9, 44a3918c8245ab10c6c9719dd12e7a8d291980d8, 244d00b5dd4755f8df892c86cab35fb2cfd4f14b, e9b6013a7ce31535b04b02ba99babefe8a8599fa, eafd987d4a82c7bb5aa12f0e3b4f8f3dea93e678, 0de05d056afdb00eca8c7bbb0c79a3438daf700c]
+5.10-upstream-stable: released (5.10.105) [f38774bb6e231d647d40ceeb8ddf9082eabde667, a6a119d647ad1f73067d3cffb43104df3f920bcc, 071e8b69d7808d96f388d7c5ed606e75fd3d518d, afc2d635b5e18e2b33116d8e121ee149882e33eb, 2fdf67a1d215574c31b1a716f80fa0fdccd401d7, e335384560d1e106b609e8febd7e0427075a8938, cc9e3e55bde71b2fac1494f503d5ffc560c7fb8d, d04937ae94903087279e4a016b7741cdee59d521]
+4.19-upstream-stable: released (4.19.234) [25440a8c77dd2fde6a8e9cfc0c616916febf408e, 3f66bedb96ff4c064a819e68499f79b38297ba26, 7af95ef3ec6248696300fce5c68f6c8c4f50e4a4, 995629e1d8e6751936c6e2b738f70b392b0461de, d3cb3a6927222268a10b2f12dfb8c9444f7cc39e, c034d344e733a3ac574dd09e39e911a50025c607, 8bfdba77595aee5c3e83ed1c9994c35d6d409605, 9711b12a3f4c0fc73dd257c1e467e6e42155a5f1]
+4.9-upstream-stable: released (4.9.306) [a771511caa8e31cb5cac4fa39165ebbca3e62795, d0ba50275860b456ff570edf3dcc2db5d2eb9eb8, f9238d33710d74ac3dd668abaa53b2274f8e6fe6, 6481835a9a5b74e349e5c20ae8a9cb10a2e907fa, b6a1aec08a84ccb331ce526c051df074150cf3c5, 0db1c4307aded2c5e618654f9341a249e0c1051f, 8edabefdc13294a9b15671937d165b948cf34d69, 0753760184745250e39018bb25ba77557390fe91]
+sid: released (5.16.12-1) [bugfix/x86/bhb/0001-x86-speculation-Rename-RETPOLINE_AMD-to-RETPOLINE_LF.patch, bugfix/x86/bhb/0002-x86-speculation-Add-eIBRS-Retpoline-options.patch, bugfix/x86/bhb/0003-Documentation-hw-vuln-Update-spectre-doc.patch, bugfix/x86/bhb/0004-x86-speculation-Include-unprivileged-eBPF-status-in-.patch, bugfix/x86/bhb/0005-x86-speculation-Use-generic-retpoline-by-default-on-.patch, bugfix/x86/bhb/0006-x86-speculation-Update-link-to-AMD-speculation-white.patch, bugfix/x86/bhb/0007-x86-speculation-Warn-about-Spectre-v2-LFENCE-mitigat.patch, bugfix/x86/bhb/0008-x86-speculation-Warn-about-eIBRS-LFENCE-Unprivileged.patch]
+5.10-bullseye-security: released (5.10.103-1) [bugfix/x86/bhb/0002-x86-speculation-Rename-RETPOLINE_AMD-to-RETPOLINE_LF.patch, bugfix/x86/bhb/0003-x86-speculation-Add-eIBRS-Retpoline-options.patch, bugfix/x86/bhb/0004-Documentation-hw-vuln-Update-spectre-doc.patch, bugfix/x86/bhb/0005-x86-speculation-Include-unprivileged-eBPF-status-in-.patch, bugfix/x86/bhb/0006-x86-speculation-Use-generic-retpoline-by-default-on-.patch, bugfix/x86/bhb/0007-x86-speculation-Update-link-to-AMD-speculation-white.patch, bugfix/x86/bhb/0008-x86-speculation-Warn-about-Spectre-v2-LFENCE-mitigat.patch, bugfix/x86/bhb/0009-x86-speculation-Warn-about-eIBRS-LFENCE-Unprivileged.patch]
+4.19-buster-security: released (4.19.232-1) [bugfix/x86/bhb/0004-x86-speculation-Rename-RETPOLINE_AMD-to-RETPOLINE_LF.patch, bugfix/x86/bhb/0005-x86-speculation-Add-eIBRS-Retpoline-options.patch, bugfix/x86/bhb/0006-Documentation-hw-vuln-Update-spectre-doc.patch, bugfix/x86/bhb/0007-x86-speculation-Include-unprivileged-eBPF-status-in-.patch, bugfix/x86/bhb/0008-x86-speculation-Use-generic-retpoline-by-default-on-.patch, bugfix/x86/bhb/0009-x86-speculation-Update-link-to-AMD-speculation-white.patch, bugfix/x86/bhb/0010-x86-speculation-Warn-about-Spectre-v2-LFENCE-mitigat.patch, bugfix/x86/bhb/0011-x86-speculation-Warn-about-eIBRS-LFENCE-Unprivileged.patch]
+4.9-stretch-security: released (4.9.303-1) [bugfix/x86/bhb/0004-x86-speculation-Rename-RETPOLINE_AMD-to-RETPOLINE_LF.patch, bugfix/x86/bhb/0005-x86-speculation-Add-eIBRS-Retpoline-options.patch, bugfix/x86/bhb/0006-Documentation-hw-vuln-Update-spectre-doc.patch, bugfix/x86/bhb/0007-x86-speculation-Include-unprivileged-eBPF-status-in-.patch, bugfix/x86/bhb/0008-x86-speculation-Use-generic-retpoline-by-default-on-.patch, bugfix/x86/bhb/0009-x86-speculation-Update-link-to-AMD-speculation-white.patch, bugfix/x86/bhb/0010-x86-speculation-Warn-about-Spectre-v2-LFENCE-mitigat.patch, bugfix/x86/bhb/0011-x86-speculation-Warn-about-eIBRS-LFENCE-Unprivileged.patch]
diff --git a/retired/CVE-2022-0002 b/retired/CVE-2022-0002
new file mode 100644
index 00000000..fb8fda60
--- /dev/null
+++ b/retired/CVE-2022-0002
@@ -0,0 +1,17 @@
+Description: Sharing of branch predictor selectors in same context on Intel CPUs
+References:
+ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html
+ https://github.com/vusec/bhi-spectre-bhb
+Notes:
+ bwh> A.k.a. "Spectre BHB". Details to be published in INTEL-SA-00598.
+ bwh> Unprivileged eBPF must also be disabled
+ bwh> (CONFIG_BPF_UNPRIV_DEFAULT_OFF=y).
+Bugs:
+upstream: released (5.17-rc8) [d45476d9832409371537013ebdd8dc1a7781f97a, 1e19da8522c81bf46b335f84137165741e0d82b7, 5ad3eb1132453b9795ce5fd4572b1c18b292cca9, 44a3918c8245ab10c6c9719dd12e7a8d291980d8, 244d00b5dd4755f8df892c86cab35fb2cfd4f14b, e9b6013a7ce31535b04b02ba99babefe8a8599fa, eafd987d4a82c7bb5aa12f0e3b4f8f3dea93e678, 0de05d056afdb00eca8c7bbb0c79a3438daf700c]
+5.10-upstream-stable: released (5.10.105) [f38774bb6e231d647d40ceeb8ddf9082eabde667, a6a119d647ad1f73067d3cffb43104df3f920bcc, 071e8b69d7808d96f388d7c5ed606e75fd3d518d, afc2d635b5e18e2b33116d8e121ee149882e33eb, 2fdf67a1d215574c31b1a716f80fa0fdccd401d7, e335384560d1e106b609e8febd7e0427075a8938, cc9e3e55bde71b2fac1494f503d5ffc560c7fb8d, d04937ae94903087279e4a016b7741cdee59d521]
+4.19-upstream-stable: released (4.19.234) [25440a8c77dd2fde6a8e9cfc0c616916febf408e, 3f66bedb96ff4c064a819e68499f79b38297ba26, 7af95ef3ec6248696300fce5c68f6c8c4f50e4a4, 995629e1d8e6751936c6e2b738f70b392b0461de, d3cb3a6927222268a10b2f12dfb8c9444f7cc39e, c034d344e733a3ac574dd09e39e911a50025c607, 8bfdba77595aee5c3e83ed1c9994c35d6d409605, 9711b12a3f4c0fc73dd257c1e467e6e42155a5f1]
+4.9-upstream-stable: released (4.9.306) [a771511caa8e31cb5cac4fa39165ebbca3e62795, d0ba50275860b456ff570edf3dcc2db5d2eb9eb8, f9238d33710d74ac3dd668abaa53b2274f8e6fe6, 6481835a9a5b74e349e5c20ae8a9cb10a2e907fa, b6a1aec08a84ccb331ce526c051df074150cf3c5, 0db1c4307aded2c5e618654f9341a249e0c1051f, 8edabefdc13294a9b15671937d165b948cf34d69, 0753760184745250e39018bb25ba77557390fe91]
+sid: released (5.16.12-1) [bugfix/x86/bhb/0001-x86-speculation-Rename-RETPOLINE_AMD-to-RETPOLINE_LF.patch, bugfix/x86/bhb/0002-x86-speculation-Add-eIBRS-Retpoline-options.patch, bugfix/x86/bhb/0003-Documentation-hw-vuln-Update-spectre-doc.patch, bugfix/x86/bhb/0004-x86-speculation-Include-unprivileged-eBPF-status-in-.patch, bugfix/x86/bhb/0005-x86-speculation-Use-generic-retpoline-by-default-on-.patch, bugfix/x86/bhb/0006-x86-speculation-Update-link-to-AMD-speculation-white.patch, bugfix/x86/bhb/0007-x86-speculation-Warn-about-Spectre-v2-LFENCE-mitigat.patch, bugfix/x86/bhb/0008-x86-speculation-Warn-about-eIBRS-LFENCE-Unprivileged.patch]
+5.10-bullseye-security: released (5.10.103-1) [bugfix/x86/bhb/0002-x86-speculation-Rename-RETPOLINE_AMD-to-RETPOLINE_LF.patch, bugfix/x86/bhb/0003-x86-speculation-Add-eIBRS-Retpoline-options.patch, bugfix/x86/bhb/0004-Documentation-hw-vuln-Update-spectre-doc.patch, bugfix/x86/bhb/0005-x86-speculation-Include-unprivileged-eBPF-status-in-.patch, bugfix/x86/bhb/0006-x86-speculation-Use-generic-retpoline-by-default-on-.patch, bugfix/x86/bhb/0007-x86-speculation-Update-link-to-AMD-speculation-white.patch, bugfix/x86/bhb/0008-x86-speculation-Warn-about-Spectre-v2-LFENCE-mitigat.patch, bugfix/x86/bhb/0009-x86-speculation-Warn-about-eIBRS-LFENCE-Unprivileged.patch]
+4.19-buster-security: released (4.19.232-1) [bugfix/x86/bhb/0004-x86-speculation-Rename-RETPOLINE_AMD-to-RETPOLINE_LF.patch, bugfix/x86/bhb/0005-x86-speculation-Add-eIBRS-Retpoline-options.patch, bugfix/x86/bhb/0006-Documentation-hw-vuln-Update-spectre-doc.patch, bugfix/x86/bhb/0007-x86-speculation-Include-unprivileged-eBPF-status-in-.patch, bugfix/x86/bhb/0008-x86-speculation-Use-generic-retpoline-by-default-on-.patch, bugfix/x86/bhb/0009-x86-speculation-Update-link-to-AMD-speculation-white.patch, bugfix/x86/bhb/0010-x86-speculation-Warn-about-Spectre-v2-LFENCE-mitigat.patch, bugfix/x86/bhb/0011-x86-speculation-Warn-about-eIBRS-LFENCE-Unprivileged.patch]
+4.9-stretch-security: released (4.9.303-1) [bugfix/x86/bhb/0004-x86-speculation-Rename-RETPOLINE_AMD-to-RETPOLINE_LF.patch, bugfix/x86/bhb/0005-x86-speculation-Add-eIBRS-Retpoline-options.patch, bugfix/x86/bhb/0006-Documentation-hw-vuln-Update-spectre-doc.patch, bugfix/x86/bhb/0007-x86-speculation-Include-unprivileged-eBPF-status-in-.patch, bugfix/x86/bhb/0008-x86-speculation-Use-generic-retpoline-by-default-on-.patch, bugfix/x86/bhb/0009-x86-speculation-Update-link-to-AMD-speculation-white.patch, bugfix/x86/bhb/0010-x86-speculation-Warn-about-Spectre-v2-LFENCE-mitigat.patch, bugfix/x86/bhb/0011-x86-speculation-Warn-about-eIBRS-LFENCE-Unprivileged.patch]
diff --git a/retired/CVE-2022-0168 b/retired/CVE-2022-0168
new file mode 100644
index 00000000..f33b5b7f
--- /dev/null
+++ b/retired/CVE-2022-0168
@@ -0,0 +1,16 @@
+Description: cifs: fix NULL ptr dereference in smb2_ioctl_query_info()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2037386
+ https://starlabs.sg/advisories/22-0168/
+Notes:
+ carnil> For 5.16.y fixed in 5.16.19 and for 5.17.y fixed in 5.17.2.
+ bwh> Bug was introduced in 5.4 by commit 0e90696dc2b3.
+Bugs:
+upstream: released (5.18-rc1) [b92e358757b91c2827af112cae9af513f26a3f34]
+5.10-upstream-stable: released (5.10.110) [9963ccea6087268e1275b992dca5d0dd4b938765]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.17.3-1)
+5.10-bullseye-security: released (5.10.113-1)
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-0171 b/retired/CVE-2022-0171
new file mode 100644
index 00000000..d9d1a855
--- /dev/null
+++ b/retired/CVE-2022-0171
@@ -0,0 +1,17 @@
+Description: KVM: cache incoherence issue in SEV API may lead to kernel crash
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2038940
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bb4ce2c65881a2b9bdcd384f54a260a12a89dd91
+ https://bugzilla.suse.com/show_bug.cgi?id=1199509
+Notes:
+ carnil> Need to isolate the required commits from the merge which are
+ carnil> relevant for the CVE.
+Bugs:
+upstream: released (5.18-rc4) [683412ccf61294d727ead4a73d97397396e69a6b]
+5.10-upstream-stable: released (5.10.146) [a60babeb60ff276963d4756c7fd2e7bf242bb777]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.18.2-1)
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-0185 b/retired/CVE-2022-0185
new file mode 100644
index 00000000..6d62a9c4
--- /dev/null
+++ b/retired/CVE-2022-0185
@@ -0,0 +1,19 @@
+Description: vfs: fs_context: fix up param length parsing in legacy_parse_param
+References:
+ https://www.openwall.com/lists/oss-security/2022/01/18/7
+ https://www.openwall.com/lists/oss-security/2022/01/25/14
+ https://twitter.com/cor_ctf/status/1486022971034529794
+ https://github.com/Crusaders-of-Rust/CVE-2022-0185
+ https://www.willsroot.io/2022/01/cve-2022-0185.html
+Notes:
+ carnil> Introduced with 3e1aeb00e6d1 ("vfs: Implement a filesystem
+ carnil> superblock creation/configuration context") in 5.1-rc1.
+Bugs:
+upstream: released (5.17-rc1) [722d94847de29310e8aa03fcbdb41fc92c521756]
+5.10-upstream-stable: released (5.10.93) [eadde287a62e66b2f9e62d007c59a8f50d4b8413]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1) [bugfix/all/vfs-fs_context-fix-up-param-length-parsing-in-legacy.patch]
+5.10-bullseye-security: released (5.10.92-1) [bugfix/all/vfs-fs_context-fix-up-param-length-parsing-in-legacy.patch]
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-0264 b/retired/CVE-2022-0264
new file mode 100644
index 00000000..d65fcd08
--- /dev/null
+++ b/retired/CVE-2022-0264
@@ -0,0 +1,13 @@
+Description: bpf: Fix kernel address leakage in atomic fetch
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2041547
+Notes:
+Bugs:
+upstream: released (5.16-rc6) [7d3baf0afa3aa9102d6a521a8e4c41888bb79882]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.5-2)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-0286 b/retired/CVE-2022-0286
new file mode 100644
index 00000000..0968ce7f
--- /dev/null
+++ b/retired/CVE-2022-0286
@@ -0,0 +1,14 @@
+Description: bonding: fix null dereference in bond_ipsec_add_sa()
+References:
+ https://syzkaller.appspot.com/bug?id=160f641886d88bf11cbf1236cc4db994bb210626
+ https://bugzilla.redhat.com/show_bug.cgi?id=2037019
+Notes:
+Bugs:
+upstream: released (5.14-rc2) [105cd17a866017b45f3c45901b394c711c97bf40]
+5.10-upstream-stable: released (5.10.54) [ba7bfcdff1ad4ea475395079add1cd7b79f81684]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.70-1)
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-0322 b/retired/CVE-2022-0322
new file mode 100644
index 00000000..77a02941
--- /dev/null
+++ b/retired/CVE-2022-0322
@@ -0,0 +1,15 @@
+Description: sctp: account stream padding length for reconf chunk
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2042822
+Notes:
+ carnil> Commit fixes cc16f00f6529 ("sctp: add support for generating
+ carnil> stream reconf ssn reset request chunk") in 4.11-rc1.
+Bugs:
+upstream: released (5.15-rc6) [a2d859e3fc97e79d907761550dbc03ff1b36479c]
+5.10-upstream-stable: released (5.10.75) [d84a69ac410f6228873d05d35120f6bdddab7fc3]
+4.19-upstream-stable: released (4.19.213) [c57fdeff69b152185fafabd37e6bfecfce51efda]
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.16-1)
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-0330 b/retired/CVE-2022-0330
new file mode 100644
index 00000000..806ddbbe
--- /dev/null
+++ b/retired/CVE-2022-0330
@@ -0,0 +1,14 @@
+Description: drm/i915: Flush TLBs before releasing backing store
+References:
+ https://www.openwall.com/lists/oss-security/2022/01/25/12
+Notes:
+ carnil> Fixed in 5.16.4 for 5.16.y and 5.15.18 for 5.15.y.
+Bugs:
+upstream: released (5.17-rc2) [7938d61591d33394a21bdd7797a245b65428f44c]
+5.10-upstream-stable: released (5.10.95) [6a6acf927895c38bdd9f3cd76b8dbfc25ac03e88]
+4.19-upstream-stable: released (4.19.227) [b188780649081782e341e52223db47c49f172712]
+4.9-upstream-stable: released (4.9.299) [84f4ab5b47d955ad2bb30115d7841d3e8f0994f4]
+sid: released (5.15.15-2) [bugfix/x86/drm-i915-Flush-TLBs-before-releasing-backing-store.patch]
+5.10-bullseye-security: released (5.10.92-2) [bugfix/x86/drm-i915-Flush-TLBs-before-releasing-backing-store.patch]
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: released (4.9.303-1)
diff --git a/retired/CVE-2022-0382 b/retired/CVE-2022-0382
new file mode 100644
index 00000000..102b3dc4
--- /dev/null
+++ b/retired/CVE-2022-0382
@@ -0,0 +1,15 @@
+Description: net ticp:fix a kernel-infoleak in __tipc_sendmsg()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2046440
+Notes:
+ bwh> Introduced in 5.13-rc1 by commit 908148bc5046
+ bwh> "tipc: refactor tipc_sendmsg() and tipc_lookup_anycast()".
+Bugs:
+upstream: released (5.16) [d6d86830705f173fca6087a3e67ceaf68db80523]
+5.10-upstream-stable: N/A "Vulnerability introduced later"
+4.19-upstream-stable: N/A "Vulnerability introduced later"
+4.9-upstream-stable: N/A "Vulnerability introduced later"
+sid: released (5.15.15-1)
+5.10-bullseye-security: N/A "Vulnerability introduced later"
+4.19-buster-security: N/A "Vulnerability introduced later"
+4.9-stretch-security: N/A "Vulnerability introduced later"
diff --git a/retired/CVE-2022-0433 b/retired/CVE-2022-0433
new file mode 100644
index 00000000..07038af5
--- /dev/null
+++ b/retired/CVE-2022-0433
@@ -0,0 +1,17 @@
+Description: bpf: Add missing map_get_next_key method to bloom filter map.
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2048259
+ https://lore.kernel.org/bpf/20210921210225.4095056-2-joannekoong@fb.com/
+ https://lore.kernel.org/bpf/d5776f5d-3416-4e3b-8751-8a5a9e6a0d4d@iogearbox.net/T/
+Notes:
+ carnil> Introduced with 9330986c0300 ("bpf: Add bloom filter map
+ carnil> implementation") in 5.16-rc1.
+Bugs:
+upstream: released (5.17-rc1) [3ccdcee28415c4226de05438b4d89eb5514edf73]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-0435 b/retired/CVE-2022-0435
new file mode 100644
index 00000000..5495d3cf
--- /dev/null
+++ b/retired/CVE-2022-0435
@@ -0,0 +1,16 @@
+Description: tipc: improve size validations for received domain records
+References:
+ https://www.openwall.com/lists/oss-security/2022/02/10/1
+Notes:
+ carnil> Introduced with 35c55c9877f8 ("tipc: add neighbor monitoring
+ carnil> framework") in 4.8-rc1.
+ carnil> Fixed as well in 5.16.9 for 5.16.y.
+Bugs:
+upstream: released (5.17-rc4) [9aa422ad326634b76309e8ff342c246800621216]
+5.10-upstream-stable: released (5.10.100) [3c7e5943553594f68bbc070683db6bb6f6e9e78e]
+4.19-upstream-stable: released (4.19.229) [f1af11edd08dd8376f7a84487cbb0ea8203e3a1d]
+4.9-upstream-stable: released (4.9.301) [175db196e45d6f0e6047eccd09c8ba55465eb131]
+sid: released (5.16.10-1)
+5.10-bullseye-security: released (5.10.92-2) [bugfix/all/tipc-improve-size-validations-for-received-domain-re.patch]
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: released (4.9.303-1)
diff --git a/retired/CVE-2022-0480 b/retired/CVE-2022-0480
new file mode 100644
index 00000000..1a5cebfb
--- /dev/null
+++ b/retired/CVE-2022-0480
@@ -0,0 +1,15 @@
+Description: memcg: enable accounting for file lock caches
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2049700
+ https://github.com/kata-containers/kata-containers/issues/3373
+ https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm@linux-foundation.org/
+Notes:
+Bugs:
+upstream: released (5.15-rc1) [0f12156dff2862ac54235fc72703f18770769042]
+5.10-upstream-stable: ignored "Minor issue"
+4.19-upstream-stable: ignored "Minor issue"
+4.9-upstream-stable: ignored "Minor issue"
+sid: released (5.15.3-1)
+5.10-bullseye-security: ignored "Minor issue"
+4.19-buster-security: ignored "Minor issue"
+4.9-stretch-security: ignored "Minor issue"
diff --git a/retired/CVE-2022-0487 b/retired/CVE-2022-0487
new file mode 100644
index 00000000..5194a44d
--- /dev/null
+++ b/retired/CVE-2022-0487
@@ -0,0 +1,16 @@
+Description: Use after free in moxart_remove
+References:
+ https://lore.kernel.org/all/20220114075934.302464-1-gregkh@linuxfoundation.org/
+ https://bugzilla.suse.com/show_bug.cgi?id=1194516
+ https://lore.kernel.org/all/20220127071638.4057899-1-gregkh@linuxfoundation.org/
+Notes:
+ carnil> CONFIG_MMC_MOXART is not set in Debian.
+Bugs:
+upstream: released (5.17-rc4) [bd2db32e7c3e35bd4d9b8bbff689434a50893546]
+5.10-upstream-stable: released (5.10.100) [be93028d306dac9f5b59ebebd9ec7abcfc69c156]
+4.19-upstream-stable: released (4.19.229) [9c25d5ff1856b91bd4365e813f566cb59aaa9552]
+4.9-upstream-stable: released (4.9.301) [f5dc193167591e88797262ec78515a0cbe79ff5f]
+sid: released (5.16.10-1)
+5.10-bullseye-security: released (5.10.103-1)
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: released (4.9.303-1)
diff --git a/retired/CVE-2022-0492 b/retired/CVE-2022-0492
new file mode 100644
index 00000000..bf08c11e
--- /dev/null
+++ b/retired/CVE-2022-0492
@@ -0,0 +1,17 @@
+Description: cgroup-v1: Require capabilities to set release_agent
+References:
+ https://www.openwall.com/lists/oss-security/2022/02/04/1
+ https://twitter.com/chompie1337/status/1489366167600906240
+Notes:
+ carnil> Fixed as well in 5.15.20 for 5.15.y and 5.16.6 for 5.16.y.
+ carnil> Original fix will need a followup fix 467a726b754f ("cgroup-v1:
+ carnil> Correct privileges check in release_agent writes")
+Bugs:
+upstream: released (5.17-rc3) [24f6008564183aa120d07c03d9289519c2fe02af]
+5.10-upstream-stable: released (5.10.97) [1fc3444cda9a78c65b769e3fa93455e09ff7a0d3]
+4.19-upstream-stable: released (4.19.229) [939f8b491887c27585933ea7dc5ad4123de58ff3]
+4.9-upstream-stable: released (4.9.301) [7e33a0ad792f04bad920c7197bda8cc2ea08d304]
+sid: released (5.16.7-1)
+5.10-bullseye-security: released (5.10.103-1)
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: released (4.9.303-1)
diff --git a/retired/CVE-2022-0494 b/retired/CVE-2022-0494
new file mode 100644
index 00000000..1a3b874a
--- /dev/null
+++ b/retired/CVE-2022-0494
@@ -0,0 +1,14 @@
+Description: block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2039448
+ https://lore.kernel.org/all/20220216084038.15635-1-tcs.kernel@gmail.com/
+Notes:
+Bugs:
+upstream: released (5.17-rc5) [cc8f7fe1f5eab010191aa4570f27641876fa1267]
+5.10-upstream-stable: released (5.10.115) [a439819f4797f0846c7cffa9475f44aef23c541f]
+4.19-upstream-stable: released (4.19.246) [18243d8479fd77952bdb6340024169d30b173a40]
+4.9-upstream-stable: released (4.9.317) [d59073bedb7cf752b8cd4027dd0f67cf7ac4330f]
+sid: released (5.16.14-1)
+5.10-bullseye-security: released (5.10.120-1)
+4.19-buster-security: released (4.19.249-1)
+4.9-stretch-security: released (4.9.320-2)
diff --git a/retired/CVE-2022-0516 b/retired/CVE-2022-0516
new file mode 100644
index 00000000..51685098
--- /dev/null
+++ b/retired/CVE-2022-0516
@@ -0,0 +1,17 @@
+Description: KVM: s390: Return error on SIDA memop on normal guest
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2050237
+ https://www.openwall.com/lists/oss-security/2022/02/11/2
+Notes:
+ carnil> Introduced by 19e122776886 (KVM: S390: protvirt: Introduce
+ carnil> instruction data area bounce buffer) in 5.7-rc1
+ carnil> Fixed as well in 5.16.9 for 5.16.y.
+Bugs:
+upstream: released (5.17-rc4) [2c212e1baedcd782b2535a3f86bc491977677c0e]
+5.10-upstream-stable: released (5.10.100) [b62267b8b06e9b8bb429ae8f962ee431e6535d60]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.16.10-1)
+5.10-bullseye-security: released (5.10.92-2) [bugfix/s390x/KVM-s390-Return-error-on-SIDA-memop-on-normal-guest.patch]
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-0617 b/retired/CVE-2022-0617
new file mode 100644
index 00000000..fb1e3316
--- /dev/null
+++ b/retired/CVE-2022-0617
@@ -0,0 +1,13 @@
+Description: Null pointer dereference can be triggered when write to an ICB inode
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2053632
+Notes:
+Bugs:
+upstream: released (5.17-rc2) [7fc3b7c2981bbd1047916ade327beccb90994eee, ea8569194b43f0f01f0a84c689388542c7254a1f]
+5.10-upstream-stable: released (5.10.96) [de7cc8bcca90a9d77c915ee1d922dbd670c47d84, 0a3cfd258923aee63e7f144f134d42e205421848]
+4.19-upstream-stable: released (4.19.228) [a23a59717f9f01a49394488f515550f9382fbada, 3740d41e7363374182a42f1621e06d5029c837d5]
+4.9-upstream-stable: released (4.9.300) [f24454e42b5a58267928b0de53b0dd9b43e4dd46, de10d14ce3aacba73c835cb979a85ef9683c193f]
+sid: released (5.16.7-1)
+5.10-bullseye-security: released (5.10.103-1)
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: released (4.9.303-1)
diff --git a/retired/CVE-2022-0644 b/retired/CVE-2022-0644
new file mode 100644
index 00000000..5d97da74
--- /dev/null
+++ b/retired/CVE-2022-0644
@@ -0,0 +1,18 @@
+Description: vfs: check fd has read access in kernel_read_file_from_fd()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2026491
+ https://lore.kernel.org/all/20211007220110.600005-1-willy@infradead.org/
+ https://lkml.org/lkml/2021/10/6/254
+Notes:
+ carnil> CVE got rejected by its assigning CNA (Red Hat) because further
+ carnil> investigation showed that it was not a security issue. Cf.
+ carnil> https://www.cve.org/CVERecord?id=CVE-2022-0644
+Bugs:
+upstream: released (5.15-rc7) [032146cda85566abcd1c4884d9d23e4e30a07e9a]
+5.10-upstream-stable: released (5.10.76) [b721500c979b71a9f02eb84ca384082722c62d4e]
+4.19-upstream-stable: released (4.19.214) [c1ba20965b59c2eeb54a845ca5cab4fc7bcf9735]
+4.9-upstream-stable: released (4.9.288) [52ed5a196b1146e0368e95edc23c38fa1b50825a]
+sid: released (5.14.16-1)
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: released (4.9.290-1)
diff --git a/retired/CVE-2022-0646 b/retired/CVE-2022-0646
new file mode 100644
index 00000000..fa793b06
--- /dev/null
+++ b/retired/CVE-2022-0646
@@ -0,0 +1,15 @@
+Description: mctp: serial: Cancel pending work from ndo_uninit handler
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2055206
+ https://lore.kernel.org/all/20220211011552.1861886-1-jk@codeconstruct.com.au/T/
+Notes:
+ bwh> This driver was only added in 5.17-rc1!
+Bugs:
+upstream: released (5.17-rc5) [6c342ce2239c182c2428ce5a44cb32330434ae6e]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-0742 b/retired/CVE-2022-0742
new file mode 100644
index 00000000..1455c1bc
--- /dev/null
+++ b/retired/CVE-2022-0742
@@ -0,0 +1,22 @@
+Description: ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2059294
+ https://www.openwall.com/lists/oss-security/2022/03/15/3
+Notes:
+ carnil> As of 2022-03-14 the Red Hat bugzilla entry contains a "TODO
+ carnil> add link to patch when public" marking but not yet references
+ carnil> to upstream fixes, but claims to be introduced in commit
+ carnil> f185de28d9ae ("mld: add new workqueues for process mld
+ carnil> events"). The fix seems to be 2d3916f31891 ("ipv6: fix skb
+ carnil> drops in igmp6_event_query() and igmp6_event_report()"), which
+ carnil> is applied in 5.17-rc7.
+ carnil> For 5.16.y the issue is fixed in 5.16.13.
+Bugs:
+upstream: released (5.17-rc7) [2d3916f3189172d5c69d33065c3c21119fe539fc]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.16.14-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-0812 b/retired/CVE-2022-0812
new file mode 100644
index 00000000..e53cf514
--- /dev/null
+++ b/retired/CVE-2022-0812
@@ -0,0 +1,19 @@
+Description: NFS over RDMA random memory leakage
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2058955
+ https://bugzilla.suse.com/show_bug.cgi?id=1196639
+Notes:
+ carnil> As per 2022-03-02 no details provided yet in the Red Hat
+ carnil> Bugzilla entry.
+ carnil> The fix is possibly 912288442cb2 ("xprtrdma: fix incorrect
+ carnil> header size calculations"). Intorduced by 302d3deb2068
+ carnil> ("xprtrdma: Prevent inline overflow").
+Bugs:
+upstream: released (5.8-rc6) [912288442cb2f431bf3c8cb097a5de83bc6dbac1]
+5.10-upstream-stable: N/A "Fixed before branching point"
+4.19-upstream-stable: released (4.19.249) [4103bc54d8684a099615ae1fbab0590cf2167024]
+4.9-upstream-stable: released (4.9.320) [ca6226b5c5b4cf8c41ab7c759686c9aab43a2a33]
+sid: released (5.7.10-1)
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.249-1)
+4.9-stretch-security: released (4.9.320-1)
diff --git a/retired/CVE-2022-0847 b/retired/CVE-2022-0847
new file mode 100644
index 00000000..725813f9
--- /dev/null
+++ b/retired/CVE-2022-0847
@@ -0,0 +1,17 @@
+Description: lib/iov_iter: initialize "flags" in new pipe_buffer
+References:
+ https://www.openwall.com/lists/oss-security/2022/03/07/1
+ https://dirtypipe.cm4all.com/
+Notes:
+ carnil> Only exploitable starting in 5.8-rc1 due to f6dd975583bd
+ carnil> ("pipe: merge anon_pipe_buf*_ops"). The commit which landed in
+ carnil> 5.17-rc6 was still backported to all stable series.
+Bugs:
+upstream: released (5.17-rc6) [9d2231c5d74e13b2a0546fee6737ee4446017903]
+5.10-upstream-stable: released (5.10.102) [b19ec7afa9297d862ed86443e0164643b97250ab]
+4.19-upstream-stable: released (4.19.231) [d46c42d8d2742742eddf9290e72df4b563f2e301]
+4.9-upstream-stable: released (4.9.303) [c460ef6e0596eb5ca844c45338c20f6023f1e43c]
+sid: released (5.16.11-1)
+5.10-bullseye-security: released (5.10.92-2) [bugfix/all/lib-iov_iter-initialize-flags-in-new-pipe_buffer.patch]
+4.19-buster-security: N/A "Vulnerable code introduced later"
+4.9-stretch-security: N/A "Vulnerable code introduced later"
diff --git a/retired/CVE-2022-0850 b/retired/CVE-2022-0850
new file mode 100644
index 00000000..fc5f79fd
--- /dev/null
+++ b/retired/CVE-2022-0850
@@ -0,0 +1,19 @@
+Description: ext4: fix kernel infoleak via ext4_extent_header
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2060606
+ https://syzkaller.appspot.com/bug?id=78e9ad0e6952a3ca16e8234724b2fa92d041b9b8
+Notes:
+ carnil> it is not clear exactly to which syzkaller report the CVE is assigned to.
+ carnil> The https://syzkaller.appspot.com/bug?id=78e9ad0e6952a3ca16e8234724b2fa92d041b9b8
+ carnil> is fixed with the mentioned commits, but there is
+ carnil> https://syzkaller.appspot.com/bug?id=602bc454598b9bc1186ea9f927f6225ef64a397b
+ carnil> which was auto-closed though as invalid.
+Bugs:
+upstream: released (5.14-rc1) [ce3aba43599f0b50adbebff133df8d08a3d5fffe]
+5.10-upstream-stable: released (5.10.50) [ea5466f1a77720217a25a859b5a58b618aaba544]
+4.19-upstream-stable: released (4.19.198) [9ed3a3d3a8d2cbe99d9e4386a98856491f0eade0]
+4.9-upstream-stable: released (4.9.276) [25dcc64fa0c9399653e1fd1a4bad6c1e8cb31f3f]
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.70-1)
+4.19-buster-security: released (4.19.208-1)
+4.9-stretch-security: released (4.9.290-1)
diff --git a/retired/CVE-2022-0854 b/retired/CVE-2022-0854
new file mode 100644
index 00000000..5ca5db34
--- /dev/null
+++ b/retired/CVE-2022-0854
@@ -0,0 +1,26 @@
+Description: swiotlb information leak with DMA_FROM_DEVICE
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2058395
+ https://bugzilla.suse.com/show_bug.cgi?id=1196823
+Notes:
+ carnil> For 5.16.y fixed as well in 5.16.15.
+ carnil> The initial fix commited to mainline which landed in 5.17-rc6
+ carnil> was an old version and so made necessary to followup with a
+ carnil> rework commit aa6f8dcbab47 ("swiotlb: rework "fix info leak
+ carnil> with DMA_FROM_DEVICE"").
+ carnil> The second part of the fix was holded back for stable trees due to
+ carnil> regression caused on at least some wireless drivers, cf.
+ carnil> https://lore.kernel.org/stable/Yj7oXgoCdhWAwFQt@kroah.com/
+ bwh> The second part (commit aa6f8dcbab47) was reverted and replaced by
+ bwh> commit 901c7280ca0d "Reinstate some of "swiotlb: rework "fix info
+ bwh> leak with DMA_FROM_DEVICE""" in 5.18-rc1. That was applied in 5.17.2
+ bwh> but should probably be applied to other stable branches too.
+Bugs:
+upstream: released (5.17-rc6) [ddbd89deb7d32b1fbb879f48d68fda1a8ac58e8e], released (5.18-rc1) [901c7280ca0d5e2b4a8929fbe0bfb007ac2a6544]
+5.10-upstream-stable: released (5.10.110) [d4d975e7921079f877f828099bb8260af335508f], released (5.10.118) [f3f2247ac31cb71d1f05f56536df5946c6652f4a]
+4.19-upstream-stable: released (4.19.245) [8d9ac1b6665c73f23e963775f85d99679fd8e192, 06cb238b0f7ac1669cb06390704c61794724c191]
+4.9-upstream-stable: released (4.9.320) [c132f2ba716b5ee6b35f82226a6e5417d013d753, fd97de9c7b973f46a6103f4170c5efc7b8ef8797]
+sid: released (5.17.3-1)
+5.10-bullseye-security: released (5.10.113-1), released (5.10.120-1)
+4.19-buster-security: released (4.19.249-1)
+4.9-stretch-security: released (4.9.320-2)
diff --git a/retired/CVE-2022-0995 b/retired/CVE-2022-0995
new file mode 100644
index 00000000..9bc353cb
--- /dev/null
+++ b/retired/CVE-2022-0995
@@ -0,0 +1,15 @@
+Description: ouf of bounds writes in watch_queue event notification subsystem
+References:
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=93ce93587d36493f2f86921fa79921b3cba63fbb
+Notes:
+ carnil> For 5.16.y fixed in 5.16.15.
+ bwh> watch_queue was introduced in 5.8.
+Bugs:
+upstream: released (5.17-rc8) [c993ee0f9f81caf5767a50d1faeba39a0dc82af2, db8facfc9fafacefe8a835416a6b77c838088f8b, c1853fbadcba1497f4907971e7107888e0714c81, 96a4d8912b28451cd62825fd7caa0e66e091d938, a66bd7575b5f449ee0ba20cfd21c3bc5b04ef361, 3b4c0371928c17af03e8397ac842346624017ce6, 7ea1a0124b6da246b5bc8c66cddaafd36acf3ecb, 2ed147f015af2b48f41c6f0b6746aa9ea85c19f3, 4edc0760412b0c4ecefc7e02cb855b310b122825]
+5.10-upstream-stable: released (5.10.106) [d729d4e99fb85f734805ff37dd79f38e7db21c0f, 2039900aadba14f438b04d262721ffebc4d33547, e2b52ca4988e12ad75aeece53c4f0af849f0d9dc, 880acbb718e15e46d37fcde75fa52d5cb4336dca, 06ab8444392acdbffb57869d6220fb6654a8c95e, ec03510e0a7784c4fb5c4b3297878a72cca834d5, 24d268130e3cbbef0f9ebb1f350e4c6fcdfffb65, 648895da69ced90ca770fd941c3d9479a9d72c16]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.16.18-1)
+5.10-bullseye-security: released (5.10.106-1)
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-0998 b/retired/CVE-2022-0998
new file mode 100644
index 00000000..f4fdd1c7
--- /dev/null
+++ b/retired/CVE-2022-0998
@@ -0,0 +1,20 @@
+Description: vdpa: clean up get_config_size ret value handling
+References:
+ https://lore.kernel.org/netdev/20220123001216.2460383-13-sashal@kernel.org/
+ https://bugzilla.redhat.com/show_bug.cgi?id=2057506
+ https://www.openwall.com/lists/oss-security/2022/04/02/1
+Notes:
+ carnil> CONFIG_VHOST_VDPA not set in Debian.
+ bwh> The vhost vDPA backend was introduced in 5.7.
+ bwh> The change in 5.17 is described as only clean up, while the actual
+ bwh> fix was commit 3ed21c1451a1, already included in all vulnerable
+ bwh> branches.
+Bugs:
+upstream: released (5.16-rc6) [3ed21c1451a14d139e1ceb18f2fa70865ce3195a]
+5.10-upstream-stable: released (5.10.88) [51f6302f81d243772047a74ffeceddfb11c964d5]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-1011 b/retired/CVE-2022-1011
new file mode 100644
index 00000000..f1b330c6
--- /dev/null
+++ b/retired/CVE-2022-1011
@@ -0,0 +1,14 @@
+Description: fuse: fix pipe buffer lifetime for direct_io
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2064855
+Notes:
+ carnil> Fixed as well in 5.16.15 for 5.16.y.
+Bugs:
+upstream: released (5.17-rc8) [0c4bcfdecb1ac0967619ee7ff44871d93c08c909]
+5.10-upstream-stable: released (5.10.106) [ab5595b45f732212b3b1974041b43a257153edb7]
+4.19-upstream-stable: released (4.19.238) [99db28212be68030c1db3a525f6bbdce39b039e9]
+4.9-upstream-stable: released (4.9.320) [b79d4d0da659a3c7bd1d5913e62188ceb9be9c49]
+sid: released (5.16.18-1)
+5.10-bullseye-security: released (5.10.106-1)
+4.19-buster-security: released (4.19.249-1)
+4.9-stretch-security: released (4.9.320-2)
diff --git a/retired/CVE-2022-1012 b/retired/CVE-2022-1012
new file mode 100644
index 00000000..c7e80ba7
--- /dev/null
+++ b/retired/CVE-2022-1012
@@ -0,0 +1,23 @@
+Description: tcp: Information leakage through limited randomness in source port selection
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2064604
+Notes:
+ carnil> Fixed in 5.17.9 for 5.17.y. For older series only one commit
+ carnil> was applied so far (5.10.117, 4.19.244) and needs check what is
+ carnil> actually needed.
+ carnil> Does the backported commit help mitigating the issue? The fix
+ carnil> is AFAIU not truncating to 32bit the output, but use the 64bits
+ carnil> of SipHash for the port offset calculation.
+ carnil> The main part seems to be b2d057560b81 ("secure_seq: use the 64
+ carnil> bits of the siphash for port offset calculation") in 5.18-rc6
+ carnil> which is backported to 5.10.119 as well and will as well land
+ carnil> in 4.19.246.
+Bugs:
+upstream: released (5.18-rc6) [b2d057560b8107c633b39aabe517ff9d93f285e3, 9e9b70ae923baf2b5e8a0ea4fd0c8451801ac526, 4dfa9b438ee34caca4e6a4e5e961641807367f6f, ca7af0402550f9a0b3316d5f1c30904e42ed257d, e9261476184be1abd486c9434164b2acbe0ed6c2, 4c2c8f03a5ab7cb04ec64724d7d176d00bcc91e5, e8161345ddbb66e449abde10d2fdce93f867eba9]
+5.10-upstream-stable: released (5.10.117) [d254309aab27fdcdc68e6bc9c663e51f3e7b37dc], released (5.10.119) [a5c68f457fbf52c5564ca4eea03f84776ef14e41], released (5.10.125) [dd46a868fcfdf3aac8ffb20b2321e174a0156fb2, d28e64b1c63eced06aedadcacb0be4997c10c7c1, 24b922a5da0055f1bb8b391b83e494d2e5d56508, 9429b75bc271b6f29e50dbb0ee0751800ff87dd9, 7ccb026ecb997405b59d391140c25ee347891504]
+4.19-upstream-stable: released (4.19.244) [abcf4e1277d169b82dd7ee290006487ed16016ce], released (4.19.246) [695309c5c71526d32f5539f008bbf20ed2218528], released (4.19.249) [11abd17d923c041441f7346a4811735b86318773, 22788ee7230772f5040113d53fe757b682f790da, 9b8fba5d9e19548ecf7538917a04071c3c432985, 514cd2859c5017fdc487165b093b328e24afe954, 9b40c2b72362a5ea92128ca7b83307986ac6246f]
+4.9-upstream-stable: released (4.9.320) [576696ed0dee677ec868960c39d96ae3b8c95a3f, 2ed413f140bbb527745e3b42550f44d07c9dfd2a, aa7722529f6d7f3be1dd7b94dcce3f2689ba9756, dd82067bd6cabbc25aa0f459e91a8e5e08fa4782, 3c78eea640f69e2198b69128173e6d65a0bcdc02, a81a6b204a303116e64e0a6288b701cbda9d4de7]
+sid: released (5.17.11-1)
+5.10-bullseye-security: released (5.10.120-1), released (5.10.127-1)
+4.19-buster-security: released (4.19.249-1)
+4.9-stretch-security: released (4.9.320-2)
diff --git a/retired/CVE-2022-1015 b/retired/CVE-2022-1015
new file mode 100644
index 00000000..651d4e0c
--- /dev/null
+++ b/retired/CVE-2022-1015
@@ -0,0 +1,27 @@
+Description: netfilter: nf_tables: validate registers coming from userspace.
+References:
+ https://www.openwall.com/lists/oss-security/2022/03/28/5
+ http://blog.dbouman.nl/2022/04/02/How-The-Tables-Have-Turned-CVE-2022-1015-1016/
+Notes:
+ carnil> Exploitable starting from commit 345023b0db3 ("netfilter:
+ carnil> nftables: add nft_parse_register_store() and use it") in
+ carnil> 5.12-rc1 but bug present since commit 49499c3e6e18 ("netfilter:
+ carnil> nf_tables: switch registers to 32 bit addressing") in 4.1-rc1
+ carnil> Fixed in 5.17.1 for 5.17.y and 5.16.18 for 5.16.y.
+ bwh> If I understand this correctly, the issue is that nft_parse_register()
+ bwh> could return a very large register number that would lead to integer
+ bwh> overflow in the range check in nft_validate_register_{load,store}().
+ bwh> This was not exploitable before commit 345023b0db3 because all in-tree
+ bwh> callers truncated the return value of nft_parse_register() to 8 bits
+ bwh> before passing it on to nft_validate_register_{load,store}().
+ bwh> I also didn't find any out-of-tree modules using nft_parse_register()
+ bwh> through codesearch.debian.net or GitHub.
+Bugs:
+upstream: released (5.18-rc1) [6e1acfa387b9ff82cfc7db8cc3b6959221a95851]
+5.10-upstream-stable: N/A "Vulnerability introduced later"
+4.19-upstream-stable: N/A "Vulnerability introduced later"
+4.9-upstream-stable: N/A "Vulnerability introduced later"
+sid: released (5.16.18-1)
+5.10-bullseye-security: N/A "Vulnerability introduced later"
+4.19-buster-security: N/A "Vulnerability introduced later"
+4.9-stretch-security: N/A "Vulnerability introduced later"
diff --git a/retired/CVE-2022-1016 b/retired/CVE-2022-1016
new file mode 100644
index 00000000..d484414c
--- /dev/null
+++ b/retired/CVE-2022-1016
@@ -0,0 +1,17 @@
+Description: netfilter: nf_tables: initialize registers in nft_do_chain()
+References:
+ https://www.openwall.com/lists/oss-security/2022/03/28/5
+ http://blog.dbouman.nl/2022/04/02/How-The-Tables-Have-Turned-CVE-2022-1015-1016/
+Notes:
+ carnil> Exploitable starting from commit 96518518cc41 (original merge
+ carnil> of nf_tables) in 3.13-rc1.
+ carnil> Fixed as well in 5.17.1 for 5.17.y and 5.16.18 for 5.16.y.
+Bugs:
+upstream: released (5.18-rc1) [4c905f6740a365464e91467aa50916555b28213d]
+5.10-upstream-stable: released (5.10.109) [2c74374c2e88c7b7992bf808d9f9391f7452f9d9]
+4.19-upstream-stable: released (4.19.237) [88791b79a1eb2ba94e95d039243e28433583a67b]
+4.9-upstream-stable: released (4.9.309) [4d28522acd1c4415c85f6b33463713a268f68965]
+sid: released (5.16.18-1)
+5.10-bullseye-security: released (5.10.113-1)
+4.19-buster-security: released (4.19.249-1)
+4.9-stretch-security: released (4.9.320-2)
diff --git a/retired/CVE-2022-1043 b/retired/CVE-2022-1043
new file mode 100644
index 00000000..de692f12
--- /dev/null
+++ b/retired/CVE-2022-1043
@@ -0,0 +1,17 @@
+Description: io_uring: fix xa_alloc_cycle() error return value check
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1997328
+ https://bugzilla.suse.com/show_bug.cgi?id=1197393
+ https://github.com/opensrcsec/same_type_object_reuse_exploits/blob/main/cve-2022-1043.c
+Notes:
+ carnil> Introduced by 61cf93700fe6 ("io_uring: Convert personality_idr
+ carnil> to XArray") in 5.12-rc3 (got backported to 5.10.51).
+Bugs:
+upstream: released (5.14-rc7) [a30f895ad3239f45012e860d4f94c1a388b36d14]
+5.10-upstream-stable: released (5.10.61) [695ab28a7fa107d0350ab19eba8ec89fac45a95d]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.70-1)
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-1048 b/retired/CVE-2022-1048
new file mode 100644
index 00000000..884ced57
--- /dev/null
+++ b/retired/CVE-2022-1048
@@ -0,0 +1,18 @@
+Description: race condition in snd_pcm_hw_free leading to use-after-free
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2066706
+ https://lore.kernel.org/all/20220322170720.3529-1-tiwai@suse.de/
+ https://www.openwall.com/lists/oss-security/2022/03/28/4
+Notes:
+ carnil> Fixed as well in 5.16.18 for 5.16.y and 5.17.1 for 5.17.y.
+ bwh> At least some of these races seem to have been introduced in 2.6.9 when
+ bwh> the PCM ioctl implementation started dropping the BKL.
+Bugs:
+upstream: released (5.18-rc1) [92ee3c60ec9fe64404dc035e7c41277d74aa26cb, dca947d4d26dbf925a64a6cfb2ddbc035e831a3d, 3c3201f8c7bb77eb53b08a3ca8d9a4ddc500b4c0, 69534c48ba8ce552ce383b3dfdb271ffe51820c3]
+5.10-upstream-stable: released (5.10.109) [0f6947f5f5208f6ebd4d76a82a4757e2839a23f8, 8527c8f052fb42091c6569cb928e472376a4a889, a38440f006974e693f92a1ea10f819eccc4dcc37, b560d670c87d7d40b3cf6949246fa4c7aa65a00a]
+4.19-upstream-stable: released (4.19.243) [9cb6c40a6ebe4a0cfc9d6a181958211682cffea9, b3830197aa7413c65767cf5a1aa8775c83f0dbf7, 47cef5937a43a412405ea54ad6e0a91d2890493e, e14dca613e0a6ddc2bf6e360f16936a9f865205b]
+4.9-upstream-stable: needed
+sid: released (5.16.18-1)
+5.10-bullseye-security: released (5.10.113-1)
+4.19-buster-security: released (4.19.249-1)
+4.9-stretch-security: ignored "EOL"
diff --git a/retired/CVE-2022-1055 b/retired/CVE-2022-1055
new file mode 100644
index 00000000..fe92a359
--- /dev/null
+++ b/retired/CVE-2022-1055
@@ -0,0 +1,15 @@
+Description: net: sched: fix use-after-free in tc_new_tfilter()
+References:
+ https://syzkaller.appspot.com/bug?id=2212474c958978ab86525fe6832ac8102c309ffc
+Notes:
+ carnil> Commit fixes 470502de5bdb ("net: sched: unlock rules update
+ carnil> API") in 5.1-rc1.
+Bugs:
+upstream: released (5.17-rc3) [04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5]
+5.10-upstream-stable: released (5.10.97) [e7be56926397cf9d992be8913f74a76152f8f08d]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.16.7-1)
+5.10-bullseye-security: released (5.10.103-1)
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-1116 b/retired/CVE-2022-1116
new file mode 100644
index 00000000..3612166d
--- /dev/null
+++ b/retired/CVE-2022-1116
@@ -0,0 +1,15 @@
+Description: io_uring: fix fs->users overflow
+References:
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/fs/io_uring.c?h=v5.4.189&id=1a623d361ffe5cecd4244a02f449528416360038
+Notes:
+ carnil> Issue specific in the 5.4.y branch introduced in 5.4.24 and
+ carnil> fixed 5.4.189.
+Bugs:
+upstream: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-1158 b/retired/CVE-2022-1158
new file mode 100644
index 00000000..8a62fc5b
--- /dev/null
+++ b/retired/CVE-2022-1158
@@ -0,0 +1,16 @@
+Description: KVM: x86/mmu: do compare-and-exchange of gPTE via the user address
+References:
+ https://www.openwall.com/lists/oss-security/2022/04/08/4
+Notes:
+ carnil> Introduced by bd53cb35a3e9 ("X86/KVM: Handle PFNs outside of
+ carnil> kernel reach when touching GPTEs") in 5.2-rc1.
+ carnil> For 5.16.y fixed in 5.16.19 and for 5.17.y fixed in 5.17.2.
+Bugs:
+upstream: released (5.18-rc1) [2a8859f373b0a86f0ece8ec8312607eacf12485d]
+5.10-upstream-stable: released (5.10.110) [e90518d10c7dd59d5ebbe25b0f0083a7dbffa42f]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.17.3-1)
+5.10-bullseye-security: released (5.10.113-1)
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-1195 b/retired/CVE-2022-1195
new file mode 100644
index 00000000..183832f2
--- /dev/null
+++ b/retired/CVE-2022-1195
@@ -0,0 +1,13 @@
+Description: A possible race condition (use-after-free) in drivers/net/hamradio/6pack ( mkiss.c) after unregister_netdev
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2056381
+Notes:
+Bugs:
+upstream: released (5.16-rc1) [3e0588c291d6ce225f2b891753ca41d45ba42469, 0b9111922b1f399aba6ed1e1b8f2079c3da1aed8], released (5.16-rc2) [81b1d548d00bcd028303c4f3150fa753b9b8aa71], released (5.16-rc7) [b2f37aead1b82a770c48b5d583f35ec22aabb61e]
+5.10-upstream-stable: released (5.10.89) [450121075a6a6f1d50f97225d3396315309d61a1, 7dd52af1eb5798f590d9d9e1c56ed8f5744ee0ca], released (5.10.112) [80a4df14643f78b14f1e8e2c7f9ca3da41b01654, cfa98ffc42f16a432b77e438e2fefcdb942eeb04]
+4.19-upstream-stable: released (4.19.223) [896193a02a2981e60c40d4614fd095ce92135ccd, b68f41c6320b2b7fbb54a95f07a69f3dc7e56c59], released (4.19.241) [9d2a1b180f0d5fdf0844cb4c740fafd67bebb9d2, 3befa9b67f2205f10c3b01cc687672e3969be569]
+4.9-upstream-stable: released (4.9.295) [8a1a314965a17c62084a056b4f2cb7a770854c90, 83ba6ec97c74fb1a60f7779a26b6a94b28741d8a]
+sid: released (5.15.15-1)
+5.10-bullseye-security: released (5.10.92-1), released (5.10.113-1)
+4.19-buster-security: released (4.19.232-1), released (4.19.249-1)
+4.9-stretch-security: released (4.9.303-1)
diff --git a/retired/CVE-2022-1198 b/retired/CVE-2022-1198
new file mode 100644
index 00000000..d0dd0faf
--- /dev/null
+++ b/retired/CVE-2022-1198
@@ -0,0 +1,19 @@
+Description: use-after-free in drivers/net/hamradio/6pack.c
+References:
+ https://www.openwall.com/lists/oss-security/2022/04/02/3
+ https://bugzilla.redhat.com/show_bug.cgi?id=2070689
+Notes:
+ bwh> I'm not sure how old this is but it seems to be present back to 4.9.
+ bwh> This depeneds on commits 0b9111922b1f "hamradio: defer 6pack kfree
+ bwh> after unregister_netdev" and 81b1d548d00b "hamradio: remove
+ bwh> needs_free_netdev to avoid UAF", but those are *not* yet included
+ bwh> in the stable backports.
+Bugs:
+upstream: released (5.17-rc6) [efe4186e6a1b54bf38b9e05450d43b0da1fd7739]
+5.10-upstream-stable: released (5.10.110) [f67a1400788f550d201c71aeaf56706afe57f0da]
+4.19-upstream-stable: released (4.19.238) [79e2f40c210a47f283bca352745068207798fbb9]
+4.9-upstream-stable: released (4.9.311) [45d1a63bacf2b6ab27f9b11b5a2431e19d34d01f]
+sid: released (5.16.18-1)
+5.10-bullseye-security: released (5.10.113-1)
+4.19-buster-security: released (4.19.249-1)
+4.9-stretch-security: released (4.9.320-2)
diff --git a/retired/CVE-2022-1199 b/retired/CVE-2022-1199
new file mode 100644
index 00000000..ef5734f4
--- /dev/null
+++ b/retired/CVE-2022-1199
@@ -0,0 +1,14 @@
+Description: Null pointer dereference and use-after-free in ax25_release()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2070694
+ https://www.openwall.com/lists/oss-security/2022/04/02/5
+Notes:
+Bugs:
+upstream: released (5.17-rc3) [4e0f718daf97d47cf7dec122da1be970f145c809], released (5.17-rc4) [7ec02f5ac8a5be5a3f20611731243dc5e1d9ba10], released (5.17-rc8) [71171ac8eb34ce7fe6b3267dce27c313ab3cb3ac]
+5.10-upstream-stable: released (5.10.102) [b9a229fd48bfa45edb954c75a57e3931a3da6c5f], released (5.10.106) [e2201ef32f933944ee02e59205adb566bafcdf91], released (5.10.112) [145ea8d213e8f46667cd904ae79d17f298750f00]
+4.19-upstream-stable: released (4.19.231) [3072e72814de56f3c674650a8af98233ddf78b19], released (4.19.235) [5ab8de9377edde3eaf1de9872e2f01d43157cd6c], released (4.19.240) [cb18d72179bf42a6ccd2b311739017b0ba9bc26e]
+4.9-upstream-stable: released (4.9.303) [851901d339b2ba766ffcf754d37a6f52fa07cea2], released (4.9.307) [cad71f1094834eb69f7ceec8100d300c26b43053]
+sid: released (5.16.18-1)
+5.10-bullseye-security: released (5.10.106-1), released (5.10.113-1)
+4.19-buster-security: released (4.19.235-1), released (4.19.249-1)
+4.9-stretch-security: released (4.9.320-2)
diff --git a/retired/CVE-2022-1204 b/retired/CVE-2022-1204
new file mode 100644
index 00000000..a8b6a381
--- /dev/null
+++ b/retired/CVE-2022-1204
@@ -0,0 +1,16 @@
+Description: UAF caused by binding operation when ax25 device is detaching
+References:
+ https://www.openwall.com/lists/oss-security/2022/04/02/2
+ https://bugzilla.redhat.com/show_bug.cgi?id=2071051
+Notes:
+ carnil> Missing commits in 5.17.y series were addressed in 5.17.2.
+ bwh> I'm not sure how old this is but it seems to be present back to 4.9.
+Bugs:
+upstream: released (5.17-rc3) [d01ffb9eee4af165d83b08dd73ebdf9fe94a519b, 87563a043cef044fed5db7967a75741cc16ad2b1], released (5.17-rc4) [feef318c855a361a1eccd880f33e88c460eb63b4], released (5.18-rc1) [9fd75b66b8f68498454d685dc4ba13192ae069b0, 5352a761308397a0e6250fdc629bb3f615b94747]
+5.10-upstream-stable: released (5.10.112) [5ea00fc60676c0eebfa8560ec461209d638bca9d, 5ddae8d064412ed868610127561652e90acabeea, 57cc15f5fd550316e4104eaf84b90fbc640fd7a5, b20a5ab0f5fb175750c6bafd4cf12daccf00c738]
+4.19-upstream-stable: released (4.19.240) [e2b558fe507a1ed4c43db2b0057fc6e41f20a14c, a518be5772d36fcd0e4815d156e06feb137aad82, b1e0a6fc7f17500484c402ad1cd018c24dfc14b3, 1bf1b2a8a2caf9bc0d3cf1aa903a8dcaaa4371d0]
+4.9-upstream-stable: needed
+sid: released (5.17.3-1)
+5.10-bullseye-security: released (5.10.113-1)
+4.19-buster-security: released (4.19.249-1)
+4.9-stretch-security: ignored "EOL"
diff --git a/retired/CVE-2022-1205 b/retired/CVE-2022-1205
new file mode 100644
index 00000000..3c2ac377
--- /dev/null
+++ b/retired/CVE-2022-1205
@@ -0,0 +1,19 @@
+Description: Null pointer dereference and use-after-free in net/ax25/ax25_timer.c
+References:
+ https://www.openwall.com/lists/oss-security/2022/04/02/4
+ https://bugzilla.redhat.com/show_bug.cgi?id=2071047
+Notes:
+ carnil> For 5.17.y fixed as well in 5.17.2 for the first commit,
+ carnil> fc6d01ff9ef0 ("ax25: Fix NULL pointer dereferences in ax25
+ carnil> timers").
+ bwh> I'm not sure how old this is but it seems to be present back to 4.9.
+ carnil> For 5.17.y the second commit was only included in 5.17.4.
+Bugs:
+upstream: released (5.18-rc1) [fc6d01ff9ef03b66d4a3a23b46fc3c3d8cf92009, 82e31755e55fbcea6a9dfaae5fe4860ade17cbc0]
+5.10-upstream-stable: released (5.10.112) [f934fa478dd17411bc6884153dc824ff9e7505d8, 5c62d3bf14100a88d30888b925fcb61a8c11c012]
+4.19-upstream-stable: released (4.19.240) [512f09df261b51b088f17d86dbdf300a3492523d, 3082f32c45465b692c314131c2a3657e0c23e09d]
+4.9-upstream-stable: needed
+sid: released (5.17.6-1)
+5.10-bullseye-security: released (5.10.113-1)
+4.19-buster-security: released (4.19.249-1)
+4.9-stretch-security: ignored "EOL"
diff --git a/retired/CVE-2022-1263 b/retired/CVE-2022-1263
new file mode 100644
index 00000000..1c2c3aba
--- /dev/null
+++ b/retired/CVE-2022-1263
@@ -0,0 +1,19 @@
+Description: KVM: avoid NULL pointer dereference in kvm_dirty_ring_push
+References:
+ https://www.openwall.com/lists/oss-security/2022/04/07/1
+ https://www.spinics.net/lists/kvm/msg273052.html
+Notes:
+ bwh> Introduced in 5.11-rc1 by commit fb04a1eddb1a "KVM: X86: Implement
+ bwh> ring-based dirty memory tracking". Fix is currently in next as
+ bwh> commit 5593473a1e6c "KVM: avoid NULL pointer dereference in
+ bwh> kvm_dirty_ring_push".
+ carnil> For 5.17.y fixed as well in 5.17.3
+Bugs:
+upstream: released (5.18-rc3) [5593473a1e6c743764b08e3b6071cb43b5cfa6c4]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.17.3-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-1353 b/retired/CVE-2022-1353
new file mode 100644
index 00000000..c255de10
--- /dev/null
+++ b/retired/CVE-2022-1353
@@ -0,0 +1,14 @@
+Description: af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2066819
+ https://lore.kernel.org/all/20220321215240.490132-2-sashal@kernel.org/
+Notes:
+Bugs:
+upstream: released (5.17) [9a564bccb78a76740ea9d75a259942df8143d02c]
+5.10-upstream-stable: released (5.10.110) [8d3f4ad43054619379ccc697cfcbdb2c266800d8]
+4.19-upstream-stable: released (4.19.238) [693fe8af9a2625139de07bd1ae212a7d89c37795]
+4.9-upstream-stable: released (4.9.311) [7b0e01a9b7f2aaeb6fa73b35864b1d7dc6e795c4]
+sid: released (5.17.3-1)
+5.10-bullseye-security: released (5.10.113-1)
+4.19-buster-security: released (4.19.249-1)
+4.9-stretch-security: released (4.9.320-2)
diff --git a/retired/CVE-2022-1419 b/retired/CVE-2022-1419
new file mode 100644
index 00000000..ef1ef6d6
--- /dev/null
+++ b/retired/CVE-2022-1419
@@ -0,0 +1,13 @@
+Description: drm/vgem: Close use-after-free race in vgem_gem_create
+References:
+ https://www.openwall.com/lists/oss-security/2022/04/21/1
+Notes:
+Bugs:
+upstream: released (5.6-rc2) [4b848f20eda5974020f043ca14bacf7a7e634fc8]
+5.10-upstream-stable: N/A "Fixed before branching point"
+4.19-upstream-stable: released (4.19.242) [df2c1f38939aabb8c6beca108f08b90f050b9ebc]
+4.9-upstream-stable: needed
+sid: released (5.5.13-1)
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.249-1)
+4.9-stretch-security: ignored "EOL"
diff --git a/retired/CVE-2022-1462 b/retired/CVE-2022-1462
new file mode 100644
index 00000000..36c3543c
--- /dev/null
+++ b/retired/CVE-2022-1462
@@ -0,0 +1,28 @@
+Description: tty: Race condition leads to heap buffer over-read
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2078466
+ https://www.openwall.com/lists/oss-security/2022/05/27/2
+ https://lore.kernel.org/all/20220601183426.GD2168@kadam/
+ https://bugzilla.suse.com/show_bug.cgi?id=1198829
+Notes:
+ carnil> As of 2022-05-26 not much details provided in RH bugzilla:
+ carnil> descriptions reads as An out-of-bounds read flaw was found in
+ carnil> the Linux kernel’s TeleTYpe subsystem. The issue occurs in
+ carnil> how a user triggers a race condition using ioctls TIOCSPTLCK
+ carnil> and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory
+ carnil> in the flush_to_ldisc function. This flaw allows a local user
+ carnil> to crash the system or read unauthorized random data from
+ carnil> memory.
+ carnil> Issue introduced by 71a174b39f10 ("pty: do tty_flip_buffer_push
+ carnil> without port->lock in pty_write") in 5.10-rc1.
+ bwh> All branches affected because this was introduced by a fix that
+ bwh> was also backported to stable.
+Bugs:
+upstream: released (5.19-rc7) [a501ab75e7624d133a5a3c7ec010687c8b961d23]
+5.10-upstream-stable: released (5.10.134) [08afa87f58d83dfe040572ed591b47e8cb9e225c]
+4.19-upstream-stable: released (4.19.254) [eb059bf8c237fe41fbaed4a6cccacce687b83222]
+4.9-upstream-stable: released (4.9.325) [41ce14090db93fc2f0c8a27ce8a324b0192da7b5]
+sid: released (5.18.14-1)
+5.10-bullseye-security: released (5.10.136-1)
+4.19-buster-security: released (4.19.260-1)
+4.9-stretch-security: ignored "EOL"
diff --git a/retired/CVE-2022-1508 b/retired/CVE-2022-1508
new file mode 100644
index 00000000..8993a0e5
--- /dev/null
+++ b/retired/CVE-2022-1508
@@ -0,0 +1,15 @@
+Description: io_uring: reexpand under-reexpanded iters
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2075533
+Notes:
+ bwh> Introduced in 5.9 by commit 842163154b87 "io_uring: revert consumed
+ bwh> iov_iter bytes on error".
+Bugs:
+upstream: released (5.15-rc1) [2112ff5ce0c1128fe7b4d19cfe7f2b8ce5b595fa, 89c2b3b74918200e46699338d7bcc19b1ea12110]
+5.10-upstream-stable: released (5.10.120) [8adb751d294ed3b668f1c7e41bd7ebe49002a744]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.3-1)
+5.10-bullseye-security: released (5.10.120-1)
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-1516 b/retired/CVE-2022-1516
new file mode 100644
index 00000000..5923750a
--- /dev/null
+++ b/retired/CVE-2022-1516
@@ -0,0 +1,13 @@
+Description: net/x25: Fix null-ptr-deref caused by x25_disconnect
+References:
+Notes:
+ carnil> CONFIG_X25 is not set in Debian.
+Bugs:
+upstream: released (5.18-rc1) [7781607938c8371d4c2b243527430241c62e39c2]
+5.10-upstream-stable: released (5.10.110) [5c94b6205e87411dbe9dc1ca088eb36b8837fb47]
+4.19-upstream-stable: released (4.19.238) [4c240c5a105557e4546d0836e694868f22fd09b0]
+4.9-upstream-stable: released (4.9.311) [dffc859d1d9560da594e4282091781b8d2715f00]
+sid: released (5.17.3-1)
+5.10-bullseye-security: released (5.10.113-1)
+4.19-buster-security: released (4.19.249-1)
+4.9-stretch-security: released (4.9.320-2)
diff --git a/retired/CVE-2022-1651 b/retired/CVE-2022-1651
new file mode 100644
index 00000000..1d54b117
--- /dev/null
+++ b/retired/CVE-2022-1651
@@ -0,0 +1,15 @@
+Description: virt: acrn: fix a memory leak in acrn_dev_ioctl()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2083455
+ https://lore.kernel.org/all/20220308092047.1008409-1-butterflyhuangxx@gmail.com/
+Notes:
+ bwh> This driver was added in 5.12-rc1.
+Bugs:
+upstream: released (5.18-rc1) [ecd1735f14d6ac868ae5d8b7a2bf193fa11f388b]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.17.3-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-1652 b/retired/CVE-2022-1652
new file mode 100644
index 00000000..a6ddf10a
--- /dev/null
+++ b/retired/CVE-2022-1652
@@ -0,0 +1,14 @@
+Description: A concurrency use-after-free in bad_flp_intr
+References:
+ https://www.openwall.com/lists/oss-security/2022/05/10/1
+ https://www.openwall.com/lists/oss-security/2022/05/10/2
+Notes:
+Bugs:
+upstream: released (5.18-rc6) [f71f01394f742fc4558b3f9f4c7ef4c4cf3b07c8]
+5.10-upstream-stable: released (5.10.118) [911b36267855501f7f80a75927c128c0ac03fe58]
+4.19-upstream-stable: released (4.19.245) [3392d8711ad9e5b688999c948fd36d798c0d075d]
+4.9-upstream-stable: released (4.9.316) [2adafe1c646b462c755e99216f966927eec96059]
+sid: released (5.17.11-1)
+5.10-bullseye-security: released (5.10.120-1)
+4.19-buster-security: released (4.19.249-1)
+4.9-stretch-security: ignored "EOL"
diff --git a/retired/CVE-2022-1671 b/retired/CVE-2022-1671
new file mode 100644
index 00000000..f960f04c
--- /dev/null
+++ b/retired/CVE-2022-1671
@@ -0,0 +1,15 @@
+Description: rxrpc: fix some null-ptr-deref bugs in server_key.c
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2083992
+Notes:
+ carnil> Fixes 12da59fcab5a ("rxrpc: Hand server key parsing off to the
+ carnil> security class") in 5.11-rc1.
+Bugs:
+upstream: released (5.18-rc1) [ff8376ade4f668130385839cef586a0990f8ef87]
+5.10-upstream-stable: N/A "Vulnerable code introduced later"
+4.19-upstream-stable: N/A "Vulnerable code introduced later"
+4.9-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (5.17.3-1)
+5.10-bullseye-security: N/A "Vulnerable code introduced later"
+4.19-buster-security: N/A "Vulnerable code introduced later"
+4.9-stretch-security: N/A "Vulnerable code introduced later"
diff --git a/retired/CVE-2022-1678 b/retired/CVE-2022-1678
new file mode 100644
index 00000000..f442b88f
--- /dev/null
+++ b/retired/CVE-2022-1678
@@ -0,0 +1,18 @@
+Description: tcp: fix possible socket leaks in internal pacing mode
+References:
+ https://bugzilla.openanolis.cn/show_bug.cgi?id=61
+ https://lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing@gmail.com/
+Notes:
+ carnil> Introduced with 73a6bab5aa2a ("tcp: switch pacing timer to
+ carnil> softirq based hrtimer") in 4.18-rc1. The issue only affects 4.18-
+ carnil> 4.19 as 4.20-rc1 when TCP stack adopted EDT model, the issue
+ carnil> was fixed along.
+Bugs:
+upstream: released (4.20-rc1) [864e5c090749448e879e86bec06ee396aa2c19c5]
+5.10-upstream-stable: N/A "Fixed before branching point"
+4.19-upstream-stable: released (4.19.228) [0a70f118475e037732557796accd0878a00fc25a]
+4.9-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (5.2.6-1)
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: N/A "Vulnerable code introduced later"
diff --git a/retired/CVE-2022-1679 b/retired/CVE-2022-1679
new file mode 100644
index 00000000..baa88da5
--- /dev/null
+++ b/retired/CVE-2022-1679
@@ -0,0 +1,19 @@
+Description: Use-After-Free in ath9k_htc_probe_device() could cause an escalation of privileges
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2084125
+ https://lore.kernel.org/lkml/87ilqc7jv9.fsf@kernel.org/t/
+ https://lore.kernel.org/lkml/f158608e209a6f45c76ec856474a796df93d9dcf.1652553719.git.paskripkin@gmail.com/T/#u
+ https://lore.kernel.org/lkml/d57bbedc857950659bfacac0ab48790c1eda00c8.1655145743.git.paskripkin@gmail.com/
+Notes:
+ bwh> The patch says it fixes commit fb9987d0f748 "ath9k_htc: Support for
+ bwh> AR9271 chipset." i.e. when the driver was added in 2.6.35.
+ carnil> Fixed as well in 5.18.18 for 5.18.y and 5.19.2 for 5.19.y.
+Bugs:
+upstream: released (6.0-rc1) [0ac4827f78c7ffe8eef074bc010e7e34bc22f533]
+5.10-upstream-stable: released (5.10.137) [eccd7c3e2596b574241a7670b5b53f5322f470e5]
+4.19-upstream-stable: released (4.19.256) [ab7a0ddf5f1cdec63cb21840369873806fc36d80]
+4.9-upstream-stable: needed
+sid: released (5.19.6-1)
+5.10-bullseye-security: released (5.10.140-1)
+4.19-buster-security: released (4.19.260-1)
+4.9-stretch-security: needed
diff --git a/retired/CVE-2022-1729 b/retired/CVE-2022-1729
new file mode 100644
index 00000000..b659f306
--- /dev/null
+++ b/retired/CVE-2022-1729
@@ -0,0 +1,18 @@
+Description: perf: Fix sys_perf_event_open() race against self
+References:
+ https://lore.kernel.org/all/20220520183806.GV2578@worktop.programming.kicks-ass.net/T/#u
+ https://www.openwall.com/lists/oss-security/2022/05/20/2
+ https://www.openwall.com/lists/oss-security/2022/06/30/2
+Notes:
+ carnil> Issue rendered harmless for exploition due to
+ carnil> kernel.perf_event_paranoid >= 3 setting.
+ carnil> For 5.17.y fixed as well in 5.17.10.
+Bugs:
+upstream: released (5.18) [3ac6487e584a1eb54071dbe1212e05b884136704]
+5.10-upstream-stable: released (5.10.118) [3ee8e109c3c316073a3e0f83ec0769c7ee8a7375]
+4.19-upstream-stable: released (4.19.245) [6cdd53a49aa7413e53c14ece27d826f0b628b18a]
+4.9-upstream-stable: released (4.9.316) [a1466528d8ae5d9a3bb29781f0098fa3476e9e1c]
+sid: released (5.17.11-1)
+5.10-bullseye-security: released (5.10.120-1)
+4.19-buster-security: released (4.19.249-1)
+4.9-stretch-security: released (4.9.320-2)
diff --git a/retired/CVE-2022-1734 b/retired/CVE-2022-1734
new file mode 100644
index 00000000..d0d7df2e
--- /dev/null
+++ b/retired/CVE-2022-1734
@@ -0,0 +1,17 @@
+Description: nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs
+References:
+ https://www.openwall.com/lists/oss-security/2022/06/05/3
+ https://bugzilla.redhat.com/show_bug.cgi?id=2086766
+Notes:
+ carnil> CONFIG_NFC_MRVL to support Marvell NFC devices is not set in
+ carnil> Debian.
+ carnil> For 5.17.y fixed as well in 5.17.7.
+Bugs:
+upstream: released (5.18-rc6) [d270453a0d9ec10bb8a802a142fb1b3601a83098]
+5.10-upstream-stable: released (5.10.115) [1961c5a688edb53fe3bc25cbda57f47adf12563c]
+4.19-upstream-stable: released (4.19.242) [b266f492b2af82269aaaab871ac3949420ae678c]
+4.9-upstream-stable: released (4.9.313) [4721695be941626e4b18b89e0641e36fc385cfd8]
+sid: released (5.17.11-1)
+5.10-bullseye-security: released (5.10.120-1)
+4.19-buster-security: released (4.19.249-1)
+4.9-stretch-security: released (4.9.320-2)
diff --git a/retired/CVE-2022-1786 b/retired/CVE-2022-1786
new file mode 100644
index 00000000..9db0ce1b
--- /dev/null
+++ b/retired/CVE-2022-1786
@@ -0,0 +1,20 @@
+Description: io_uring: always use original task when preparing req identity
+References:
+ https://www.openwall.com/lists/oss-security/2022/05/24/4
+ https://www.openwall.com/lists/oss-security/2022/05/28/1
+ https://blog.kylebot.net/2022/10/16/CVE-2022-1786/
+Notes:
+ carnil> Upstream around 5.12-rc1 drops the non-native workers, in
+ carnil> particular upstream 4379bf8bd70b ("io_uring: remove
+ carnil> io_identity") removes the problematic calling. Consider this as
+ carnil> the fix, while overall we can say it's not an issue starting in
+ carnil> 5.12-rc1.
+Bugs:
+upstream: released (5.12-rc1) [4379bf8bd70b5de6bba7d53015b0c36c57a634ee]
+5.10-upstream-stable: released (5.10.117) [29f077d070519a88a793fbc70f1e6484dc6d9e35]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.120-1)
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-1789 b/retired/CVE-2022-1789
new file mode 100644
index 00000000..7378b6e8
--- /dev/null
+++ b/retired/CVE-2022-1789
@@ -0,0 +1,18 @@
+Description: KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID
+References:
+ https://www.openwall.com/lists/oss-security/2022/05/25/2
+Notes:
+ carnil> Fixed in 5.17.12 for 5.17.y.
+ bwh> This appears to have been introduced in 5.8 by commit 5efac0741ce2
+ bwh> "KVM: x86: introduce kvm_mmu_invalidate_gva", as before that
+ bwh> the invlpg function pointer would not be set to NULL when paging
+ bwh> was disabled.
+Bugs:
+upstream: released (5.18) [9f46c187e2e680ecd9de7983e4d081c3391acc76]
+5.10-upstream-stable: released (5.10.119) [9b4aa0d80b18b9d19e62dd47d22e274ce92cdc95]
+4.19-upstream-stable: N/A "Vulnerability introduced later"
+4.9-upstream-stable: N/A "Vulnerability introduced later"
+sid: released (5.17.11-1) [bugfix/x86/KVM-x86-mmu-fix-NULL-pointer-dereference-on-guest-IN.patch]
+5.10-bullseye-security: released (5.10.120-1)
+4.19-buster-security: N/A "Vulnerability introduced later"
+4.9-stretch-security: N/A "Vulnerability introduced later"
diff --git a/retired/CVE-2022-1852 b/retired/CVE-2022-1852
new file mode 100644
index 00000000..7a2a1a50
--- /dev/null
+++ b/retired/CVE-2022-1852
@@ -0,0 +1,16 @@
+Description: KVM: x86: avoid calling x86 emulator without a decoded instruction
+References:
+Notes:
+ carnil> Commit fixes 4aa2691dcbd3 ("KVM: x86: Factor out x86
+ carnil> instruction emulation with decoding") in 5.12-rc1, which was as
+ carnil> well backported to 5.10.61.
+ carnil> For 5.17.y fixed in 5.17.13 and for 5.18.y fixed in 5.18.2.
+Bugs:
+upstream: released (5.19-rc1) [fee060cd52d69c114b62d1a2948ea9648b5131f9]
+5.10-upstream-stable: released (5.10.120) [3d8fc6e28f321d753ab727e3c3e740daf36a8fa3]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.18.2-1)
+5.10-bullseye-security: released (5.10.120-1)
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-1882 b/retired/CVE-2022-1882
new file mode 100644
index 00000000..d9fe9ca1
--- /dev/null
+++ b/retired/CVE-2022-1882
@@ -0,0 +1,20 @@
+Description: fs/pipe: Deinitialize the watch_queue when pipe is freed
+References:
+ https://lore.kernel.org/lkml/20220507115605.96775-1-tcs.kernel@gmail.com/T/
+ https://lore.kernel.org/lkml/Ynl+kUGRYaovLc8q@sol.localdomain/T/
+ https://bugzilla.redhat.com/show_bug.cgi?id=2089701
+ https://bugzilla.suse.com/show_bug.cgi?id=1199904
+Notes:
+ carnil> Introduced by db8facfc9faf ("watch_queue, pipe: Free watchqueue
+ carnil> state after clearing pipe ring") 5.17-rc8 (and was backported
+ carnil> to 5.16.15, 5.15.29 and 5.10.106.
+ carnil> CONFIG_WATCH_QUEUE is not enabled in Debian builds.
+Bugs:
+upstream: released (5.19-rc8) [353f7988dd8413c47718f7ca79c030b6fb62cfe5]
+5.10-upstream-stable: released (5.10.134) [0adf21eec59040b31af113e626efd85eb153c728]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.18.16-1)
+5.10-bullseye-security: released (5.10.136-1)
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-1943 b/retired/CVE-2022-1943
new file mode 100644
index 00000000..6f3d8a41
--- /dev/null
+++ b/retired/CVE-2022-1943
@@ -0,0 +1,15 @@
+Description: udf: Avoid using stale lengthOfImpUse
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2086412
+Notes:
+ carnil> Introduced in 5.15-rc1 with 979a6e28dd96 ("udf: Get rid of 0-
+ carnil> length arrays in struct fileIdentDesc")
+Bugs:
+upstream: released (5.18-rc7) [c1ad35dd0548ce947d97aaf92f7f2f9a202951cf]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.17.11-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-1973 b/retired/CVE-2022-1973
new file mode 100644
index 00000000..9de5b1ed
--- /dev/null
+++ b/retired/CVE-2022-1973
@@ -0,0 +1,15 @@
+Description: fs/ntfs3: Fix invalid free in log_replay
+References:
+ https://www.openwall.com/lists/oss-security/2022/06/08/1
+Notes:
+ carnil> Unimportant for Debian as NTFS3_FS not enabled.
+ carnil> For 5.18.y fixed in 5.18.3.
+Bugs:
+upstream: released (5.19-rc1) [f26967b9f7a830e228bb13fb41bd516ddd9d789d]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.18.5-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-1974 b/retired/CVE-2022-1974
new file mode 100644
index 00000000..95aeeb38
--- /dev/null
+++ b/retired/CVE-2022-1974
@@ -0,0 +1,13 @@
+Description: nfc: replace improper check device_is_registered() in netlink related functions
+References:
+ https://www.openwall.com/lists/oss-security/2022/06/05/1
+Notes:
+Bugs:
+upstream: released (5.18-rc6) [da5c0f119203ad9728920456a0f52a6d850c01cd]
+5.10-upstream-stable: released (5.10.115) [8a9e7c64f4a02c4c397e55ba379609168ec7df4a]
+4.19-upstream-stable: released (4.19.242) [7deebb94a311da0e02e621e765c3aef3d5936572]
+4.9-upstream-stable: released (4.9.313) [fa2217b66467917a623993c14d671661ad625fb6]
+sid: released (5.17.11-1)
+5.10-bullseye-security: released (5.10.120-1)
+4.19-buster-security: released (4.19.249-1)
+4.9-stretch-security: released (4.9.320-2)
diff --git a/retired/CVE-2022-1975 b/retired/CVE-2022-1975
new file mode 100644
index 00000000..3c5d6bcd
--- /dev/null
+++ b/retired/CVE-2022-1975
@@ -0,0 +1,13 @@
+Description: NFC: netlink: fix sleep in atomic bug when firmware download timeout
+References:
+ https://www.openwall.com/lists/oss-security/2022/06/05/2
+Notes:
+Bugs:
+upstream: released (5.18-rc6) [4071bf121d59944d5cd2238de0642f3d7995a997]
+5.10-upstream-stable: released (5.10.115) [879b075a9a364a325988d4484b74311edfef82a1]
+4.19-upstream-stable: released (4.19.242) [d360fc8df363ecd7892d755d69ffc8c61d699e38]
+4.9-upstream-stable: released (4.9.313) [a93ea9595fde438996d7b9322749d4d1921162f7]
+sid: released (5.17.11-1)
+5.10-bullseye-security: released (5.10.120-1)
+4.19-buster-security: released (4.19.249-1)
+4.9-stretch-security: released (4.9.320-2)
diff --git a/retired/CVE-2022-1976 b/retired/CVE-2022-1976
new file mode 100644
index 00000000..00b3b6e0
--- /dev/null
+++ b/retired/CVE-2022-1976
@@ -0,0 +1,17 @@
+Description: io_uring: reinstate the inflight tracking
+References:
+ https://www.openwall.com/lists/oss-security/2022/06/14/2
+Notes:
+ carnil> Commit fixes d5361233e9ab ("io_uring: drop the old style
+ carnil> inflight file tracking") in 5.18-rc2 (and backported to
+ carnil> 5.17.3).
+ carnil> For 5.18.y fixed as well in 5.18.6.
+Bugs:
+upstream: released (5.19-rc1) [9cae36a094e7e9d6e5fe8b6dcd4642138b3eb0c7]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.18.14-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-1998 b/retired/CVE-2022-1998
new file mode 100644
index 00000000..413c8d51
--- /dev/null
+++ b/retired/CVE-2022-1998
@@ -0,0 +1,17 @@
+Description: fanotify: Fix stale file descriptor in copy_event_to_user()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2052312
+Notes:
+ carnil> CAP_SYS_ADMIN capability is required to exploit the issue.
+ carnil> Issue introduced with f644bc449b37 ("fanotify: fix
+ carnil> copy_event_to_user() fid error clean up") in 5.13-rc7 and was
+ carnil> backported to 5.10.46 and 5.12.13.
+Bugs:
+upstream: released (5.17-rc3) [ee12595147ac1fbfb5bcb23837e26dd58d94b15d]
+5.10-upstream-stable: released (5.10.97) [7b4741644cf718c422187e74fb07661ef1d68e85]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.16.7-1)
+5.10-bullseye-security: released (5.10.103-1)
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-20008 b/retired/CVE-2022-20008
new file mode 100644
index 00000000..da492f07
--- /dev/null
+++ b/retired/CVE-2022-20008
@@ -0,0 +1,13 @@
+Description: mmc: block: fix read single on recovery logic
+References:
+ https://source.android.com/security/bulletin/2022-05-01
+Notes:
+Bugs:
+upstream: released (5.17-rc5) [54309fde1a352ad2674ebba004a79f7d20b9f037]
+5.10-upstream-stable: released (5.10.102) [ab2b4e65a130d67478bd5b35ca9004b2075805fa]
+4.19-upstream-stable: released (4.19.231) [c91b06297563e84ac072464fe6cc141cc15435f0]
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.16.11-1)
+5.10-bullseye-security: released (5.10.103-1)
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-20132 b/retired/CVE-2022-20132
new file mode 100644
index 00000000..421123e2
--- /dev/null
+++ b/retired/CVE-2022-20132
@@ -0,0 +1,13 @@
+Description:
+References:
+ https://source.android.com/security/bulletin/2022-06-01
+Notes:
+Bugs:
+upstream: released (5.16-rc5) [f83baa0cb6cfc92ebaf7f9d3a99d7e34f2e77a8a, 30cb3c2ad24b66fb7639a6d1f4390c74d6e68f94, d080811f27936f712f619f847389f403ac873b8f, f237d9028f844a86955fc9da59d7ac4a5c55d7d5, 918aa1ef104d286d16b9e7ef139a463ac7a296f0, 720ac467204a70308bd687927ed475afb904e11b, 93020953d0fa7035fd036ad87a47ae2b7aa4ae33]
+5.10-upstream-stable: released (5.10.85) [61144329606cb9518642b7d2e940b21eb3214204, 28989ed4d79e95dc59de6143c81c5826251b85e4, a7e9c5ddf562cf1923b21e5a085567807a059046, d877651afd60dcbbcdc31f9efded3c27813afd1a, 918aa1ef104d286d16b9e7ef139a463ac7a296f0, 889c39113f7e2219da49446b7e8772d1f62d0dca, 89f3edc98ffe48557405ecfd9520f73244d099c9]
+4.19-upstream-stable: released (4.19.221) [b1efa723b986a84f84a95b6907cffe3a357338c9, cb54ea86f247a28ce5d8ec147e58c13de669d04a, de8ac0cf03f1124ef39debb337811e54f3e2f55c, b0f286d9b1f8a2448373aa45ac8333645c48ea85, 945e3464ba6671692d0692d4b4325ec003db18c5, 128074f16e32c188fa2ed6edac625067c842606e]
+4.9-upstream-stable: released (4.9.293) [28d8244f3ec961a11bfb4ad83cdc48ff9b8c47a7, 5b8d74ff145de1b5adb133895fd63cd533d68422, 4435bc144fb6295db371e9753305a96f0c19b2ef, c57e3b8082a4860f31f71d113b3e66bb64b4eb0a, 1309eb2ef1001c4cc7e07b867ad9576d2cfeab47, 10d0f0aaa5cde52bd5685ee8d0adc02f1efb1983]
+sid: released (5.15.15-1)
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: released (4.9.303-1)
diff --git a/retired/CVE-2022-20141 b/retired/CVE-2022-20141
new file mode 100644
index 00000000..c26b9090
--- /dev/null
+++ b/retired/CVE-2022-20141
@@ -0,0 +1,13 @@
+Description: igmp: Add ip_mc_list lock in ip_check_mc_rcu
+References:
+ https://source.android.com/security/bulletin/2022-06-01
+Notes:
+Bugs:
+upstream: released (5.15-rc1) [23d2b94043ca8835bd1e67749020e839f396a1c2]
+5.10-upstream-stable: released (5.10.64) [ddd7e8b7b84836c584a284b98ca9bd7a348a0558]
+4.19-upstream-stable: released (4.19.207) [4768973dffed4d0126854514335ed4fe87bec1ab]
+4.9-upstream-stable: released (4.9.283) [e9924c4204ede999b0515fd31a370a1e27f676bc]
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.70-1)
+4.19-buster-security: released (4.19.208-1)
+4.9-stretch-security: released (4.9.290-1)
diff --git a/retired/CVE-2022-20148 b/retired/CVE-2022-20148
new file mode 100644
index 00000000..437ccdb2
--- /dev/null
+++ b/retired/CVE-2022-20148
@@ -0,0 +1,16 @@
+Description: f2fs: fix UAF in f2fs_available_free_memory
+References:
+ https://source.android.com/security/bulletin/pixel/2022-06-01
+Notes:
+ bwh> Actually introduced in 5.13, not fixed, by the first
+ bwh> referenced commit d6d2b491a82e "f2fs: allow to change discard
+ bwh> policy based on cached discard cmds".
+Bugs:
+upstream: released (5.16-rc1) [5429c9dbc9025f9a166f64e22e3a69c94fd5b29b]
+5.10-upstream-stable: N/A "Vulnerability introduced later"
+4.19-upstream-stable: N/A "Vulnerability introduced later"
+4.9-upstream-stable: N/A "Vulnerability introduced later"
+sid: released (5.15.3-1)
+5.10-bullseye-security: N/A "Vulnerability introduced later"
+4.19-buster-security: N/A "Vulnerability introduced later"
+4.9-stretch-security: N/A "Vulnerability introduced later"
diff --git a/retired/CVE-2022-20153 b/retired/CVE-2022-20153
new file mode 100644
index 00000000..4a204a74
--- /dev/null
+++ b/retired/CVE-2022-20153
@@ -0,0 +1,13 @@
+Description: io_uring: return back safer resurrect
+References:
+ https://source.android.com/security/bulletin/pixel/2022-06-01
+Notes:
+Bugs:
+upstream: released (5.13-rc1) [f70865db5ff35f5ed0c7e9ef63e7cca3d4947f04]
+5.10-upstream-stable: released (5.10.107) [dc1163203ae6e24b86168390fe5b4a3295fcba7f]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.113-1)
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-20154 b/retired/CVE-2022-20154
new file mode 100644
index 00000000..955029ff
--- /dev/null
+++ b/retired/CVE-2022-20154
@@ -0,0 +1,15 @@
+Description: sctp: use call_rcu to free endpoint
+References:
+ https://source.android.com/security/bulletin/pixel/2022-06-01
+Notes:
+ bwh> Introdued in 4.14 by commit d25adbeb0cdb "sctp: fix an
+ bwh> use-after-free issue in sctp_sock_dump".
+Bugs:
+upstream: released (5.16-rc8) [5ec7d18d1813a5bead0b495045606c93873aecbb]
+5.10-upstream-stable: released (5.10.90) [769d14abd35e0e153b5149c3e1e989a9d719e3ff]
+4.19-upstream-stable: released (4.19.224) [af6e6e58f7ebf86b4e7201694b1e4f3a62cbc3ec]
+4.9-upstream-stable: N/A "Vulnerability introduced later"
+sid: released (5.15.15-1)
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: N/A "Vulnerability introduced later"
diff --git a/retired/CVE-2022-20158 b/retired/CVE-2022-20158
new file mode 100644
index 00000000..98f2cd51
--- /dev/null
+++ b/retired/CVE-2022-20158
@@ -0,0 +1,24 @@
+Description:
+References:
+ https://source.android.com/security/bulletin/pixel/2022-08-01
+ https://android.googlesource.com/kernel/common/+/69e8f03c5ced3e4e6fb4181f4dac185104e3420b
+ https://android.googlesource.com/kernel/common/+/80d91b86a199798ee2321a0ab0f09e6e12764678
+ https://lore.kernel.org/all/420a6c4a-e526-4e8b-d5bd-563c40aa94e1@huaweicloud.com/
+ https://lore.kernel.org/all/YvYAmmaJgvydex4p@google.com/
+Notes:
+ carnil> The second commit is 0b3ea0926afb ("fs: explicitly unregister
+ carnil> per-superblock BDIs") in 5.16-rc1.
+ carnil> Is this an Android specific issue? 5.16-rc1 contains as well
+ carnil> 702f2d1e3b33 ("mm: don't automatically unregister bdis") as
+ carnil> "All BDI users now unregister explicitly" at that point.
+ carnil> Lee Jones clarified that the issue is specific to Android
+ carnil> released kernel versions which had an internal, device specific
+ carnil> commit, causing the issue. This does not affect upstream or
+ carnil> stable kernels accordingly.
+Bugs:
+upstream: N/A "Vulnerable code not present; issue specific to Android kernel"
+5.10-upstream-stable: N/A "Vulnerable code not present; issue specific to Android kernel"
+4.19-upstream-stable: N/A "Vulnerable code not present; issue specific to Android kernel"
+sid: N/A "Vulnerable code not present; issue specific to Android kernel"
+5.10-bullseye-security: N/A "Vulnerable code not present; issue specific to Android kernel"
+4.19-buster-security: N/A "Vulnerable code not present; issue specific to Android kernel"
diff --git a/retired/CVE-2022-20166 b/retired/CVE-2022-20166
new file mode 100644
index 00000000..3c96d5de
--- /dev/null
+++ b/retired/CVE-2022-20166
@@ -0,0 +1,21 @@
+Description: drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
+References:
+ https://source.android.com/security/bulletin/pixel/2022-06-01
+ https://android.googlesource.com/kernel/common/+/37c7c8d4f0856ca30c2583adead91f42711f9c2f%5E%21/
+Notes:
+ bwh> Based on the Android backport of this, the specific case where a
+ bwh> buffer overflow was possible must be in the name attribute of a
+ bwh> wakeup_source. This code was introduced in 5.4 by commit
+ bwh> c8377adfa781 "PM / wakeup: Show wakeup sources stats in sysfs".
+ bwh> If wakelocks are enabled (CONFIG_PM_WAKELOCKS=y) then user-space
+ bwh> can create a wakeup_source with an arbitrary name. However, we
+ bwh> never enabled this.
+Bugs:
+upstream: released (5.10-rc1) [aa838896d87af561a33ecefea1caa4c15a68bc47]
+5.10-upstream-stable: N/A "Fixed before branching point"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.4-1)
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-20368 b/retired/CVE-2022-20368
new file mode 100644
index 00000000..414d7dd1
--- /dev/null
+++ b/retired/CVE-2022-20368
@@ -0,0 +1,12 @@
+Description: net/packet: fix slab-out-of-bounds access in packet_recvmsg()
+References:
+ https://source.android.com/security/bulletin/pixel/2022-08-01
+ https://android.googlesource.com/kernel/common/+/a0046956bf6fe
+Notes:
+Bugs:
+upstream: released (5.17) [c700525fcc06b05adfea78039de02628af79e07a]
+5.10-upstream-stable: released (5.10.108) [70b7b3c055fd4a464da8da55ff4c1f84269f9b02]
+4.19-upstream-stable: released (4.19.236) [a33dd1e6693f80d805155b3f69c18c2f642915da]
+sid: released (5.16.18-1)
+5.10-bullseye-security: released (5.10.113-1)
+4.19-buster-security: released (4.19.249-1)
diff --git a/retired/CVE-2022-20369 b/retired/CVE-2022-20369
new file mode 100644
index 00000000..fa1d60f0
--- /dev/null
+++ b/retired/CVE-2022-20369
@@ -0,0 +1,12 @@
+Description: media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls
+References:
+ https://source.android.com/security/bulletin/pixel/2022-08-01
+ https://android.googlesource.com/kernel/common/+/a50ef731e0981
+Notes:
+Bugs:
+upstream: released (5.18-rc1) [8310ca94075e784bbb06593cd6c068ee6b6e4ca6]
+5.10-upstream-stable: released (5.10.110) [8a83731a09a5954b85b1ce49c01ff5c2a3465cb7]
+4.19-upstream-stable: released (4.19.264) [95c4751705f7eef0f16a245e121259857f867c4a]
+sid: released (5.17.3-1)
+5.10-bullseye-security: released (5.10.113-1)
+4.19-buster-security: released (4.19.269-1)
diff --git a/retired/CVE-2022-20409 b/retired/CVE-2022-20409
new file mode 100644
index 00000000..b2ea28e7
--- /dev/null
+++ b/retired/CVE-2022-20409
@@ -0,0 +1,17 @@
+Description: io_uring: Use original task for req identity in io_identity_cow()
+References:
+ https://source.android.com/docs/security/bulletin/2022-10-01
+ https://android.googlesource.com/kernel/common/+/0380da7fd63ac93caf96a75d1b31e388d3c754e9
+Notes:
+ carnil> Upstream around 5.12-rc1 drops the non-native workers, in
+ carnil> particular upstream 4379bf8bd70b ("io_uring: remove
+ carnil> io_identity") removes the problematic calling. Consider this as
+ carnil> the fix, while overall we can say it's not an issue starting in
+ carnil> 5.12-rc1.
+Bugs:
+upstream: released (5.12-rc1) [4379bf8bd70b5de6bba7d53015b0c36c57a634ee]
+5.10-upstream-stable: released (5.10.134) [2ee0cab11f6626071f8a64c7792406dabdd94c8d]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.136-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-20421 b/retired/CVE-2022-20421
new file mode 100644
index 00000000..fc7e0235
--- /dev/null
+++ b/retired/CVE-2022-20421
@@ -0,0 +1,12 @@
+Description: binder: fix UAF of ref->proc caused by race condition
+References:
+ https://source.android.com/docs/security/bulletin/2022-10-01
+ https://android.googlesource.com/kernel/common/+/19bb609b45fb
+Notes:
+Bugs:
+upstream: released (6.0-rc4) [a0e44c64b6061dda7e00b7c458e4523e2331b739]
+5.10-upstream-stable: released (5.10.142) [9629f2dfdb1dad294b468038ff8e161e94d0b609]
+4.19-upstream-stable: released (4.19.258) [06e5b43ca4dab06a92bf4c2f33766e6fb11b880a]
+sid: released (5.19.11-1)
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: released (4.19.260-1)
diff --git a/retired/CVE-2022-20422 b/retired/CVE-2022-20422
new file mode 100644
index 00000000..22c7ffc8
--- /dev/null
+++ b/retired/CVE-2022-20422
@@ -0,0 +1,12 @@
+Description: arm64: fix oops in concurrently setting insn_emulation sysctls
+References:
+ https://source.android.com/docs/security/bulletin/2022-10-01
+ https://android.googlesource.com/kernel/common/+/885349f53dd73
+Notes:
+Bugs:
+upstream: released (6.0-rc1) [af483947d472eccb79e42059276c4deed76f99a6]
+5.10-upstream-stable: released (5.10.137) [353b4673d01c512303c45cf2346f630cda73b5c9]
+4.19-upstream-stable: released (4.19.256) [b51881b1da57fe9877125dfdd0aac5172958fcfd]
+sid: released (5.19.6-1)
+5.10-bullseye-security: released (5.10.140-1)
+4.19-buster-security: released (4.19.260-1)
diff --git a/retired/CVE-2022-20423 b/retired/CVE-2022-20423
new file mode 100644
index 00000000..4ab2688b
--- /dev/null
+++ b/retired/CVE-2022-20423
@@ -0,0 +1,13 @@
+Description: usb: gadget: rndis: prevent integer overflow in rndis_set_response()
+References:
+ https://source.android.com/docs/security/bulletin/2022-10-01
+ https://android.googlesource.com/kernel/common/+/0a21a3eb9fcea0609f3bc8bee1f796788e0a770e
+ https://android.googlesource.com/kernel/common/+/28bc0267399f4
+Notes:
+Bugs:
+upstream: released (5.17) [65f3324f4b6fed78b8761c3b74615ecf0ffa81fa]
+5.10-upstream-stable: released (5.10.108) [28bc0267399f42f987916a7174e2e32f0833cc65]
+4.19-upstream-stable: released (4.19.236) [138d4f739b35dfb40438a0d5d7054965763bfbe7]
+sid: released (5.16.18-1)
+5.10-bullseye-security: released (5.10.113-1)
+4.19-buster-security: released (4.19.249-1)
diff --git a/retired/CVE-2022-20566 b/retired/CVE-2022-20566
new file mode 100644
index 00000000..9a34a747
--- /dev/null
+++ b/retired/CVE-2022-20566
@@ -0,0 +1,13 @@
+Description: L2CAP: Fix use-after-free caused by l2cap_chan_put
+References:
+ https://source.android.com/docs/security/bulletin/pixel/2022-12-01
+ https://android.googlesource.com/kernel/common/+/cacbff013baa586c63dd779e67d13238bf46c28e
+ https://android.googlesource.com/kernel/common/+/2f9fed9ce805cf4d97cffb2f59d57b41b8e7fca8
+Notes:
+Bugs:
+upstream: released (5.19) [d0be8347c623e0ac4202a1d4e0373882821f56b0]
+5.10-upstream-stable: released (5.10.135) [de5d4654ac6c22b1be756fdf7db18471e7df01ea]
+4.19-upstream-stable: released (4.19.255) [bbd1fdb0e1adf827997a93bf108f20ede038e56e]
+sid: released (5.18.16-1)
+5.10-bullseye-security: released (5.10.136-1)
+4.19-buster-security: released (4.19.260-1)
diff --git a/retired/CVE-2022-20567 b/retired/CVE-2022-20567
new file mode 100644
index 00000000..7c2942eb
--- /dev/null
+++ b/retired/CVE-2022-20567
@@ -0,0 +1,12 @@
+Description: l2tp: fix race in pppol2tp_release with session object destroy
+References:
+ https://source.android.com/docs/security/bulletin/pixel/2022-12-01
+ https://android.googlesource.com/kernel/common/+/d02ba2a6110c5
+Notes:
+Bugs:
+upstream: released (4.16-rc5) [d02ba2a6110c530a32926af8ad441111774d2893]
+5.10-upstream-stable: N/A "Fixed before branching point"
+4.19-upstream-stable: N/A "Fixed before branching point"
+sid: released (4.15.11-1)
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Fixed before branching point"
diff --git a/retired/CVE-2022-20568 b/retired/CVE-2022-20568
new file mode 100644
index 00000000..f7b0cf75
--- /dev/null
+++ b/retired/CVE-2022-20568
@@ -0,0 +1,16 @@
+Description: io_uring: always grab file table for deferred statx
+References:
+ https://source.android.com/docs/security/bulletin/pixel/2022-12-01
+ https://android.googlesource.com/kernel/common/+/bc80ea8a4296c4d75f7e3e27b65718cae09f20f1
+Notes:
+ carnil> This issues doesn't exist upstream since the native workers got
+ carnil> introduced with 5.12, consider the issues as fixed with
+ carnil> 5695e5161974 ("Merge tag 'io_uring-worker.v3-2021-02-25' of git://git.kernel.dk/linux-
+ carnil> block").
+Bugs:
+upstream: released (5.12-rc1) [5695e51619745d4fe3ec2506a2f0cd982c5e27a4]
+5.10-upstream-stable: released (5.10.118) [3c48558be571e01f67e65edcf03193484eeb2b79]
+4.19-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.120-1)
+4.19-buster-security: N/A "Vulnerable code introduced later"
diff --git a/retired/CVE-2022-20572 b/retired/CVE-2022-20572
new file mode 100644
index 00000000..7c2b8f5e
--- /dev/null
+++ b/retired/CVE-2022-20572
@@ -0,0 +1,13 @@
+Description: dm verity: set DM_TARGET_IMMUTABLE feature flag
+References:
+ https://source.android.com/docs/security/bulletin/pixel/2022-12-01
+ https://android.googlesource.com/kernel/common/+/678d7a09525c2edb6b2436c1d5a9a0b9292e31d7
+ https://android.googlesource.com/kernel/common/+/952141fb9237ec54cda66e04622725daae29d273
+Notes:
+Bugs:
+upstream: released (5.19-rc1) [4caae58406f8ceb741603eee460d79bacca9b1b5]
+5.10-upstream-stable: released (5.10.120) [8df42bcd364cc3b41105215d841792aea787b133]
+4.19-upstream-stable: released (4.19.246) [6bff6107d1364c95109609c3fd680e6c8d7fa503]
+sid: released (5.18.2-1)
+5.10-bullseye-security: released (5.10.120-1)
+4.19-buster-security: released (4.19.249-1)
diff --git a/retired/CVE-2022-2078 b/retired/CVE-2022-2078
new file mode 100644
index 00000000..e76858c1
--- /dev/null
+++ b/retired/CVE-2022-2078
@@ -0,0 +1,21 @@
+Description: netfilter: nf_tables: sanitize nft_set_desc_concat_parse()
+References:
+ https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=fecf31ee395b0295f2d7260aa29946b7605f7c85
+ https://www.openwall.com/lists/oss-security/2022/06/02/1
+ https://bugzilla.redhat.com/show_bug.cgi?id=2096178
+ https://www.openwall.com/lists/oss-security/2022/08/06/6
+ https://randorisec.fr/yet-another-bug-netfilter/
+ https://github.com/randorisec/CVE-2022-1972-infoleak-PoC
+Notes:
+ carnil> Commit fixes f3a2181e16f1 ("netfilter: nf_tables: Support for
+ carnil> sets with multiple ranged fields") in 5.6-rc1.
+ carnil> Fixed for 5.17.y in 5.17.13 and for 5.18.y in 5.18.2
+Bugs:
+upstream: released (5.19-rc1) [fecf31ee395b0295f2d7260aa29946b7605f7c85]
+5.10-upstream-stable: released (5.10.120) [c0aff1faf66b6b7a19103f83e6a5d0fdc64b9048]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.18.2-1)
+5.10-bullseye-security: released (5.10.120-1)
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-21123 b/retired/CVE-2022-21123
new file mode 100644
index 00000000..6f01a4d2
--- /dev/null
+++ b/retired/CVE-2022-21123
@@ -0,0 +1,20 @@
+Description: Shared Buffers Data Read (SBDR)
+References:
+ https://lwn.net/Articles/898011/
+ https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/processor_mmio_stale_data.html
+ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html
+ https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#SBDR
+Notes:
+ carnil> Got fixed for stable series in 5.18.5, 5.15.48, 5.10.123,
+ carnil> 5.4.199, 4.19.248, 4.14.284, and 4.9.319. The older series
+ carnil> required some preparational commits as well not listed here
+ carnil> though.
+Bugs:
+upstream: released (5.19-rc3) [4419470191386456e0b8ed4eb06a70b0021798a6, 51802186158c74a0304f51ab963e7c2b3a2b046f, f52ea6c26953fed339aa4eae717ee5c2133c7ff2, 8cb861e9e3c9a55099ad3d08e1a3b653d29c33ca, e5925fb867290ee924fcf2fe3ca887b792714366, 99a83db5a605137424e1efe29dc0573d6a5b6316, 8d50cdf8b8341770bc6367bce40c0c1bb0e1d5b3, 22cac9c677c95f3ac5c9244f8ca0afdc7c8afb19, a992b8a4682f119ae035a01b40d4d0665c4a2875, 027bbb884be006b05d9c577d6401686053aa789e, 1dc6ff02c8bf77d71b9b5d11cbc9df77cfb28626]
+5.10-upstream-stable: released (5.10.123) [f8a85334a57e7842320476ff27be3a5f151da364, e66310bc96b74ed3df9993e5d835ef3084d62048, f83d4e5be4a3955a6c8af61ecec0934d0ece40c0, 26f6f231f6a5a79ccc274967939b22602dec76e8, 56f0bca5e9c8456b7bb7089cbb6de866a9ba6da9, 3eb1180564fa0ecedc33b44029da7687c0a9fbf5, 001415e4e626403c9ff35f2498feb0021d0c8328, cf1c01a5e4c3e269b9211ae2ef0a57f8c9474bfc, 6df693dca31218f76c63b6fd4aa7b7db3bd6e049, bde15fdcce44956278b4f50680b7363ca126ffb9, aa238a92cc94a15812c0de4adade86ba8f22707a]
+4.19-upstream-stable: released (4.19.248) [2bb1c263b6797e2701a5f4ffe503a8ce15c0167e, 9277b11cafd0472db9e7d634de52d7c5d8d25462, d03de576a604899741a0ebadcfe2a4a19ee53ba3, 9f2ce43ebc33713ba02a89a66bd5f93c2f3a82cf, 54974c8714283feb5bf64df3bfe0f44267db5a3c, 8b42145e8c9903d4805651e08f4fca628e166642, f2983fbba1cccac611d4966277f0336374fad0be, 3ecb6dbad25b448ed8240f0ec2c7a8ff5155b7ea, 0e94464009ee37217a7e450c96ea1f8d42d3a6b5, e0d1437042f0b491bf2cb7880628b0bd7783f80d, 0255c936bfaa1887f7043b995f1c9e1049bb25f1]
+4.9-upstream-stable: released (4.9.319) [63c10e92b86a6cddd5294cda9f80eb7961cb1046, 19aa53c9eb2cf3a78ee44800e20bb34babe60f45, 91ab1073814aa5d44fb3d8e2423ffdc61a421cac, a11f2f05f5c605d1f6573b0cdcd2a6f38667fda1, 5da4d16872d3d15dac54b5a6f83f54e28bc3a477, 6ecdbc9dc777a5b66a9ec293af88ab330dd644a2, 8acd4bf9427eaf18a801db3f2508a2d89914d51d, 48e40e2cccb37c1f9c345014ca55c41bb8baee66, b7efb3a62fffa509e21d076aa2e75331c79fe36d, da06c60d1dfef826512068d09aed3b6a70b5e5c9, 71078b82164e36c893dc0764866e3783b1988fb4]
+sid: released (5.18.5-1)
+5.10-bullseye-security: released (5.10.127-1)
+4.19-buster-security: released (4.19.249-1)
+4.9-stretch-security: released (4.9.320-2)
diff --git a/retired/CVE-2022-21125 b/retired/CVE-2022-21125
new file mode 100644
index 00000000..d4dcedcc
--- /dev/null
+++ b/retired/CVE-2022-21125
@@ -0,0 +1,20 @@
+Description: Shared Buffers Data Sampling (SBDS)
+References:
+ https://lwn.net/Articles/898011/
+ https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/processor_mmio_stale_data.html
+ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html
+ https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#SBDS
+Notes:
+ carnil> Got fixed for stable series in 5.18.5, 5.15.48, 5.10.123,
+ carnil> 5.4.199, 4.19.248, 4.14.284, and 4.9.319. The older series
+ carnil> required some preparational commits as well not listed here
+ carnil> though.
+Bugs:
+upstream: released (5.19-rc3) [4419470191386456e0b8ed4eb06a70b0021798a6, 51802186158c74a0304f51ab963e7c2b3a2b046f, f52ea6c26953fed339aa4eae717ee5c2133c7ff2, 8cb861e9e3c9a55099ad3d08e1a3b653d29c33ca, e5925fb867290ee924fcf2fe3ca887b792714366, 99a83db5a605137424e1efe29dc0573d6a5b6316, 8d50cdf8b8341770bc6367bce40c0c1bb0e1d5b3, 22cac9c677c95f3ac5c9244f8ca0afdc7c8afb19, a992b8a4682f119ae035a01b40d4d0665c4a2875, 027bbb884be006b05d9c577d6401686053aa789e, 1dc6ff02c8bf77d71b9b5d11cbc9df77cfb28626]
+5.10-upstream-stable: released (5.10.123) [f8a85334a57e7842320476ff27be3a5f151da364, e66310bc96b74ed3df9993e5d835ef3084d62048, f83d4e5be4a3955a6c8af61ecec0934d0ece40c0, 26f6f231f6a5a79ccc274967939b22602dec76e8, 56f0bca5e9c8456b7bb7089cbb6de866a9ba6da9, 3eb1180564fa0ecedc33b44029da7687c0a9fbf5, 001415e4e626403c9ff35f2498feb0021d0c8328, cf1c01a5e4c3e269b9211ae2ef0a57f8c9474bfc, 6df693dca31218f76c63b6fd4aa7b7db3bd6e049, bde15fdcce44956278b4f50680b7363ca126ffb9, aa238a92cc94a15812c0de4adade86ba8f22707a]
+4.19-upstream-stable: released (4.19.248) [2bb1c263b6797e2701a5f4ffe503a8ce15c0167e, 9277b11cafd0472db9e7d634de52d7c5d8d25462, d03de576a604899741a0ebadcfe2a4a19ee53ba3, 9f2ce43ebc33713ba02a89a66bd5f93c2f3a82cf, 54974c8714283feb5bf64df3bfe0f44267db5a3c, 8b42145e8c9903d4805651e08f4fca628e166642, f2983fbba1cccac611d4966277f0336374fad0be, 3ecb6dbad25b448ed8240f0ec2c7a8ff5155b7ea, 0e94464009ee37217a7e450c96ea1f8d42d3a6b5, e0d1437042f0b491bf2cb7880628b0bd7783f80d, 0255c936bfaa1887f7043b995f1c9e1049bb25f1]
+4.9-upstream-stable: released (4.9.319) [63c10e92b86a6cddd5294cda9f80eb7961cb1046, 19aa53c9eb2cf3a78ee44800e20bb34babe60f45, 91ab1073814aa5d44fb3d8e2423ffdc61a421cac, a11f2f05f5c605d1f6573b0cdcd2a6f38667fda1, 5da4d16872d3d15dac54b5a6f83f54e28bc3a477, 6ecdbc9dc777a5b66a9ec293af88ab330dd644a2, 8acd4bf9427eaf18a801db3f2508a2d89914d51d, 48e40e2cccb37c1f9c345014ca55c41bb8baee66, b7efb3a62fffa509e21d076aa2e75331c79fe36d, da06c60d1dfef826512068d09aed3b6a70b5e5c9, 71078b82164e36c893dc0764866e3783b1988fb4]
+sid: released (5.18.5-1)
+5.10-bullseye-security: released (5.10.127-1)
+4.19-buster-security: released (4.19.249-1)
+4.9-stretch-security: released (4.9.320-2)
diff --git a/retired/CVE-2022-21166 b/retired/CVE-2022-21166
new file mode 100644
index 00000000..7bf4511b
--- /dev/null
+++ b/retired/CVE-2022-21166
@@ -0,0 +1,20 @@
+Description: Device Register Partial Write (DRPW)
+References:
+ https://lwn.net/Articles/898011/
+ https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/processor_mmio_stale_data.html
+ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html
+ https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#DRPW
+Notes:
+ carnil> Got fixed for stable series in 5.18.5, 5.15.48, 5.10.123,
+ carnil> 5.4.199, 4.19.248, 4.14.284, and 4.9.319. The older series
+ carnil> required some preparational commits as well not listed here
+ carnil> though.
+Bugs:
+upstream: released (5.19-rc3) [4419470191386456e0b8ed4eb06a70b0021798a6, 51802186158c74a0304f51ab963e7c2b3a2b046f, f52ea6c26953fed339aa4eae717ee5c2133c7ff2, 8cb861e9e3c9a55099ad3d08e1a3b653d29c33ca, e5925fb867290ee924fcf2fe3ca887b792714366, 99a83db5a605137424e1efe29dc0573d6a5b6316, 8d50cdf8b8341770bc6367bce40c0c1bb0e1d5b3, 22cac9c677c95f3ac5c9244f8ca0afdc7c8afb19, a992b8a4682f119ae035a01b40d4d0665c4a2875, 027bbb884be006b05d9c577d6401686053aa789e, 1dc6ff02c8bf77d71b9b5d11cbc9df77cfb28626]
+5.10-upstream-stable: released (5.10.123) [f8a85334a57e7842320476ff27be3a5f151da364, e66310bc96b74ed3df9993e5d835ef3084d62048, f83d4e5be4a3955a6c8af61ecec0934d0ece40c0, 26f6f231f6a5a79ccc274967939b22602dec76e8, 56f0bca5e9c8456b7bb7089cbb6de866a9ba6da9, 3eb1180564fa0ecedc33b44029da7687c0a9fbf5, 001415e4e626403c9ff35f2498feb0021d0c8328, cf1c01a5e4c3e269b9211ae2ef0a57f8c9474bfc, 6df693dca31218f76c63b6fd4aa7b7db3bd6e049, bde15fdcce44956278b4f50680b7363ca126ffb9, aa238a92cc94a15812c0de4adade86ba8f22707a]
+4.19-upstream-stable: released (4.19.248) [2bb1c263b6797e2701a5f4ffe503a8ce15c0167e, 9277b11cafd0472db9e7d634de52d7c5d8d25462, d03de576a604899741a0ebadcfe2a4a19ee53ba3, 9f2ce43ebc33713ba02a89a66bd5f93c2f3a82cf, 54974c8714283feb5bf64df3bfe0f44267db5a3c, 8b42145e8c9903d4805651e08f4fca628e166642, f2983fbba1cccac611d4966277f0336374fad0be, 3ecb6dbad25b448ed8240f0ec2c7a8ff5155b7ea, 0e94464009ee37217a7e450c96ea1f8d42d3a6b5, e0d1437042f0b491bf2cb7880628b0bd7783f80d, 0255c936bfaa1887f7043b995f1c9e1049bb25f1]
+4.9-upstream-stable: released (4.9.319) [63c10e92b86a6cddd5294cda9f80eb7961cb1046, 19aa53c9eb2cf3a78ee44800e20bb34babe60f45, 91ab1073814aa5d44fb3d8e2423ffdc61a421cac, a11f2f05f5c605d1f6573b0cdcd2a6f38667fda1, 5da4d16872d3d15dac54b5a6f83f54e28bc3a477, 6ecdbc9dc777a5b66a9ec293af88ab330dd644a2, 8acd4bf9427eaf18a801db3f2508a2d89914d51d, 48e40e2cccb37c1f9c345014ca55c41bb8baee66, b7efb3a62fffa509e21d076aa2e75331c79fe36d, da06c60d1dfef826512068d09aed3b6a70b5e5c9, 71078b82164e36c893dc0764866e3783b1988fb4]
+sid: released (5.18.5-1)
+5.10-bullseye-security: released (5.10.127-1)
+4.19-buster-security: released (4.19.249-1)
+4.9-stretch-security: released (4.9.320-2)
diff --git a/retired/CVE-2022-21385 b/retired/CVE-2022-21385
new file mode 100644
index 00000000..d854db6b
--- /dev/null
+++ b/retired/CVE-2022-21385
@@ -0,0 +1,10 @@
+Description: net/rds: fix warn in rds_message_alloc_sgs
+References:
+Notes:
+Bugs:
+upstream: released (4.20) [ea010070d0a7497253d5a6f919f6dd107450b31a]
+5.10-upstream-stable: N/A "Fixed before branching point"
+4.19-upstream-stable: released (4.19.36) [5be4bb315de29ad3ae558a8f6b92f13a1b4bfb84]
+sid: released (4.19.37-1)
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Fixed before branching point"
diff --git a/retired/CVE-2022-21499 b/retired/CVE-2022-21499
new file mode 100644
index 00000000..fe49bebb
--- /dev/null
+++ b/retired/CVE-2022-21499
@@ -0,0 +1,19 @@
+Description: lockdown: also lock down previous kgdb use
+References:
+ https://www.openwall.com/lists/oss-security/2022/05/24/7
+Notes:
+ carnil> Lockdown firstly introduced upstream in 5.4-rc1. On the other
+ carnil> hand though, Debian ships since 4.11-1~exp1 the lockdown
+ carnil> patches (replaced from the securelevel patch). Issue possibly
+ carnil> as well present already in the securelevel patchset.
+ carnil> Fixed as well in 5.17.10 for 5.17.y.
+ bwh> I think we can ignore this since we don't enable kgdb.
+Bugs:
+upstream: released (5.19-rc1) [eadb2f47a3ced5c64b23b90fd2a3463f63726066]
+5.10-upstream-stable: released (5.10.119) [a8f4d63142f947cd22fa615b8b3b8921cdaf4991]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.17.11-1)
+5.10-bullseye-security: released (5.10.120-1)
+4.19-buster-security: ignored "CONFIG_KGDB not enabled"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-21505 b/retired/CVE-2022-21505
new file mode 100644
index 00000000..8ddce2e5
--- /dev/null
+++ b/retired/CVE-2022-21505
@@ -0,0 +1,16 @@
+Description: Kernel lockdown bypass bug
+References:
+ https://www.openwall.com/lists/oss-security/2022/07/19/4
+Notes:
+ carnil> Released as well in 5.18.15 for 5.18.y.
+ carnil> Commit fixes 29d3c1c8dfe7 ("kexec: Allow kexec_file() with
+ carnil> appropriate IMA policy when locked down") in 5.4-rc1.
+ carnil> CONFIG_IMA was only re-enabled in Debian in 5.13.9-1~exp1
+ carnil> and the issue does not affect bullseye's built binary packages.
+Bugs:
+upstream: released (5.19-rc8) [543ce63b664e2c2f9533d089a4664b559c3e6b5b]
+5.10-upstream-stable: released (5.10.134) [ab5050fd7430dde3a9f073129036d3da3facc8ec]
+4.19-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (5.18.16-1)
+5.10-bullseye-security: released (5.10.136-1)
+4.19-buster-security: N/A "Vulnerable code introduced later"
diff --git a/retired/CVE-2022-2153 b/retired/CVE-2022-2153
new file mode 100644
index 00000000..8d9b69ae
--- /dev/null
+++ b/retired/CVE-2022-2153
@@ -0,0 +1,21 @@
+Description: KVM: NULL pointer dereference in kvm_irq_delivery_to_apic_fast()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2069736
+ https://www.openwall.com/lists/oss-security/2022/06/22/1
+Notes:
+ carnil> Fixed as well in 5.16.19 for 5.16.y and 5.17.2 for 5.17.y. The
+ carnil> last commit of the series was as well backported to 5.10.110,
+ carnil> 4.19.238 and 4.9.311.
+ carnil> According to the oss-security reference the main fix seems to
+ carnil> be pin-pointed at 00b5f37189d2 ("KVM: x86: Avoid theoretical
+ carnil> NULL pointer dereference in kvm_irq_delivery_to_apic_fast()")
+ carnil> which would not yet be included in 5.10.y and older.
+Bugs:
+upstream: released (5.18-rc1) [7ec37d1cbe17d8189d9562178d8b29167fe1c31a, 00b5f37189d24ac3ed46cb7f11742094778c46ce, b1e34d325397a33d97d845e312d7cf2a8b646b44]
+5.10-upstream-stable: released (5.10.110) [09c771c45c1243e295470225aaee726693fdc242], released (5.10.137) [4c85e207c1b58249ea521670df577324ad69442c, ac7de8c2ba1292856fdd4a4c0764669b9607cf0a]
+4.19-upstream-stable: released (4.19.238) [2f4835b5188f3b73b2b048a761ae2553e845b027], released (4.19.256) [5cde0b9cc69fcbbf559674986c2d325ae4708036, b8127a0fd21d70ab42d8177f8bb97df74f503cc1]
+4.9-upstream-stable: released (4.9.311) [95d51d058680766130098287f680474bc55f1679]
+sid: released (5.17.3-1)
+5.10-bullseye-security: released (5.10.113-1), released (5.10.140-1)
+4.19-buster-security: released (4.19.249-1), released (4.19.260-1)
+4.9-stretch-security: released (4.9.320-2), needed
diff --git a/retired/CVE-2022-2196 b/retired/CVE-2022-2196
new file mode 100644
index 00000000..0fe31205
--- /dev/null
+++ b/retired/CVE-2022-2196
@@ -0,0 +1,14 @@
+Description: KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS
+References:
+Notes:
+ carnil> Commit fixes 5c911beff20a ("KVM: nVMX: Skip IBPB when switching
+ carnil> between vmcs01 and vmcs02") in 5.8-rc1 (which got backported as
+ carnil> well to 5.7.3, 5.6.19 and 5.4.47).
+Bugs:
+upstream: released (6.2-rc1) [2e7eab81425ad6c875f2ed47c0ce01e78afc38a5]
+6.1-upstream-stable: released (6.1.14) [63fada296062e91ad9f871970d4e7f19e21a6a15]
+5.10-upstream-stable: released (5.10.170) [1b0cafaae8884726c597caded50af185ffc13349]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.1.15-1)
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-22942 b/retired/CVE-2022-22942
new file mode 100644
index 00000000..150095f5
--- /dev/null
+++ b/retired/CVE-2022-22942
@@ -0,0 +1,19 @@
+Description: drm/vmwgfx: Fix stale file descriptors on failed usercopy
+References:
+ https://www.openwall.com/lists/oss-security/2022/01/27/4
+ https://www.openwall.com/lists/oss-security/2022/02/03/1
+ https://github.com/opensrcsec/same_type_object_reuse_exploits/blob/main/cve-2022-22942-dc.c
+ https://github.com/opensrcsec/same_type_object_reuse_exploits/blob/main/cve-2022-22942.c
+Notes:
+ carnil> Commit fixes c906965dee22 ("drm/vmwgfx: Add export fence to
+ carnil> file descriptor support") in 4.14-rc1.
+ carnil> Fixed in 5.16.4 for 5.16.y and 5.15.18 for 5.15.y.
+Bugs:
+upstream: released (5.17-rc2) [a0f90c8815706981c483a652a6aefca51a5e191c]
+5.10-upstream-stable: released (5.10.95) [ae2b20f27732fe92055d9e7b350abc5cdf3e2414]
+4.19-upstream-stable: released (4.19.227) [0008a0c78fc33a84e2212a7c04e6b21a36ca6f4d]
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-2) [bugfix/all/drm-vmwgfx-Fix-stale-file-descriptors-on-failed-user.patch]
+5.10-bullseye-security: released (5.10.92-2) [bugfix/x86/drm-vmwgfx-Fix-stale-file-descriptors-on-failed-user.patch]
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-23036 b/retired/CVE-2022-23036
new file mode 100644
index 00000000..4d6320c8
--- /dev/null
+++ b/retired/CVE-2022-23036
@@ -0,0 +1,14 @@
+Description:
+References:
+ https://xenbits.xen.org/xsa/advisory-396.html
+Notes:
+ carnil> Released as well in 5.16.14 for 5.16.y.
+Bugs:
+upstream: released (5.17-rc8) [6b1775f26a2da2b05a6dc8ec2b5d14e9a4701a1a, abf1fd5919d6238ee3bc5eb4a9b6c3947caa6638]
+5.10-upstream-stable: released (5.10.105) [3d81e85f30a8f712c3e4f2a507553d9063a20ed6, 96219af4e504d0e96a231a0ba86062ec5b3af979]
+4.19-upstream-stable: released (4.19.234) [17659846fe336366b1663194f5669d10f5947f53, 423a3a50dce9a48d10d2d2a70cd2f78064c13703]
+4.9-upstream-stable: released (4.9.306) [73e1d9b33f2bd93ce30719dfc8990b6328243b7e, f306575016dcf47ed6cd40e1fe872a4d8c665a8b]
+sid: released (5.16.14-1)
+5.10-bullseye-security: released (5.10.106-1)
+4.19-buster-security: released (4.19.235-1)
+4.9-stretch-security: released (4.9.320-2)
diff --git a/retired/CVE-2022-23037 b/retired/CVE-2022-23037
new file mode 100644
index 00000000..2f67473a
--- /dev/null
+++ b/retired/CVE-2022-23037
@@ -0,0 +1,14 @@
+Description:
+References:
+ https://xenbits.xen.org/xsa/advisory-396.html
+Notes:
+ carnil> Released as well in 5.16.14 for 5.16.y.
+Bugs:
+upstream: released (5.17-rc8) [31185df7e2b1d2fa1de4900247a12d7b9c7087eb]
+5.10-upstream-stable: released (5.10.105) [f6690dd9446a2a4bd9b024f00f71dd827a98317f]
+4.19-upstream-stable: released (4.19.234) [927e4eb8ddf4968b6a33be992b28063f84552c72]
+4.9-upstream-stable: released (4.9.306) [1112bb311ec13e7e6e7045ae4a0b7091bedc6b7a]
+sid: released (5.16.14-1)
+5.10-bullseye-security: released (5.10.106-1)
+4.19-buster-security: released (4.19.235-1)
+4.9-stretch-security: released (4.9.320-2)
diff --git a/retired/CVE-2022-23038 b/retired/CVE-2022-23038
new file mode 100644
index 00000000..e5746e9e
--- /dev/null
+++ b/retired/CVE-2022-23038
@@ -0,0 +1,14 @@
+Description:
+References:
+ https://xenbits.xen.org/xsa/advisory-396.html
+Notes:
+ carnil> Released as well in 5.16.14 for 5.16.y.
+Bugs:
+upstream: released (5.17-rc8) [6b1775f26a2da2b05a6dc8ec2b5d14e9a4701a1a, 33172ab50a53578a95691310f49567c9266968b0]
+5.10-upstream-stable: released (5.10.105) [3d81e85f30a8f712c3e4f2a507553d9063a20ed6, 3047255182774266950b22acc29c22a2d76e859e]
+4.19-upstream-stable: released (4.19.234) [17659846fe336366b1663194f5669d10f5947f53, 62a696c15cfcfd32527f81ca3d94f2bde57475dc]
+4.9-upstream-stable: released (4.9.306) [73e1d9b33f2bd93ce30719dfc8990b6328243b7e, 98bdfdf89e987406f4afdc7694cbdbb715383d8e]
+sid: released (5.16.14-1)
+5.10-bullseye-security: released (5.10.106-1)
+4.19-buster-security: released (4.19.235-1)
+4.9-stretch-security: released (4.9.320-2)
diff --git a/retired/CVE-2022-23039 b/retired/CVE-2022-23039
new file mode 100644
index 00000000..111adac2
--- /dev/null
+++ b/retired/CVE-2022-23039
@@ -0,0 +1,14 @@
+Description:
+References:
+ https://xenbits.xen.org/xsa/advisory-396.html
+Notes:
+ carnil> Released as well in 5.16.14 for 5.16.y.
+Bugs:
+upstream: released (5.17-rc8) [d3b6372c5881cb54925212abb62c521df8ba4809]
+5.10-upstream-stable: released (5.10.105) [5f36ae75b847e7f87e4144602f418a624ca074b7]
+4.19-upstream-stable: released (4.19.234) [fbc57368ea527dcfa909908fc47a851a56e4e5ce]
+4.9-upstream-stable: released (4.9.306) [97b835c6de03a24db79d374b02d532f0b562fd38]
+sid: released (5.16.14-1)
+5.10-bullseye-security: released (5.10.106-1)
+4.19-buster-security: released (4.19.235-1)
+4.9-stretch-security: released (4.9.320-2)
diff --git a/retired/CVE-2022-23040 b/retired/CVE-2022-23040
new file mode 100644
index 00000000..54b1f9b6
--- /dev/null
+++ b/retired/CVE-2022-23040
@@ -0,0 +1,14 @@
+Description:
+References:
+ https://xenbits.xen.org/xsa/advisory-396.html
+Notes:
+ carnil> Released as well in 5.16.14 for 5.16.y.
+Bugs:
+upstream: released (5.17-rc8) [3777ea7bac3113005b7180e6b9dadf16d19a5827]
+5.10-upstream-stable: released (5.10.105) [5c600371b8fd02cbbb0eb83a9f664e3f0b75c28e]
+4.19-upstream-stable: released (4.19.234) [8d521d960aef22781ff499e16899c30af899de8d]
+4.9-upstream-stable: released (4.9.306) [8f80d12f6946a6fe7c64bfc204c062a57f83c7f8]
+sid: released (5.16.14-1)
+5.10-bullseye-security: released (5.10.106-1)
+4.19-buster-security: released (4.19.235-1)
+4.9-stretch-security: released (4.9.320-2)
diff --git a/retired/CVE-2022-23041 b/retired/CVE-2022-23041
new file mode 100644
index 00000000..5ebc6ccd
--- /dev/null
+++ b/retired/CVE-2022-23041
@@ -0,0 +1,14 @@
+Description:
+References:
+ https://xenbits.xen.org/xsa/advisory-396.html
+Notes:
+ carnil> Released as well in 5.16.14 for 5.16.y.
+Bugs:
+upstream: released (5.17-rc8) [5cadd4bb1d7fc9ab201ac14620d1a478357e4ebd, b0576cc9c6b843d99c6982888d59a56209341888, 42baefac638f06314298087394b982ead9ec444b]
+5.10-upstream-stable: released (5.10.105) [8357d75bfdb85ea63253cf369f405830c7b13d78, c4b16486d6023f6365a4f8671351961e97428f2d, 39c00d09286c67567cdf23ebc8e00e47722ef769]
+4.19-upstream-stable: released (4.19.234) [2466bed361f3274e3e0ca9d8e539532481c06fea, f85d03f0f482cc28a2ee15a1fed2ae57ae359412, 92dc0e4a219602242407dedd987dc9c8263c959b]
+4.9-upstream-stable: released (4.9.306) [ae6f8a67b98144827e78874c8dba41cccb02be5b]
+sid: released (5.16.14-1)
+5.10-bullseye-security: released (5.10.106-1)
+4.19-buster-security: released (4.19.235-1)
+4.9-stretch-security: released (4.9.320-2)
diff --git a/retired/CVE-2022-23042 b/retired/CVE-2022-23042
new file mode 100644
index 00000000..0aa5c352
--- /dev/null
+++ b/retired/CVE-2022-23042
@@ -0,0 +1,14 @@
+Description:
+References:
+ https://xenbits.xen.org/xsa/advisory-396.html
+Notes:
+ carnil> Released as well in 5.16.14 for 5.16.y.
+Bugs:
+upstream: released (5.17-rc8) [66e3531b33ee51dad17c463b4d9c9f52e341503d]
+5.10-upstream-stable: released (5.10.105) [206c8e271ba2630f1d809123945d9c428f93b0f0]
+4.19-upstream-stable: released (4.19.234) [c307029d811e03546d18d0e512fe295b3103b8e5]
+4.9-upstream-stable: released (4.9.306) [c4497b057b14274e159434f0ed70439a21f3d2a9]
+sid: released (5.16.14-1)
+5.10-bullseye-security: released (5.10.106-1)
+4.19-buster-security: released (4.19.235-1)
+4.9-stretch-security: released (4.9.320-2)
diff --git a/retired/CVE-2022-2308 b/retired/CVE-2022-2308
new file mode 100644
index 00000000..b6b20c4c
--- /dev/null
+++ b/retired/CVE-2022-2308
@@ -0,0 +1,21 @@
+Description: undefined behavior or data leak in Virtio drivers with VDUSE
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2103900
+ https://bugzilla.suse.com/show_bug.cgi?id=1202573#c2
+ https://lore.kernel.org/stable/20220829073424.5677-1-maxime.coquelin@redhat.com/
+ https://lore.kernel.org/stable/20220831154923.97809-1-maxime.coquelin@redhat.com/
+Notes:
+ carnil> Asked in the Bugzilla if more information is available. SuSE
+ carnil> maintainer thinks that the fix is not yet upstream as per
+ carnil> https://bugzilla.suse.com/show_bug.cgi?id=1202573#c2.
+ carnil> https://bugzilla.redhat.com/show_bug.cgi?id=2103900#c4 confirms
+ carnil> it has not yet been upstream'ed by 2022-08-22.
+ carnil> A patch for review is posted upstream (v3 in above references)
+ carnil> For 5.19.y fixed as well in 5.19.14.
+Bugs:
+upstream: released (6.0) [46f8a29272e51b6df7393d58fc5cb8967397ef2b]
+5.10-upstream-stable: N/A "Vulnerable code introduced later"
+4.19-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (6.0.2-1)
+5.10-bullseye-security: N/A "Vulnerable code introduced later"
+4.19-buster-security: N/A "Vulnerable code introduced later"
diff --git a/retired/CVE-2022-2318 b/retired/CVE-2022-2318
new file mode 100644
index 00000000..ee18fecb
--- /dev/null
+++ b/retired/CVE-2022-2318
@@ -0,0 +1,12 @@
+Description: UAF vulnerabilities in rose protocol
+References:
+ https://www.openwall.com/lists/oss-security/2022/07/03/2
+Notes:
+ carnil> For 5.18.y fixed as well in 5.18.10.
+Bugs:
+upstream: released (5.19-rc5) [9cc02ede696272c5271a401e4f27c262359bc2f6]
+5.10-upstream-stable: released (5.10.129) [8f74cb27c2b4872fd14bf046201fa7b36a46885e]
+4.19-upstream-stable: released (4.19.251) [2661f2d88f40e35791257d73def0319b4560b74b]
+sid: released (5.18.14-1)
+5.10-bullseye-security: released (5.10.127-2) [bugfix/all/net-rose-fix-uaf-bugs-caused-by-timer-handler.patch]
+4.19-buster-security: released (4.19.260-1)
diff --git a/retired/CVE-2022-23222 b/retired/CVE-2022-23222
new file mode 100644
index 00000000..f1617701
--- /dev/null
+++ b/retired/CVE-2022-23222
@@ -0,0 +1,21 @@
+Description: bpf: Fix out of bounds access from invalid *_or_null type verification
+References:
+ https://www.openwall.com/lists/oss-security/2022/01/13/1
+ https://www.openwall.com/lists/oss-security/2022/01/18/2
+ https://github.com/tr3ee/CVE-2022-23222
+Notes:
+ carnil> For stable series in 5.10.y, 5.15.y and 5.16.y the commit "bpf:
+ carnil> Fix out of bounds access from invalid *_or_null type
+ carnil> verification" was backported for fixing the issue as the issue
+ carnil> was fixed in mainline through the larger refactoring in
+ carnil> c25b2ae136039ffa820c26138ed4a5e5f3ab3841.
+ carnil> Fixed as well in 5.16.1 for 5.16.y, 5.15.15 for 5.15.y.
+Bugs:
+upstream: released (5.17-rc1) [c25b2ae136039ffa820c26138ed4a5e5f3ab3841]
+5.10-upstream-stable: released (5.10.92) [35ab8c9085b0af847df7fac9571ccd26d9f0f513]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-2327 b/retired/CVE-2022-2327
new file mode 100644
index 00000000..e32922e1
--- /dev/null
+++ b/retired/CVE-2022-2327
@@ -0,0 +1,15 @@
+Description:
+References:
+ https://www.cve.org/CVERecord?id=CVE-2022-2327
+Notes:
+ carnil> No upstream commit exists for this issue. Denote the commit
+ carnil> wich removes any grabbing of context as the fixing commit for
+ carnil> upstream, which is 44526bedc2ff ("io_uring: remove any grabbing
+ carnil> of context").
+Bugs:
+upstream: released (5.12-rc1) [44526bedc2ff8fcd58552e3c5bae928524b6f13c]
+5.10-upstream-stable: released (5.10.125) [df3f3bb5059d20ef094d6b2f0256c4bf4127a859]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.127-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-2380 b/retired/CVE-2022-2380
new file mode 100644
index 00000000..6ef2f939
--- /dev/null
+++ b/retired/CVE-2022-2380
@@ -0,0 +1,11 @@
+Description: video: fbdev: sm712fb: Fix crash in smtcfb_read()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2105785
+Notes:
+Bugs:
+upstream: released (5.18-rc1) [bd771cf5c4254511cc4abb88f3dab3bd58bdf8e8]
+5.10-upstream-stable: released (5.10.110) [72af8810922eb143ed4f116db246789ead2d8543]
+4.19-upstream-stable: released (4.19.238) [1caa40af491dcfe17b3ae870a854388d8ea01984]
+sid: released (5.17.3-1)
+5.10-bullseye-security: released (5.10.113-1)
+4.19-buster-security: released (4.19.249-1)
diff --git a/retired/CVE-2022-23960 b/retired/CVE-2022-23960
new file mode 100644
index 00000000..ac071708
--- /dev/null
+++ b/retired/CVE-2022-23960
@@ -0,0 +1,18 @@
+Description:
+References:
+ https://www.vusec.net/projects/bhi-spectre-bhb/
+ https://github.com/vusec/bhi-spectre-bhb
+ https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/spectre-bhb
+Notes:
+ carnil> Released as well in 5.16.14 for 5.16.y.
+ carnil> For 4.19.y and 4.9.y the arm64 patches are not yet included in
+ carnil> 4.19.234 and 4.9.306.
+Bugs:
+upstream: released (5.17-rc8) [9dd78194a3722fa6712192cdd4f7032d45112a9a, 04e91b7324760a377a725e218b5ee783826d30f5, 8d9d651ff2270a632e9dc497b142db31e8911315, b9baf5c8c5c356757f4f9d8180b5e9d234065bc3, 25875aa71dfefd1959f07e626c4d285b88b27ac2, 4330e2c5c04c27bebf89d34e0bc14e6943413067, 1b33d4860deaecf1d8eec3061b7e7ed7ab0bae8d, 5bdf3437603d4af87f9c7f424b0c8aeed2420745, d739da1694a0eaef0358a42b76904b611539b77b, 03aff3a77a58b5b52a77e00537a42090ad57b80b, c091fb6ae059cda563b2a4d93fdbc548ef34e1d6, 6c5bf79b69f911560fbf82214c0971af6e58e682, ed50da7764535f1e24432ded289974f2bf2b0c5a, 13d7a08352a83ef2252aeb464a5e08dfc06b5dfd, c47e4d04ba0f1ea17353d85d45f611277507e07a, a9c406e6462ff14956d690de7bbe5131a5677dc9, aff65393fa1401e034656e349abd655cfe272de0, ba2689234be92024e5635d30fe744f4853ad97db, b28a8eebe81c186fdb1a0078263b30576c8e1f42, bd09128d16fac3c34b80bd6a29088ac632e8ce09, dee435be76f4117410bbd90573a881fd33488f37, 558c303c9734af5a813739cd284879227f7297d2, a5905d6af492ee6a4a2205f0d550b3f931b03d03, 228a26b912287934789023b4132ba76065d9491c, 58c9a5060cb7cd529d49c93954cdafe81c1d642a]
+5.10-upstream-stable: released (5.10.105) [b7f1e73c4ddf2044530091e69114a5fc1a1229d0, 46deb224680bb33c8e87440a7b909d16e5a7d7c5, 29d9b56df1e18a8ff2e669b79e511163972a8b65, 3f9c958e3572b19b1cfb9d28eeb15be0a5d80193, 302754d023a06171113e8fb20c7b2a18ebf9088f, f3c12fc53e0a1fffbe102a9501c7bb6efdabbe99, fc8070a9c5ad3e0ac343532df7d4d2d709b173a8, 86171569312b5870aaedc74b4b28d444c0f72105, b19eaa004f2eeae94a4fcf5f0cadac35cc579a72, 7ae8127e412361025e7b4a0e6347ca9e8f3ed109, dbcfa98539531bff0d7e4d6087741702dfa50f06, 162aa002ec1a78e91cf2f0b8e7450e2770b2941f, 97d8bdf33182494b7cb327ed555313d17d80c639, dc5b630c0d532140e194997d350f587dbcc78bfb, 7048a21086fb16ec67287a25b62e88b0cd17c8c3, 5242d6971e106be115d9dace9c1441f4a2e1cb25, d93b25a6654812e0511b71a6d4a207f6b1ce5dfe, bda89602814c69e6f027878209b0b9453133ada2, 5275fb5ea5f573ce1ecd2bf0bcd928abb916b43d, e55025063276fcf7b07e9340c38d70b04aa8a7b9, 8c691e5308c531deede16bef4f2d933d5f859ce7, 73ee716a1f6356ca86d16d4ffc97fcfc7961d3ef, 26211252c1c104732a0fea6c37645f1b670587f5, 49379552969acee3237387cc258848437e127d98, 3f21b7e355237aa2f8196ad44c2b7456a739518d, 56cf5326bdf9c20de9a45e4a7a4c0ae16833e561, 1f63326a5211208e2c5868650e47f13a9072afde, 13a807a0a080383ceab6c40e53c0228108423e51, 192023e6baf7cce7fb76ff3a5c24c55968c774ff, e192c8baa69ac8a5585d61ac535aa1e5eb795e80, 38c26bdb3cc53f219d6ab75ac1a95436f393c60f, 551717cf3b58f11311d10f70eb027d4b275135de, b65b87e718c33caa46d5246d8fbeda895aa9cf5b]
+4.19-upstream-stable: released (4.19.234) [dc64af755099d1e51fd64e99fe3a59b75595814a, 45c25917ceb7a5377883ef4c3a675276fba8a268, 67e1f18a972be16363c6e88d7b29cde880774164, 99e14db3b711c27f93079ba9d7f2fff169916d5f, 29db7e4b67fccf5e1fe28ec89f2add90ce74d77b], released (4.19.236) [e8bfe29afc09ac77b347540a0f4c789e6530a436, 87eccd56c52fcdd6c55b048d789da5c9c2e51ed3, 51acb81130d1feee7fd043760b75f5377ab8d4f0, 266b1ef1368e06ac4c5a89eb9774ef2bbaa54e19, ebcdd80d0016c7445e8395cec99b9ce266a26001, af484e69b5e83095609d8b5c8abaf13a5460229e, f689fa53bb944873f75fe1584f446cae1aabd2c1, 9e056623dfc538909ed2a914f70a66d68ec71ec3, 22fdfcf1c2cea8e6dc383d46cbbe59d476d24a96, 901c0a20aa94d09a9328899e2dd69a8d43a3a920, 91429ed04ebe9dbec88f97c6fd136b722bc3f3c5, e18876b523d5f5fd8b8f34721f60a470caf20aa1, 5b5ca2608fbd6f250281b6a1d0d73613f250e6f1, 7b012f6597e55a2ea4c7efe94b5d9a792b6e5757, a68912a3ae3413be5febcaa40e7e0ec1fd62adee, c20d551744797000c4af993f7d59ef8c69732949, 5f051d32b03f08a0507ac1afd7b9c0a30c8e5d59, a44e7ddb5822b943cd50c5ad6a2541fb445d58bd, ed5dec3fae86f20db52930e1d9a7cc38403994cc]
+4.9-upstream-stable: released (4.9.306) [b24d4041cfb6dab83f9edf40573375bd1365e619, dfea9912129157ba3c5a9d060e58df17fb688e72, 964aafb29a07cb7cdea71ef41a75394e879f529c, da3dfb69bbc3fdfeb3e5930fe28bcd689751a594, 48b1aa98e19d189703d518166ddb2520164b3164], released (4.9.310) [0a59e9cf1f29f446ab5a3dc91a23af8ca0cf5bea, 6835855140dc7adecd5af713a17d488f93fd8226, a212d166a9d7c35e56ba11f15d6706eee3dd499b, ee04ed16acb65f7dfde8cb74ae774f4314c5c816, 99cbe345732d49d4626052908754259ac9222bb2, 2ce6f5deed712c6768e5b19ac4e23d4aaa828ff4, 283bcb8f640ecc3e4a74f5084c15cdd9ce350951, 1f7da613bf57d10b0ff6807b36bd7eda27482ab6, bd69a09d7d229303286a685f59b9033c384f72b1, 944ecb18c729545ea73c53f9ee9b802637c549d0, ac965734ce0f87c194f0a666889a4f37436b2421, 218ddd9cb91e7bc0bb69d53fc40f600b0b217a16, aee10c2dd01383a8a01111d647b6e17b9a3cc791, 1451b7fe7a3689113e70d2936b92fa4d50e68371, 094a410426b4a5cbb0d68609050a15110124aeda, 4dd8aae585a51a1d276911fe19096ad90144e9fe, df0448480b9c2f0a2f5a5055e04afa80bf0a5301, 9396d5ede3df91cc71c70a7fb11826a10c34e775, 7815cbf19ac47ca0cc22b0d8aa25d6ec6ab2ad81]
+sid: released (5.16.14-1)
+5.10-bullseye-security: released (5.10.106-1)
+4.19-buster-security: released (4.19.235-1), released (4.19.249-1)
+4.9-stretch-security: released (4.9.320-2)
diff --git a/retired/CVE-2022-24122 b/retired/CVE-2022-24122
new file mode 100644
index 00000000..06c6eae3
--- /dev/null
+++ b/retired/CVE-2022-24122
@@ -0,0 +1,18 @@
+Description: ucount: Make get_ucount a safe get_user replacement
+References:
+ https://www.openwall.com/lists/oss-security/2022/01/29/1
+Notes:
+ carnil> Introduced in v5.14-rc1 with merge of d64696905554
+ carnil> ("Reimplement RLIMIT_SIGPENDING on top of ucounts"),
+ carnil> 6e52a9f0532f ("Reimplement RLIMIT_MSGQUEUE on top of ucounts")
+ carnil> and d7c9e99aee48 ("Reimplement RLIMIT_MEMLOCK on top of
+ carnil> ucounts").
+Bugs:
+upstream: released (5.17-rc2) [f9d87929d451d3e649699d0f1d74f71f77ad38f5]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-2) [bugfix/all/ucount-Make-get_ucount-a-safe-get_user-replacement.patch]
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-24448 b/retired/CVE-2022-24448
new file mode 100644
index 00000000..3081a0fd
--- /dev/null
+++ b/retired/CVE-2022-24448
@@ -0,0 +1,13 @@
+Description NFSv4: Handle case where the lookup of a directory fails:
+References:
+ NFSv4: Handle case where the lookup of a directory fails
+Notes:
+Bugs:
+upstream: released (5.17-rc2) [ac795161c93699d600db16c1a8cc23a65a1eceaf]
+5.10-upstream-stable: released (5.10.96) [ce8c552b88ca25d775ecd0a0fbef4e0e03de9ed2]
+4.19-upstream-stable: released (4.19.228) [b00b4c6faad0f21e443fb1584f7a8ea222beb0de]
+4.9-upstream-stable: released (4.9.300) [8788981e120694a82a3672e062fe4ea99446634a]
+sid: released (5.16.7-1)
+5.10-bullseye-security: released (5.10.92-2) [bugfix/all/NFSv4-Handle-case-where-the-lookup-of-a-directory-fa.patch]
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: released (4.9.303-1)
diff --git a/retired/CVE-2022-24958 b/retired/CVE-2022-24958
new file mode 100644
index 00000000..4728813a
--- /dev/null
+++ b/retired/CVE-2022-24958
@@ -0,0 +1,13 @@
+Description: drivers/usb/gadget/legacy/inode.c mishandles dev->buf release
+References:
+Notes:
+ carnil> Fixed as well in 5.16.13 for 5.16.y series.
+Bugs:
+upstream: released (5.17-rc1) [89f3594d0de58e8a57d92d497dea9fee3d4b9cda, 501e38a5531efbd77d5c73c0ba838a889bfc1d74]
+5.10-upstream-stable: released (5.10.104) [c13159a588818a1d2cd6519f4d3b6f7e17a9ffbd, fdd64084e405544c5c11841ca9261785c988e2a1]
+4.19-upstream-stable: released (4.19.233) [70196d12856306a17ddc3eae0f022b9c1d748e52, 6b432b7b5a77e8bfd041da0ba00c98fa31097c4e]
+4.9-upstream-stable: released (4.9.305) [be1bb345f180482b0e57768d967ef020d7cba592, e09100044e658fb7906494ed5109323ba64f3e7a]
+sid: released (5.16.14-1)
+5.10-bullseye-security: released (5.10.106-1)
+4.19-buster-security: released (4.19.235-1)
+4.9-stretch-security: released (4.9.320-2)
diff --git a/retired/CVE-2022-24959 b/retired/CVE-2022-24959
new file mode 100644
index 00000000..323dcedb
--- /dev/null
+++ b/retired/CVE-2022-24959
@@ -0,0 +1,15 @@
+Description: yam: fix a memory leak in yam_siocdevprivate()
+References:
+Notes:
+ bwh> Introduced in 4.19 by commit 0781168e23a2 "yam: fix a missing-
+ bwh> check bug". (That didn't actually fix any bug because the
+ bwh> driver never looks at the second copy of the cmd field.)
+Bugs:
+upstream: released (5.17-rc2) [29eb31542787e1019208a2e1047bb7c76c069536]
+5.10-upstream-stable: released (5.10.96) [729e54636b3ebefb77796702a5b1f1ed5586895e]
+4.19-upstream-stable: released (4.19.228) [4bd197ce18329e3725fe3af5bd27daa4256d3ac7]
+4.9-upstream-stable: N/A "Vulnerability introduced later"
+sid: released (5.16.7-1)
+5.10-bullseye-security: released (5.10.92-2) [bugfix/all/yam-fix-a-memory-leak-in-yam_siocdevprivate.patch]
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: N/A "Vulnerability introduced later"
diff --git a/retired/CVE-2022-2503 b/retired/CVE-2022-2503
new file mode 100644
index 00000000..69528be6
--- /dev/null
+++ b/retired/CVE-2022-2503
@@ -0,0 +1,11 @@
+Description: dm verity: set DM_TARGET_IMMUTABLE feature flag
+References:
+ https://github.com/google/security-research/security/advisories/GHSA-6vq3-w69p-w63m
+Notes:
+Bugs:
+upstream: released (5.19-rc1) [4caae58406f8ceb741603eee460d79bacca9b1b5]
+5.10-upstream-stable: released (5.10.120) [8df42bcd364cc3b41105215d841792aea787b133]
+4.19-upstream-stable: released (4.19.246) [6bff6107d1364c95109609c3fd680e6c8d7fa503]
+sid: released (5.18.2-1)
+5.10-bullseye-security: released (5.10.120-1)
+4.19-buster-security: released (4.19.249-1)
diff --git a/retired/CVE-2022-25258 b/retired/CVE-2022-25258
new file mode 100644
index 00000000..c6034e00
--- /dev/null
+++ b/retired/CVE-2022-25258
@@ -0,0 +1,13 @@
+Description: USB: gadget: validate interface OS descriptor requests
+References:
+ https://github.com/szymonh/d-os-descriptor
+Notes:
+Bugs:
+upstream: released (5.17-rc4) [75e5b4849b81e19e9efe1654b30d7f3151c33c2c]
+5.10-upstream-stable: released (5.10.101) [22ec1004728548598f4f5b4a079a7873409eacfd]
+4.19-upstream-stable: released (4.19.230) [e5eb8d19aee115d8fb354d1eff1b8df700467164]
+4.9-upstream-stable: released (4.9.302) [f3bcd744b0bc8dcc6cdb3ac5be20f54aecfb78a4]
+sid: released (5.16.10-1)
+5.10-bullseye-security: released (5.10.92-2) [bugfix/all/USB-gadget-validate-interface-OS-descriptor-requests.patch]
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: released (4.9.303-1)
diff --git a/retired/CVE-2022-25265 b/retired/CVE-2022-25265
new file mode 100644
index 00000000..8e6b64d2
--- /dev/null
+++ b/retired/CVE-2022-25265
@@ -0,0 +1,16 @@
+Description: x86: Old ELF binaries run with executable stack and data segment
+References:
+ https://github.com/x0reaxeax/exec-prot-bypass
+ https://github.com/torvalds/linux/blob/1c33bb0507508af24fd754dd7123bd8e997fab2f/arch/x86/include/asm/elf.h#L281-L294
+Notes:
+ bwh> This is necessary backward compatibility and can be disabled
+ bwh> through an LSM if wanted.
+Bugs:
+upstream: ignored "Not a security flaw"
+5.10-upstream-stable: ignored "Not a security flaw"
+4.19-upstream-stable: ignored "Not a security flaw"
+4.9-upstream-stable: ignored "Not a security flaw"
+sid: ignored "Not a security flaw"
+5.10-bullseye-security: ignored "Not a security flaw"
+4.19-buster-security: ignored "Not a security flaw"
+4.9-stretch-security: ignored "Not a security flaw"
diff --git a/retired/CVE-2022-25375 b/retired/CVE-2022-25375
new file mode 100644
index 00000000..e9b29ca0
--- /dev/null
+++ b/retired/CVE-2022-25375
@@ -0,0 +1,14 @@
+Description: usb: gadget: rndis: check size of RNDIS_MSG_SET command
+References:
+ https://github.com/szymonh/rndis-co
+ https://www.openwall.com/lists/oss-security/2022/02/21/1
+Notes:
+Bugs:
+upstream: released (5.17-rc4) [38ea1eac7d88072bbffb630e2b3db83ca649b826]
+5.10-upstream-stable: released (5.10.101) [fb4ff0f96de37c44236598e8b53fe43b1df36bf3]
+4.19-upstream-stable: released (4.19.230) [db9aaa3026298d652e98f777bc0f5756e2455dda]
+4.9-upstream-stable: released (4.9.302) [ff0a90739925734c91c7e39befe3f4378e0c1369]
+sid: released (5.16.10-1)
+5.10-bullseye-security: released (5.10.92-2) [bugfix/all/usb-gadget-rndis-check-size-of-RNDIS_MSG_SET-command.patch]
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: released (4.9.303-1)
diff --git a/retired/CVE-2022-25636 b/retired/CVE-2022-25636
new file mode 100644
index 00000000..775e8cf2
--- /dev/null
+++ b/retired/CVE-2022-25636
@@ -0,0 +1,18 @@
+Description: netfilter: nf_tables_offload: incorrect flow offload action array size
+References:
+ https://www.openwall.com/lists/oss-security/2022/02/21/2
+ https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git/commit/?id=b1a5983f56e371046dcf164f90bfaf704d2b89f6
+ https://github.com/Bonfee/CVE-2022-25636
+ https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/
+Notes:
+ carnil> Introduced in be2861dc36d7 ("netfilter: nft_{fwd,dup}_netdev:
+ carnil> add offload support") in 5.4-rc1.
+Bugs:
+upstream: released (5.17-rc6) [b1a5983f56e371046dcf164f90bfaf704d2b89f6]
+5.10-upstream-stable: released (5.10.103) [68f19845f580a1d3ac1ef40e95b0250804e046bb]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.16.11-1) [bugfix/all/netfilter-nf_tables_offload-incorrect-flow-offload-a.patch]
+5.10-bullseye-security: released (5.10.103-1)
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-2585 b/retired/CVE-2022-2585
new file mode 100644
index 00000000..c0048239
--- /dev/null
+++ b/retired/CVE-2022-2585
@@ -0,0 +1,14 @@
+Description: Linux kernel POSIX CPU timer UAF
+References:
+ https://www.openwall.com/lists/oss-security/2022/08/09/7
+ https://lore.kernel.org/lkml/20220809170751.164716-1-cascardo@canonical.com/T/#u
+ https://www.openwall.com/lists/oss-security/2022/08/18/3
+Notes:
+ carnil> Fixed as well in 5.18.18 for 5.18.y and in 5.19.2 for 5.19.y.
+Bugs:
+upstream: released (6.0-rc1) [e362359ace6f87c201531872486ff295df306d13]
+5.10-upstream-stable: released (5.10.137) [541840859ace9c2ccebc32fa9e376c7bd3def490]
+4.19-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (5.18.16-1) [bugfix/all/posix-cpu-timers-Cleanup-CPU-timers-before-freeing-t.patch]
+5.10-bullseye-security: released (5.10.136-1) [bugfix/all/posix-cpu-timers-Cleanup-CPU-timers-before-freeing-t.patch]
+4.19-buster-security: N/A "Vulnerable code introduced later"
diff --git a/retired/CVE-2022-2586 b/retired/CVE-2022-2586
new file mode 100644
index 00000000..05522db5
--- /dev/null
+++ b/retired/CVE-2022-2586
@@ -0,0 +1,16 @@
+Description: Linux kernel nf_tables cross-table reference UAF
+References:
+ https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t
+ https://www.openwall.com/lists/oss-security/2022/08/09/5
+ https://www.openwall.com/lists/oss-security/2022/08/18/1
+ https://www.zerodayinitiative.com/advisories/ZDI-22-1118/
+ https://www.openwall.com/lists/oss-security/2022/08/29/5
+Notes:
+ carnil> Fixed as well in 5.18.18 for 5.18.y and in 5.19.2 for 5.19.y.
+Bugs:
+upstream: released (6.0-rc1) [470ee20e069a6d05ae549f7d0ef2bdbcee6a81b2]
+5.10-upstream-stable: released (5.10.137) [1a4b18b1ff11ba26f9a852019d674fde9d1d1cff]
+4.19-upstream-stable: released (4.19.256) [77d3b5038b7462318f5183e2ad704b01d57215a2]
+sid: released (5.18.16-1) [bugfix/all/netfilter-nf_tables-do-not-allow-SET_ID-to-refer-to-.patch]
+5.10-bullseye-security: released (5.10.136-1) [bugfix/all/netfilter-nf_tables-do-not-allow-SET_ID-to-refer-to-.patch]
+4.19-buster-security: released (4.19.260-1)
diff --git a/retired/CVE-2022-2588 b/retired/CVE-2022-2588
new file mode 100644
index 00000000..8e0d571d
--- /dev/null
+++ b/retired/CVE-2022-2588
@@ -0,0 +1,15 @@
+Description: Linux kernel cls_route UAF
+References:
+ https://www.openwall.com/lists/oss-security/2022/08/09/6
+ https://lore.kernel.org/netdev/20220809170518.164662-1-cascardo@canonical.com/T/#u
+ https://www.openwall.com/lists/oss-security/2022/08/18/2
+ https://www.zerodayinitiative.com/advisories/ZDI-22-1117/
+Notes:
+ carnil> Fixed as well in 5.18.18 for 5.18.y and in 5.19.2 for 5.19.y.
+Bugs:
+upstream: released (6.0-rc1) [9ad36309e2719a884f946678e0296be10f0bb4c1]
+5.10-upstream-stable: released (5.10.137) [7018f03d97daf344e49b16200caf4363a1407cab]
+4.19-upstream-stable: released (4.19.256) [73584dab72d0a826f286a45544305819b58f7b92]
+sid: released (5.18.16-1) [bugfix/all/net_sched-cls_route-remove-from-list-when-handle-is-.patch]
+5.10-bullseye-security: released (5.10.136-1) [bugfix/all/net_sched-cls_route-remove-from-list-when-handle-is-.patch]
+4.19-buster-security: released (4.19.260-1)
diff --git a/retired/CVE-2022-2590 b/retired/CVE-2022-2590
new file mode 100644
index 00000000..6037d2c6
--- /dev/null
+++ b/retired/CVE-2022-2590
@@ -0,0 +1,22 @@
+Description: mm/gup: fix FOLL_FORCE COW security issue and remove FOLL_COW
+References:
+ https://lore.kernel.org/linux-mm/20220808073232.8808-1-david@redhat.com/
+ https://www.openwall.com/lists/oss-security/2022/08/08/1
+ https://lore.kernel.org/all/20220809205640.70916-1-david@redhat.com/
+ https://www.openwall.com/lists/oss-security/2022/08/15/1
+Notes:
+ carnil> Commit fixes 9ae0f87d009c ("mm/shmem: unconditionally set pte
+ carnil> dirty in mfill_atomic_install_pte") in 5.16-rc1.
+ carnil> David Hildenbrand reports that "Kernels before extended uffd-wp
+ carnil> support and before PageAnonExclusive (< 5.19) can simply revert
+ carnil> the problematic commit instead and be safe regarding
+ carnil> UFFDIO_CONTINUE. A backport to v5.19 requires minor adjustments
+ carnil> due to lack of vma_soft_dirty_enabled()."
+ carnil> Fix is backported as well to 5.19.6 for 5.19.y
+Bugs:
+upstream: released (6.0-rc3) [5535be3099717646781ce1540cf725965d680e7b]
+5.10-upstream-stable: N/A "Vulnerable code introduced later"
+4.19-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (5.18.16-1) [bugfix/all/Revert-mm-shmem-unconditionally-set-pte-dirty-in-mfi.patch]
+5.10-bullseye-security: N/A "Vulnerable code introduced later"
+4.19-buster-security: N/A "Vulnerable code introduced later"
diff --git a/retired/CVE-2022-2602 b/retired/CVE-2022-2602
new file mode 100644
index 00000000..ce5b755e
--- /dev/null
+++ b/retired/CVE-2022-2602
@@ -0,0 +1,14 @@
+Description: io_uring/af_unix: defer registered files gc to io_uring release
+References:
+ https://www.openwall.com/lists/oss-security/2022/10/18/4
+ https://www.openwall.com/lists/oss-security/2022/10/27/3
+ https://blog.hacktivesecurity.com/index.php/2022/12/21/cve-2022-2602-dirtycred-file-exploitation-applied-on-an-io_uring-uaf/
+Notes:
+ carnil> For 6.0.y fixed in 6.0.3.
+Bugs:
+upstream: released (6.1-rc1) [0091bfc81741b8d3aeb3b7ab8636f911b2de6e80]
+5.10-upstream-stable: released (5.10.150) [c378c479c5175833bb22ff71974cda47d7b05401]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.3-1)
+5.10-bullseye-security: released (5.10.148-1) [bugfix/all/io_uring-af_unix-defer-registered-files-gc-to-io_uri.patch]
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-26365 b/retired/CVE-2022-26365
new file mode 100644
index 00000000..5bb9a727
--- /dev/null
+++ b/retired/CVE-2022-26365
@@ -0,0 +1,12 @@
+Description: Xen Linux disk/nic frontends data leaks
+References:
+ https://xenbits.xen.org/xsa/advisory-403.html
+Notes:
+ carnil> For 5.18.y fixed as well in 5.18.10.
+Bugs:
+upstream: released (5.19-rc6) [2f446ffe9d737e9a844b97887919c4fda18246e7]
+5.10-upstream-stable: released (5.10.129) [cfea428030be836d79a7690968232bb7fa4410f1]
+4.19-upstream-stable: released (4.19.251) [f4a1391185e30c977bfe1648435c152f806211c7]
+sid: released (5.18.14-1)
+5.10-bullseye-security: released (5.10.127-2) [bugfix/all/xen-blkfront-fix-leaking-data-in-shared-pages.patch]
+4.19-buster-security: released (4.19.260-1)
diff --git a/retired/CVE-2022-26373 b/retired/CVE-2022-26373
new file mode 100644
index 00000000..6d3114cb
--- /dev/null
+++ b/retired/CVE-2022-26373
@@ -0,0 +1,13 @@
+Description: Post-Barrier Return Stack Buffer Predictions (PBRSB)
+References:
+ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00706.html
+ https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/post-barrier-return-stack-buffer-predictions.html
+Notes:
+ carnil> Fixed as well in 5.18.17 for 5.18.y and 5.19.1 for 5.19.y.
+Bugs:
+upstream: released (6.0-rc1) [2b1299322016731d56807aa49254a5ea3080b6b3, ba6e31af2be96c4d0536f2152ed6f7b6c11bca47]
+5.10-upstream-stable: released (5.10.136) [509c2c9fe75ea7493eebbb6bb2f711f37530ae19, 1bea03b44ea2267988cce064f5887b01d421b28c]
+4.19-upstream-stable: released (4.19.255) [b6c5011934a15762cd694e36fe74f2f2f93eac9b, b1c9f470fb724d3cfd6cf8fe4a70c2ec4de2e9f4]
+sid: released (5.18.16-1) [bugfix/x86/pbrsb/0001-x86-speculation-Add-RSB-VM-Exit-protections.patch, bugfix/x86/pbrsb/0002-x86-speculation-Add-LFENCE-to-RSB-fill-sequence.patch]
+5.10-bullseye-security: released (5.10.136-1)
+4.19-buster-security: released (4.19.260-1)
diff --git a/retired/CVE-2022-2639 b/retired/CVE-2022-2639
new file mode 100644
index 00000000..9866b660
--- /dev/null
+++ b/retired/CVE-2022-2639
@@ -0,0 +1,11 @@
+Description: openvswitch: fix OOB access in reserve_sfa_size()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2084479
+Notes:
+Bugs:
+upstream: released (5.18-rc4) [cefa91b2332d7009bc0be5d951d6cbbf349f90f8]
+5.10-upstream-stable: released (5.10.113) [0837ff17d052b7d755d5086208c3445867aaff82]
+4.19-upstream-stable: released (4.19.240) [bbbf059337f9a74285c1cf088ff85ee92d149e64]
+sid: released (5.17.6-1)
+5.10-bullseye-security: released (5.10.113-1)
+4.19-buster-security: released (4.19.249-1)
diff --git a/retired/CVE-2022-26490 b/retired/CVE-2022-26490
new file mode 100644
index 00000000..f75cc711
--- /dev/null
+++ b/retired/CVE-2022-26490
@@ -0,0 +1,17 @@
+Description: nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
+References:
+Notes:
+ bwh> Driver is not enabled in Debian configurations. I think that
+ bwh> the messages being parsed are generated by device firmware,
+ bwh> which would make this hard to exploit.
+ bwh> The same bug exists in the similar st-nci driver.
+ carnil> Fixed as well in 5.16.18 for 5.16.y.
+Bugs:
+upstream: released (5.17-rc1) [4fbcc1a4cb20fe26ad0225679c536c80f1648221]
+5.10-upstream-stable: released (5.10.109) [25c23fe40e6e1ef8e6d503c52b4f518b2e520ab7]
+4.19-upstream-stable: released (4.19.237) [0043b74987acb44f1ade537aad901695511cfebe]
+4.9-upstream-stable: released (4.9.309) [c1184fa07428fb81371d5863e09795f0d06d35cf]
+sid: released (5.16.18-1)
+5.10-bullseye-security: released (5.10.113-1)
+4.19-buster-security: released (4.19.249-1)
+4.9-stretch-security: released (4.9.320-2)
diff --git a/retired/CVE-2022-2663 b/retired/CVE-2022-2663
new file mode 100644
index 00000000..aa09e5ac
--- /dev/null
+++ b/retired/CVE-2022-2663
@@ -0,0 +1,17 @@
+Description: netfilter: nf_conntrack_irc: Tighten matching on DCC message
+References:
+ https://www.openwall.com/lists/oss-security/2022/08/30/1
+ https://lore.kernel.org/netfilter-devel/20220826045658.100360-1-dgl@dgl.cx/T/
+ https://dgl.cx/2022/08/nat-again-irc-cve-2022-2663
+Notes:
+ carnil> For 5.19.y fixed as well in 5.19.9.
+ bwh> There are two related fixes that seem to share this single
+ bwh> CVE ID, but for some reason they weren't applied together.
+ bwh> Second was applied in 5.19.12.
+Bugs:
+upstream: released (6.0-rc5) [0efe125cfb99e6773a7434f3463f7c2fa28f3a43], released (6.0-rc7) [e8d5dfd1d8747b56077d02664a8838c71ced948e]
+5.10-upstream-stable: released (5.10.143) [e12ce30fe593dd438c5b392290ad7316befc11ca], released (5.10.146) [9a5d7e0acb41bb2aac552f8eeb4b404177f3f66d]
+4.19-upstream-stable: released (4.19.258) [3275f7804f40de3c578d2253232349b07c25f146], released (4.19.260) [468adf7aab7a30ffe4467e2c981a65568ba84f0b]
+sid: released (5.19.11-1), released (6.0.2-1)
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: released (4.19.260-1)
diff --git a/retired/CVE-2022-26878 b/retired/CVE-2022-26878
new file mode 100644
index 00000000..373e0eaa
--- /dev/null
+++ b/retired/CVE-2022-26878
@@ -0,0 +1,16 @@
+Description: Bluetooth: virtio_bt: fix memory leak in virtbt_rx_handle()
+References:
+ https://lore.kernel.org/linux-bluetooth/1A203F5E-FB5E-430C-BEA3-86B191D69D58@holtmann.org/
+Notes:
+ carnil> Commit fixes afd2daa26c7a ("Bluetooth: Add support for virtio
+ carnil> transport driver") in 5.13-rc1. Additionally BT_VIRTIO is not
+ carnil> set in Debian.
+Bugs:
+upstream: released (5.17-rc1) [ad7cb5f6fa5f7ea37208c98a9457dd98025a89ca]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.16.7-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-26966 b/retired/CVE-2022-26966
new file mode 100644
index 00000000..63292a37
--- /dev/null
+++ b/retired/CVE-2022-26966
@@ -0,0 +1,12 @@
+Description: sr9700: sanity check for packet length
+References:
+Notes:
+Bugs:
+upstream: released (5.17-rc6) [e9da0b56fe27206b49f39805f7dcda8a89379062]
+5.10-upstream-stable: released (5.10.103) [4f5f5411f0c14ac0b61d5e6a77d996dd3d5b5fd3]
+4.19-upstream-stable: released (4.19.232) [dde5ddf02a47487dd6efcc7077307f1d4e1ba337]
+4.9-upstream-stable: released (4.9.304) [89260e0e191e8a3a9872f72836bdf0641853c87f]
+sid: released (5.16.12-1)
+5.10-bullseye-security: released (5.10.103-1)
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: released (4.9.320-2)
diff --git a/retired/CVE-2022-27223 b/retired/CVE-2022-27223
new file mode 100644
index 00000000..bd3dedb5
--- /dev/null
+++ b/retired/CVE-2022-27223
@@ -0,0 +1,12 @@
+Description: USB: gadget: validate endpoint index for xilinx udc
+References:
+Notes:
+Bugs:
+upstream: released (5.17-rc6) [7f14c7227f342d9932f9b918893c8814f86d2a0d]
+5.10-upstream-stable: released (5.10.103) [bfa8ffbaaaaf9752f66bc7cabcef2de715e7621f]
+4.19-upstream-stable: released (4.19.232) [ebc465e894890a534ce05e035eae4829a2a47ba1]
+4.9-upstream-stable: released (4.9.304) [958b6ab4d70bf991e8c90233504d4cb863aaef8a]
+sid: released (5.16.12-1)
+5.10-bullseye-security: released (5.10.103-1)
+4.19-buster-security: released (4.19.232-1)
+4.9-stretch-security: released (4.9.320-2)
diff --git a/retired/CVE-2022-27666 b/retired/CVE-2022-27666
new file mode 100644
index 00000000..66cf9b79
--- /dev/null
+++ b/retired/CVE-2022-27666
@@ -0,0 +1,15 @@
+Description: esp: Fix possible buffer overflow in ESP transformation
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2061633
+Notes:
+ carnil> For 5.16.y fixed as well in 5.16.15.
+ bwh> Introduced in 4.11 by commits referenced in the fix.
+Bugs:
+upstream: released (5.17-rc8) [ebe48d368e97d007bfeb76fcb065d6cfc4c96645]
+5.10-upstream-stable: released (5.10.108) [9248694dac20eda06e22d8503364dc9d03df4e2f]
+4.19-upstream-stable: released (4.19.237) [ce89087966651ad41e103770efc5ce2742046284]
+4.9-upstream-stable: N/A "Vulnerability introduced later"
+sid: released (5.16.18-1)
+5.10-bullseye-security: released (5.10.113-1)
+4.19-buster-security: released (4.19.249-1)
+4.9-stretch-security: N/A "Vulnerability introduced later"
diff --git a/retired/CVE-2022-2785 b/retired/CVE-2022-2785
new file mode 100644
index 00000000..28130422
--- /dev/null
+++ b/retired/CVE-2022-2785
@@ -0,0 +1,14 @@
+Description: bpf: Disallow bpf programs call prog_run command
+References:
+ https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=86f44fcec22ce2979507742bc53db8400e454f46
+ https://lore.kernel.org/bpf/20220816205517.682470-1-zhuyifei@google.com/T/#t
+Notes:
+ carnil> Introduced by b1d18a7574d0 ("bpf: Extend sys_bpf commands for
+ carnil> bpf_syscall programs.") in 5.18-rc1.
+Bugs:
+upstream: released (6.0-rc1) [86f44fcec22ce2979507742bc53db8400e454f46]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.19.6-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-27950 b/retired/CVE-2022-27950
new file mode 100644
index 00000000..40747d23
--- /dev/null
+++ b/retired/CVE-2022-27950
@@ -0,0 +1,15 @@
+Description: HID: elo: fix memory leak in elo_probe
+References:
+ https://www.openwall.com/lists/oss-security/2022/03/13/1
+Notes:
+ carnil> Commit fixes fbf42729d0e9 ("HID: elo: update the reference
+ carnil> count of the usb device structure") in 5.15-rc1.
+Bugs:
+upstream: released (5.17-rc5) [817b8b9c5396d2b2d92311b46719aad5d3339dbe]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.16.11-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-28356 b/retired/CVE-2022-28356
new file mode 100644
index 00000000..1ed80dde
--- /dev/null
+++ b/retired/CVE-2022-28356
@@ -0,0 +1,13 @@
+Description: llc: fix netdevice reference leaks in llc_ui_bind()
+References:
+ https://www.openwall.com/lists/oss-security/2022/04/06/1
+Notes:
+Bugs:
+upstream: released (5.18-rc1) [764f4eb6846f5475f1244767d24d25dd86528a4a]
+5.10-upstream-stable: released (5.10.109) [571df3393f523b59cba87e2f3e80a3a624030f9c]
+4.19-upstream-stable: released (4.19.237) [d14193111c436fc5de33206c67c7afd45c730099]
+4.9-upstream-stable: released (4.9.309) [0a7aad979bfb43c4a78d33a5f356caf4ceb28bca]
+sid: released (5.16.18-1)
+5.10-bullseye-security: released (5.10.113-1)
+4.19-buster-security: released (4.19.249-1)
+4.9-stretch-security: released (4.9.320-2)
diff --git a/retired/CVE-2022-28388 b/retired/CVE-2022-28388
new file mode 100644
index 00000000..8a713528
--- /dev/null
+++ b/retired/CVE-2022-28388
@@ -0,0 +1,15 @@
+Description: can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path
+References:
+Notes:
+ carnil> For 5.16.y fixed as well in 5.16.19 and for 5.17.y fixed in
+ carnil> 5.17.2.
+ bwh> The fix says this bug was present since the driver was added in 3.9.
+Bugs:
+upstream: released (5.18-rc1) [3d3925ff6433f98992685a9679613a2cc97f3ce2]
+5.10-upstream-stable: released (5.10.110) [5318cdf4fd834856ce71238b064f35386f9ef528]
+4.19-upstream-stable: released (4.19.240) [8eb78da898079c0d7250c32ebf0c35fb81737abe]
+4.9-upstream-stable: needed
+sid: released (5.17.3-1)
+5.10-bullseye-security: released (5.10.113-1)
+4.19-buster-security: released (4.19.249-1)
+4.9-stretch-security: ignored "EOL"
diff --git a/retired/CVE-2022-28389 b/retired/CVE-2022-28389
new file mode 100644
index 00000000..983d813e
--- /dev/null
+++ b/retired/CVE-2022-28389
@@ -0,0 +1,15 @@
+Description: can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path
+References:
+Notes:
+ carnil> For 5.16.y fixed as well in 5.16.19 and for 5.17.y fixed in
+ carnil> 5.17.2.
+ bwh> The fix says this bug was present since the driver was added in 4.12.
+Bugs:
+upstream: released (5.18-rc1) [04c9b00ba83594a29813d6b1fb8fdc93a3915174]
+5.10-upstream-stable: released (5.10.110) [0801a51d79389282c1271e623613b2e1886e071e]
+4.19-upstream-stable: released (4.19.238) [a8bba9fd73775e66b4021b18f2193f769ce48a59]
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.17.3-1)
+5.10-bullseye-security: released (5.10.113-1)
+4.19-buster-security: released (4.19.249-1)
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-28390 b/retired/CVE-2022-28390
new file mode 100644
index 00000000..0139eb82
--- /dev/null
+++ b/retired/CVE-2022-28390
@@ -0,0 +1,15 @@
+Description: can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path
+References:
+Notes:
+ carnil> For 5.16.y fixed as well in 5.16.19 and for 5.17.y as well in
+ carnil> 5.17.2.
+ bwh> The fix says this bug was present since the driver was added in 2.6.32.
+Bugs:
+upstream: released (5.18-rc1) [c70222752228a62135cee3409dccefd494a24646]
+5.10-upstream-stable: released (5.10.110) [b417f9c50586588754b2b0453a1f99520cf7c0e8]
+4.19-upstream-stable: released (4.19.238) [dec3ed0c76483748268bf36ec278af660b0f80ba]
+4.9-upstream-stable: released (4.9.311) [e9c4ee674586ff0b098d17638af719aa56c9c272]
+sid: released (5.17.3-1)
+5.10-bullseye-security: released (5.10.113-1)
+4.19-buster-security: released (4.19.249-1)
+4.9-stretch-security: released (4.9.320-2)
diff --git a/retired/CVE-2022-2873 b/retired/CVE-2022-2873
new file mode 100644
index 00000000..09a7198d
--- /dev/null
+++ b/retired/CVE-2022-2873
@@ -0,0 +1,19 @@
+Description: i2c: ismt: Fix an out-of-bounds bug in ismt_access()
+References:
+ https://lore.kernel.org/lkml/20220729093451.551672-1-zheyuma97@gmail.com/T/
+ https://bugzilla.redhat.com/show_bug.cgi?id=2119048
+ https://bugzilla.redhat.com/show_bug.cgi?id=2119048#c20
+Notes:
+ carnil> Tracking for this CVE is quite confusing, as Red Hat Bugzilla
+ carnil> entries RHBZ#2119048 and RHBZ#2123309 differ in views. For now
+ carnil> we have to track the two CVEs according to what we have in
+ carnil> those two bugzilla entries are the CVEs are assigned by Red Hat
+ carnil> CNA. Trying to monitor both.
+ carnil> Fixed as well in 6.1.2 for 6.1.y and 6.0.16 for 6.0.y.
+Bugs:
+upstream: released (6.2-rc1) [39244cc754829bf707dccd12e2ce37510f5b1f8d]
+5.10-upstream-stable: released (5.10.163) [9ac541a0898e8ec187a3fa7024b9701cffae6bf2]
+4.19-upstream-stable: released (4.19.270) [bfe41d966c860a8ad4c735639d616da270c92735]
+sid: released (6.1.4-1)
+5.10-bullseye-security: released (5.10.162-1) [bugfix/all/i2c-ismt-Fix-an-out-of-bounds-bug-in-ismt_access.patch]
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2022-28796 b/retired/CVE-2022-28796
new file mode 100644
index 00000000..fb85d31c
--- /dev/null
+++ b/retired/CVE-2022-28796
@@ -0,0 +1,16 @@
+Description: jbd2: fix use-after-free of transaction_t race
+References:
+Notes:
+ carnil> Commit fixes 4f9818684870 ("jbd2: refactor wait logic for
+ carnil> transaction updates into a common function") in 5.17-rc3.
+ carnil> Issue fixed as well in 5.17.1 for 5.17.y and so newer in
+ carnil> unstable affected.
+Bugs:
+upstream: released (5.18-rc1) [cc16eecae687912238ee6efbff71ad31e2bc414e]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-28893 b/retired/CVE-2022-28893
new file mode 100644
index 00000000..0b495612
--- /dev/null
+++ b/retired/CVE-2022-28893
@@ -0,0 +1,13 @@
+Description: SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
+References:
+Notes:
+ carnil> For 5.17.y fixed in 5.17.3 and for 5.16.y fixed in 5.16.20.
+Bugs:
+upstream: released (5.18-rc2) [f00432063db1a0db484e85193eccc6845435b80e]
+5.10-upstream-stable: released (5.10.117) [e68b60ae29de10c7bd7636e227164a8dbe305a82]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.17.3-1)
+5.10-bullseye-security: released (5.10.120-1)
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-2905 b/retired/CVE-2022-2905
new file mode 100644
index 00000000..710eb13a
--- /dev/null
+++ b/retired/CVE-2022-2905
@@ -0,0 +1,17 @@
+Description: bpf: Don't use tnum_range on array range checking for poke descriptors
+References:
+ https://lore.kernel.org/all/984b37f9fdf7ac36831d2137415a4a915744c1b6.1661462653.git.daniel@iogearbox.net/
+ https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=a657182a5c5150cdfacb6640aad1d2712571a409
+ https://www.openwall.com/lists/oss-security/2022/08/26/1
+ https://bugzilla.redhat.com/show_bug.cgi?id=2121800
+Notes:
+ carnil> Introduced by d2e4c1e6c294 ("bpf: Constant map key tracking for
+ carnil> prog array pokes") in 5.5-rc1.
+ carnil> Fixed as well in 5.19.6 for 5.19.y.
+Bugs:
+upstream: released (6.0-rc4) [a657182a5c5150cdfacb6640aad1d2712571a409]
+5.10-upstream-stable: released (5.10.140) [e8979807178434db8ceaa84dfcd44363e71e50bb]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.19.6-1)
+5.10-bullseye-security: released (5.10.140-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-29156 b/retired/CVE-2022-29156
new file mode 100644
index 00000000..806141af
--- /dev/null
+++ b/retired/CVE-2022-29156
@@ -0,0 +1,15 @@
+Description: RDMA/rtrs-clt: Fix possible double free in error case
+References:
+Notes:
+ carnil> Issue introduced by eab098246625 ("RDMA/rtrs-clt: Refactor the
+ carnil> failure cases in alloc_clt") in 5.12-rc1 but backported as well
+ carnil> to 5.10.20 and 5.11.3.
+Bugs:
+upstream: released (5.17-rc6) [8700af2cc18c919b2a83e74e0479038fd113c15d]
+5.10-upstream-stable: released (5.10.103) [8260f1800f83e667f26c80baa7f0b9d92ae271d7]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.16.12-1)
+5.10-bullseye-security: released (5.10.103-1)
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-2938 b/retired/CVE-2022-2938
new file mode 100644
index 00000000..3d141cfa
--- /dev/null
+++ b/retired/CVE-2022-2938
@@ -0,0 +1,11 @@
+Description: psi: Fix uaf issue when psi trigger is destroyed while being polled
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2120175
+Notes:
+Bugs:
+upstream: released (5.17-rc2) [a06247c6804f1a7c86a2e5398a4c1f1db1471848]
+5.10-upstream-stable: released (5.10.97) [d4e4e61d4a5b87bfc9953c306a11d35d869417fd]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.16.7-1)
+5.10-bullseye-security: released (5.10.103-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-29581 b/retired/CVE-2022-29581
new file mode 100644
index 00000000..7ab64aba
--- /dev/null
+++ b/retired/CVE-2022-29581
@@ -0,0 +1,15 @@
+Description: net/sched: cls_u32: fix netns refcount changes in u32_change()
+References:
+ https://www.openwall.com/lists/oss-security/2022/05/18/2
+Notes:
+ carnil> Introduced in 35c55fc156d8 ("cls_u32: use tcf_exts_get_net()
+ carnil> before call_rcu()" in 4.14.
+Bugs:
+upstream: released (5.18-rc4) [3db09e762dc79584a69c10d74a6b98f89a9979f8]
+5.10-upstream-stable: released (5.10.113) [43ce33a68e2bcc431097e1075aad5393d0bf53ba]
+4.19-upstream-stable: released (4.19.241) [75b0cc7904da7b40c6e8f2cf3ec4223b292b1184]
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.17.6-1)
+5.10-bullseye-security: released (5.10.113-1)
+4.19-buster-security: released (4.19.249-1)
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-29582 b/retired/CVE-2022-29582
new file mode 100644
index 00000000..bd998ce3
--- /dev/null
+++ b/retired/CVE-2022-29582
@@ -0,0 +1,16 @@
+Description: io_uring: fix race between timeout flush and removal
+References:
+ https://www.openwall.com/lists/oss-security/2022/04/22/3
+ https://ruia-ruia.github.io/2022/08/05/CVE-2022-29582-io-uring/
+ https://github.com/Ruia-ruia/CVE-2022-29582-Exploit
+Notes:
+ carnil> For 5.17.y fixed as well in 5.17.3.
+Bugs:
+upstream: released (5.18-rc2) [e677edbcabee849bfdd43f1602bccbecf736a646]
+5.10-upstream-stable: released (5.10.111) [2827328e646d0c2d3db1bfcad4b5f5016ce0d643]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.17.3-1)
+5.10-bullseye-security: released (5.10.113-1)
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-2959 b/retired/CVE-2022-2959
new file mode 100644
index 00000000..76ec948f
--- /dev/null
+++ b/retired/CVE-2022-2959
@@ -0,0 +1,16 @@
+Description: pipe: Fix missing lock in pipe_resize_ring()
+References:
+ https://www.zerodayinitiative.com/advisories/ZDI-CAN-17291/
+Notes:
+ carnil> Commit fixes c73be61cede5 ("pipe: Add general notification
+ carnil> queue support") in 5.8-rc1.
+ carnil> Fixed for 5.17.y in 5.17.13 and for 5.18.y in 5.18.2.
+Bugs:
+upstream: released (5.19-rc1) [189b0ddc245139af81198d1a3637cac74f96e13a]
+5.10-upstream-stable: released (5.10.120) [8fbd54ab06c955d247c1a91d5d980cddc868f1e7]
+4.19-upstream-stable: N/A "Vulnerable code introduced later"
+4.9-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (5.18.2-1)
+5.10-bullseye-security: released (5.10.120-1)
+4.19-buster-security: N/A "Vulnerable code introduced later"
+4.9-stretch-security: N/A "Vulnerable code introduced later"
diff --git a/retired/CVE-2022-2964 b/retired/CVE-2022-2964
new file mode 100644
index 00000000..88379736
--- /dev/null
+++ b/retired/CVE-2022-2964
@@ -0,0 +1,13 @@
+Description: net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
+References:
+ ttps://www.spinics.net/lists/stable/msg536418.html
+Notes:
+ carnil> Commit fixes e2ca90c276e1 ("ax88179_178a: ASIX AX88179_178A USB
+ carnil> 3.0/2.0 to gigabit ethernet adapter driver") in 3.9-rc2.
+Bugs:
+upstream: released (5.17-rc4) [57bc3d3ae8c14df3ceb4e17d26ddf9eeab304581]
+5.10-upstream-stable: released (5.10.101) [758290defe93a865a2880d10c5d5abd288b64b5d]
+4.19-upstream-stable: released (4.19.231) [1668781ed24da43498799aa4f65714a7de201930]
+sid: released (5.16.10-1)
+5.10-bullseye-security: released (5.10.103-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/retired/CVE-2022-2977 b/retired/CVE-2022-2977
new file mode 100644
index 00000000..b49d00a6
--- /dev/null
+++ b/retired/CVE-2022-2977
@@ -0,0 +1,13 @@
+Description:
+References:
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9d8e7007dc7c4d7c8366739bbcd3f5e51dcd470f
+Notes:
+ carnil> From the series, 7e0438f83dc7 ("tpm: fix reference counting for
+ carnil> struct tpm_chip") should be the fix.
+Bugs:
+upstream: released (5.18-rc1) [7e0438f83dc769465ee663bb5dcf8cc154940712]
+5.10-upstream-stable: released (5.10.110) [290e05f346d1829e849662c97e42d5ad984f5258]
+4.19-upstream-stable: released (4.19.238) [cb64bd038beacb4331fe464a36c8b5481e8f51e2]
+sid: released (5.17.3-1)
+5.10-bullseye-security: released (5.10.113-1)
+4.19-buster-security: released (4.19.249-1)
diff --git a/retired/CVE-2022-2978 b/retired/CVE-2022-2978
new file mode 100644
index 00000000..3fd979e3
--- /dev/null
+++ b/retired/CVE-2022-2978
@@ -0,0 +1,11 @@
+Description: fs: fix UAF/GPF bug in nilfs_mdt_destroy
+References:
+ https://lore.kernel.org/linux-fsdevel/20220816040859.659129-1-dzm91@hust.edu.cn/T/#u
+Notes:
+Bugs:
+upstream: released (6.1-rc1) [2e488f13755ffbb60f307e991b27024716a33b29]
+5.10-upstream-stable: released (5.10.148) [1e555c3ed1fce4b278aaebe18a64a934cece57d8]
+4.19-upstream-stable: released (4.19.262) [ec2aab115eb38ac4992ea2fcc2a02fbe7af5cf48]
+sid: released (6.0.2-1)
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: released (4.19.269-1)
diff --git a/retired/CVE-2022-29900 b/retired/CVE-2022-29900
new file mode 100644
index 00000000..585cdb1a
--- /dev/null
+++ b/retired/CVE-2022-29900
@@ -0,0 +1,28 @@
+Description: Information leak through mispredicted returns on AMD processors
+References:
+ https://comsec.ethz.ch/research/microarch/retbleed/
+ https://comsec.ethz.ch/wp-content/files/retbleed_sec22.pdf
+ https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037
+Notes:
+ bwh> Also known as "RETbleed", but is different from the Intel issue.
+ bwh> This is a symptom of the more general Branch Type Confusion.
+ bwh> Mitigations in order of preference: untrained return thunk or
+ bwh> IBPB on kernel entry.
+ bwh> AMD family 15h (earth movers), 16h (Jaguar, Puma), 17h (Zen,
+ bwh> Zen+, Zen 2), and Hygon family 18h (Dhyana) are affected.
+ bwh> Released in 5.18.14.
+ carnil> Tried to collect the relevant commit ids from 5.10.133 for the
+ carnil> issue, please double check. Some surrounding prerequisites and
+ carnil> followups are missing in the list in any case. Updating to
+ carnil> 5.10.133 and following is the best strategy.
+ carnil> AMD continues to track both CVE-2022-29900 and CVE-2022-23816 in
+ carnil> amd-sb-1037
+ carnil> One commit was for some stable series reverted, "x86/ftrace:
+ carnil> Use alternative RET encoding" and redone.
+Bugs:
+upstream: released (5.19-rc7) [742ab6df974ae8384a2dd213db1a3a06cf6d8936, a883d624aed463c84c22596006e5a96f5b44db31, 369ae6ffc41a3c1137cab697635a84d0cc7cdcea, 00e1533325fd1fb5459229fe37f235462649f668, 0b53c374b9eff2255a386f1f1cfb9a928e52a5ae, 15e67227c49a57837108acfe1c80570e1bd9f962, d9e9d2300681d68a775c28de6aa6e5290ae17796, ee88d363d15617ff50ac24fab0ffec11113b2aeb, 1f001e9da6bbf482311e45e48f53c2bd2179e59c, d77cfe594ad50e0bf95d457e02ccd578791b2a15, af2e140f34208a5dfb6b7a8ad2d56bda88f0524d, 15583e514eb16744b80be85dea0774ece153177d, 0ee9073000e8791f8b134a8ded31bcc767f7f232, aa3d480315ba6c3025a60958e1981072ea37c3df, 7c81c0c9210c9bfab2bae76aab2999de5bad27db, 951ddecf435659553ed15a9214e153a3af43a9a1, a149180fbcf336e97ce4eb2cdc13672727feb94d, 6b80b59b3555706508008f1f127b5412c89c7fd8, 7fbf47c7ce50b38a64576b150e7011ae73d54669, e8ec1b6e08a2102d8755ccb06fa26d540f26a2fa, caa0ff24d5d0e02abce5e65c3d2b7f20a6617be5, 2dbb887e875b1de3ca8f40ddf26bcfe55798c609, c779bc1a9002fa474175b80e72b85c9bf628abb0, 7c693f54c873691a4b7da05c7e0f74e67745d144, 166115c08a9b0b846b783088808a27d739be6e8d, 6ad0ad2bf8a67e27d1f9d006a1dabb0e1c360cc3, bf5835bcdb9635c97f85120dba9bfa21e111130f, 9bb2ec608a209018080ca262f771e6a9ff203b6f, b75b7f8ef1148be1b9321ffc2f6c19238904b438, d147553b64bad34d2f92cb7d8ba454ae95c3baac, 3ebc170068885b6fc7bedda6c667bb2c4d533159, 0fe4aeea9c01baabecc8c3afc7889c809d939bc2, a09a6e2399ba0595c3042b3164f3ca68a3cff33e, d7caac991feeef1b871ee6988fd2c9725df09039, b2620facef4889fefcbf2e87284f34dcd4189bce, e6aa13622ea8283cc699cac5d018cc40a2ba2010, 56aa4d221f1ee2c3a49b45b800778ec6e0ab73c5, bbb69e8bee1bd882784947095ffb2bfe0f7c9470, acac5e98ef8d638a411cfa2ee676c87e1973f126, 8faea26e611189e933ea2281975ff4dc7c1106b6, 8bd200d23ec42d66ccd517a72dd0b9cc6132d2fd, bb06650634d3552c0f8557e9d16aa1a408040e28, fc02735b14fff8c6678b521d324ade27b1a3d4cf, bea7e31a5caccb6fe8ed989c065072354f0ecb52, 9756bba28470722dacb79ffce554336dd1f6a6cd, 07853adc29a058c5fd143c14e5ac528448a72ed9, 7a05bc95ed1c5a59e47aaade9fb4083c27de9e62, 26aae8ccbc1972233afd08fb3f368947c0314265, f43b9876e857c739d407bc56df288b0ebe1a9164, f54d45372c6ac9c993451de5e51312485f7d10bc, 2c08b9b38f5b0f4a6c2d29be22b695e4ec4a556b, 2259da159fbe5dba8ac00b560cf00b6a6537fa18, 697977d8415d61f3acbc4ee6d564c9dcf0309507, 4ad3278df6fe2b0852b00d5757fc2ccd8e92c26e, c27c753ea6fd1237f4f96abf8b623d7bab505513]
+5.10-upstream-stable: released (5.10.133) [7070bbb66c5303117e4c7651711ea7daae4c64b5, feec5277d5aa9780d4814084262b98af2b1a2242, 6a2b142886c52244a9c1dfb0a36971daa963541a, 3e519ed8d509f5f2e1c67984f3cdf079b725e724, 37b9bb094123a14a986137d693b5aa18a240128b, 270de63cf4a380fe9942d3e0da599c0e966fad78, 716410960ba0a2d2c3f59cb46315467c9faf59b2, 8bdb25f7aee312450e9c9ac21ae209d9cf0602e5, 446eb6f08936e6f87bea9f35be05556a7211df9b, 7723edf5edfdfdabd8234e45142be86598a04cad, 00b136bb6254e0abf6aaafe62c4da5f6c4fea4cb, e0e06a922706204df43d50032c05af75d8e75f8e, ee4996f07d868ee6cc7e76151dfab9a2344cdeb0, d6eb50e9b7245a238872a9a969f84993339780a5, 5b2edaf709b50c81b3c6ddb745c8a76ab6632645, c9eb5dcdc8f4a848b45b97725f5a2b8d324bb31a, c70d6f82141b89db6c076b0cbf9a7a2edc29e46d, df748593c55389892902aecb8691080ad5e8cff5, 876750cca4f043bd626a3ac760ce887dda3b6ec7, 3f29791d56d32a610a2b57a9b700b1bc1912e41f, a989e75136192036d47e4dc4fe87ff9c961d6b46, 9e727e0d9486121de5c21cbb65fcc0c907834b17, 3dddacf8c3cc29b9b37d8c4353f746e510ad1371, 6d7e13ccc4d73e5c88cc015bc0154b7d08f65038, dabc2a1b406ae0ff5286c91f7519b3e20ec2aa63, a0f8ef71d762501769df69e35c4c4e7496866d90, e8142e2d6cb6b39fdd78bc17199429f79bcd051c, 55bba093fd91a76971134e3a4e3576e536c08f5c, 28aa3fa0b2c9d0cd7bdac42d9eb7fe3d5f6c79e8, f728eff26339d85825e588d461f0e55267bc6c3f, c8845b875437b8ea9cd023f15b44c436c9c5b62d, fbab1c94eb1a3139d7ac0620dc6d7d6a33f3b255, 0d1a8a16e62c8048f2ff7f9c6f448bf595d2a2a8, ea1aa926f423a8cf1b2416bb909bfbea37d12b11, f1b01ace814b0a8318041e3aea5fd36cc74f09b0, d29c07912a49fce965228f73a293e2c899bc7e35, aad83db22e9950577b5b827f57ed7108b3ca5553, ce11f91b21c25dda8b06988817115bef1c636434, 1dbefa57725204be0348351ea4756c52b10b3504, df93717a32f57e1b033dbfa2a78809d7d4000648, 07401c2311f6fddd3c49a392eafc2c28a899f768, 84061fff2ad98a7809f00e88a54f584f84830388, 5269be9111e2b66572e78647f2e8948f7fc96466, 47ae76fb27398e867980d63789058ff7c4f12a35, 4d7f72b6e1bc630bec7e4cd51814bc2b092bf153, a74f5d23e68d9687ed06bd462d344867824707d8, f7851ed697be2ce86bd8baf29111762b7b3ff6cc, b24fdd0f1c3328cf8ee0c518b93a7187f8cee097, 609336351d08699395be24860902e6e0b7860e2b, 51552b6b52fc865f37ef3ddacd27d807a36695ac, c2ca992144281917cfae19d231b1195c02906a4e, eb38964b6ff864b8bdf87c9cf6221d0b0611a990, c035ca88b0742952150b1671bb5d26b96f921245]
+4.19-upstream-stable: ignored "Mitigation is too invasive to backport"
+sid: released (5.18.14-1)
+5.10-bullseye-security: released (5.10.136-1)
+4.19-buster-security: ignored "Mitigation is too invasive to backport"
diff --git a/retired/CVE-2022-29901 b/retired/CVE-2022-29901
new file mode 100644
index 00000000..77ac1761
--- /dev/null
+++ b/retired/CVE-2022-29901
@@ -0,0 +1,25 @@
+Description: Information leak through mispredicted returns on Intel processors
+References:
+ https://comsec.ethz.ch/research/microarch/retbleed/
+ https://comsec.ethz.ch/wp-content/files/retbleed_sec22.pdf
+ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00702.html
+Notes:
+ bwh> Also known as "RETbleed", but is different from the AMD issue.
+ bwh> Mitigations in order of preference: eIBRS in kernel, RSB-stuffing
+ bwh> return thunk, or IBRS in kernel.
+ bwh> Skylake and the other "lake" µarches are affected, except Icelake
+ bwh> D and X.
+ bwh> Released in 5.18.14.
+ carnil> Tried to collect the relevant commit ids from 5.10.133 for the
+ carnil> issue, please double check. Some surrounding prerequisites and
+ carnil> followups are missing in the list in any case. Updating to
+ carnil> 5.10.133 and following is the best strategy.
+ carnil> One commit was for some stable series reverted, "x86/ftrace:
+ carnil> Use alternative RET encoding" and redone.
+Bugs:
+upstream: released (5.19-rc7) [742ab6df974ae8384a2dd213db1a3a06cf6d8936, a883d624aed463c84c22596006e5a96f5b44db31, 369ae6ffc41a3c1137cab697635a84d0cc7cdcea, 00e1533325fd1fb5459229fe37f235462649f668, 0b53c374b9eff2255a386f1f1cfb9a928e52a5ae, 15e67227c49a57837108acfe1c80570e1bd9f962, d9e9d2300681d68a775c28de6aa6e5290ae17796, ee88d363d15617ff50ac24fab0ffec11113b2aeb, 1f001e9da6bbf482311e45e48f53c2bd2179e59c, d77cfe594ad50e0bf95d457e02ccd578791b2a15, af2e140f34208a5dfb6b7a8ad2d56bda88f0524d, 15583e514eb16744b80be85dea0774ece153177d, 0ee9073000e8791f8b134a8ded31bcc767f7f232, aa3d480315ba6c3025a60958e1981072ea37c3df, 7c81c0c9210c9bfab2bae76aab2999de5bad27db, 951ddecf435659553ed15a9214e153a3af43a9a1, a149180fbcf336e97ce4eb2cdc13672727feb94d, 6b80b59b3555706508008f1f127b5412c89c7fd8, 7fbf47c7ce50b38a64576b150e7011ae73d54669, e8ec1b6e08a2102d8755ccb06fa26d540f26a2fa, caa0ff24d5d0e02abce5e65c3d2b7f20a6617be5, 2dbb887e875b1de3ca8f40ddf26bcfe55798c609, c779bc1a9002fa474175b80e72b85c9bf628abb0, 7c693f54c873691a4b7da05c7e0f74e67745d144, 166115c08a9b0b846b783088808a27d739be6e8d, 6ad0ad2bf8a67e27d1f9d006a1dabb0e1c360cc3, bf5835bcdb9635c97f85120dba9bfa21e111130f, 9bb2ec608a209018080ca262f771e6a9ff203b6f, b75b7f8ef1148be1b9321ffc2f6c19238904b438, d147553b64bad34d2f92cb7d8ba454ae95c3baac, 3ebc170068885b6fc7bedda6c667bb2c4d533159, 0fe4aeea9c01baabecc8c3afc7889c809d939bc2, a09a6e2399ba0595c3042b3164f3ca68a3cff33e, d7caac991feeef1b871ee6988fd2c9725df09039, b2620facef4889fefcbf2e87284f34dcd4189bce, e6aa13622ea8283cc699cac5d018cc40a2ba2010, 56aa4d221f1ee2c3a49b45b800778ec6e0ab73c5, bbb69e8bee1bd882784947095ffb2bfe0f7c9470, acac5e98ef8d638a411cfa2ee676c87e1973f126, 8faea26e611189e933ea2281975ff4dc7c1106b6, 8bd200d23ec42d66ccd517a72dd0b9cc6132d2fd, bb06650634d3552c0f8557e9d16aa1a408040e28, fc02735b14fff8c6678b521d324ade27b1a3d4cf, bea7e31a5caccb6fe8ed989c065072354f0ecb52, 9756bba28470722dacb79ffce554336dd1f6a6cd, 07853adc29a058c5fd143c14e5ac528448a72ed9, 7a05bc95ed1c5a59e47aaade9fb4083c27de9e62, 26aae8ccbc1972233afd08fb3f368947c0314265, f43b9876e857c739d407bc56df288b0ebe1a9164, f54d45372c6ac9c993451de5e51312485f7d10bc, 2c08b9b38f5b0f4a6c2d29be22b695e4ec4a556b, 2259da159fbe5dba8ac00b560cf00b6a6537fa18, 697977d8415d61f3acbc4ee6d564c9dcf0309507, 4ad3278df6fe2b0852b00d5757fc2ccd8e92c26e, c27c753ea6fd1237f4f96abf8b623d7bab505513]
+5.10-upstream-stable: released (5.10.133) [7070bbb66c5303117e4c7651711ea7daae4c64b5, feec5277d5aa9780d4814084262b98af2b1a2242, 6a2b142886c52244a9c1dfb0a36971daa963541a, 3e519ed8d509f5f2e1c67984f3cdf079b725e724, 37b9bb094123a14a986137d693b5aa18a240128b, 270de63cf4a380fe9942d3e0da599c0e966fad78, 716410960ba0a2d2c3f59cb46315467c9faf59b2, 8bdb25f7aee312450e9c9ac21ae209d9cf0602e5, 446eb6f08936e6f87bea9f35be05556a7211df9b, 7723edf5edfdfdabd8234e45142be86598a04cad, 00b136bb6254e0abf6aaafe62c4da5f6c4fea4cb, e0e06a922706204df43d50032c05af75d8e75f8e, ee4996f07d868ee6cc7e76151dfab9a2344cdeb0, d6eb50e9b7245a238872a9a969f84993339780a5, 5b2edaf709b50c81b3c6ddb745c8a76ab6632645, c9eb5dcdc8f4a848b45b97725f5a2b8d324bb31a, c70d6f82141b89db6c076b0cbf9a7a2edc29e46d, df748593c55389892902aecb8691080ad5e8cff5, 876750cca4f043bd626a3ac760ce887dda3b6ec7, 3f29791d56d32a610a2b57a9b700b1bc1912e41f, a989e75136192036d47e4dc4fe87ff9c961d6b46, 9e727e0d9486121de5c21cbb65fcc0c907834b17, 3dddacf8c3cc29b9b37d8c4353f746e510ad1371, 6d7e13ccc4d73e5c88cc015bc0154b7d08f65038, dabc2a1b406ae0ff5286c91f7519b3e20ec2aa63, a0f8ef71d762501769df69e35c4c4e7496866d90, e8142e2d6cb6b39fdd78bc17199429f79bcd051c, 55bba093fd91a76971134e3a4e3576e536c08f5c, 28aa3fa0b2c9d0cd7bdac42d9eb7fe3d5f6c79e8, f728eff26339d85825e588d461f0e55267bc6c3f, c8845b875437b8ea9cd023f15b44c436c9c5b62d, fbab1c94eb1a3139d7ac0620dc6d7d6a33f3b255, 0d1a8a16e62c8048f2ff7f9c6f448bf595d2a2a8, ea1aa926f423a8cf1b2416bb909bfbea37d12b11, f1b01ace814b0a8318041e3aea5fd36cc74f09b0, d29c07912a49fce965228f73a293e2c899bc7e35, aad83db22e9950577b5b827f57ed7108b3ca5553, ce11f91b21c25dda8b06988817115bef1c636434, 1dbefa57725204be0348351ea4756c52b10b3504, df93717a32f57e1b033dbfa2a78809d7d4000648, 07401c2311f6fddd3c49a392eafc2c28a899f768, 84061fff2ad98a7809f00e88a54f584f84830388, 5269be9111e2b66572e78647f2e8948f7fc96466, 47ae76fb27398e867980d63789058ff7c4f12a35, 4d7f72b6e1bc630bec7e4cd51814bc2b092bf153, a74f5d23e68d9687ed06bd462d344867824707d8, f7851ed697be2ce86bd8baf29111762b7b3ff6cc, b24fdd0f1c3328cf8ee0c518b93a7187f8cee097, 609336351d08699395be24860902e6e0b7860e2b, 51552b6b52fc865f37ef3ddacd27d807a36695ac, c2ca992144281917cfae19d231b1195c02906a4e, eb38964b6ff864b8bdf87c9cf6221d0b0611a990, c035ca88b0742952150b1671bb5d26b96f921245]
+4.19-upstream-stable: released (4.19.266) [67b137bf0d9d096f86c8bfa175ca5ab3629369c9, 8627f766f42beefcce9979e6db44541cc651d521, c150c96152aa0ca3d59ecc71c0c4a8864abca42a, e6bfe7967f1a06ff906a1d8d73696c750f833e74, 78c9a72da30a2a6e30c190f431d03a3b06bdcdc0, 0ff64957bae869ab7163d4b6c930f8ecfc6ae7cf, 12db59370889ce1a5e3deb50507d4141910c4341, 7c9a1a329b6273b5fe1c47f78a8efb15197937d5, bd2b18f6d226de17b42b1f1ff15daf800a4f0c52, c79ea34ffbb9af46a3e97f2a4550f83d0151a2e3, 4b74a4f69682058fa79ccc9643ea69a0f1b955ee, 310aee6c371b076f86b61f764fe77de0e2913edd, 9e03416b022e83c73bbbdc275f1df1c3e88e3155, f1b4cf5ce43f28503ef24d30fdbb9247d141765d, c1493b60fd131c0c1558a8f71192fbebe7ed998f, 6cc8bd7dd3f33c39469899b2045870b62dd1ef4d, 9dc813c5fe403345e3edf1e52ee1ee2ecfe0d46d, d2c10ea360a307f520c22e56b77f9a40db79e253, 9f3330d4930e034d84ee6561fbfb098433ff0ab9, ca47b5c598c2772aadd6bd5626ac531e640cd477, 93f951062040f132968103bb5a070aaafde2865c, 8bafec7f0eaa0d4f260fe74de49d9aaa0451bc3d, 1ec1aceda390df12ad85525521f3ce2c7d837934, 24344e2bee186d54e0fdfbae70e67ec39473a9ae, e6ac9561776a1fa80e245993f94c8f63fa15632b, 6451e3ce91f70398dd5e0f9feada255f19d5b2b7, f744b88dfc201bf8092833ec70b23c720188b527, 9f88c3b0a2bcf18b3ec7e551958723a1061c9b99, 1bce094085ff639bbe370821f2ab99e996a0e108, 745cd50cc41a4ca529d20a889699b829e739dddd, 48eb8d6ac7df51a6408d629306335449826fc3a8, 0019a40f27e98bac177d3ec3a006df3c177d9181, 7eb3e2a80fe6b41ead0eb08d6772f2604acc1899, 56cf3753a1ef6d269fe24872db53b7b135ca011a]
+sid: released (5.18.14-1)
+5.10-bullseye-security: released (5.10.136-1)
+4.19-buster-security: released (4.19.269-1)
diff --git a/retired/CVE-2022-2991 b/retired/CVE-2022-2991
new file mode 100644
index 00000000..f729e834
--- /dev/null
+++ b/retired/CVE-2022-2991
@@ -0,0 +1,12 @@
+Description: lightnvm: disable the subsystem
+References:
+ https://www.zerodayinitiative.com/advisories/ZDI-22-960/
+Notes:
+ carnil> CONFIG_NVM was not enabled in Debian builds.
+Bugs:
+upstream: released (5.15-rc1) [9ea9b9c48387edc101d56349492ad9c0492ff78d]
+5.10-upstream-stable: released (5.10.114) [549209caabc89f2877ad5f62d11fca5c052e0e8f]
+4.19-upstream-stable: released (4.19.241) [455431805699e91c2fd66b7fe43db27643d9b3fd]
+sid: released (5.15.3-1)
+5.10-bullseye-security: released (5.10.120-1)
+4.19-buster-security: released (4.19.249-1)
diff --git a/retired/CVE-2022-29968 b/retired/CVE-2022-29968
new file mode 100644
index 00000000..f13254e7
--- /dev/null
+++ b/retired/CVE-2022-29968
@@ -0,0 +1,15 @@
+Description: io_uring: fix uninitialized field in rw io_kiocb
+References:
+Notes:
+ carnil> Commit fixes 3e08773c3841 ("block: switch polling to be bio
+ carnil> based") in 5.16-rc1.
+ carnil> For 5.17.y fixed as well in 5.17.6.
+Bugs:
+upstream: released (5.18-rc5) [32452a3eb8b64e01e2be717f518c0be046975b9d]
+5.10-upstream-stable: N/A "Vulnerable code introduced later"
+4.19-upstream-stable: N/A "Vulnerable code introduced later"
+4.9-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (5.17.6-1)
+5.10-bullseye-security: N/A "Vulnerable code introduced later"
+4.19-buster-security: N/A "Vulnerable code introduced later"
+4.9-stretch-security: N/A "Vulnerable code introduced later"
diff --git a/retired/CVE-2022-3028 b/retired/CVE-2022-3028
new file mode 100644
index 00000000..1990e0d6
--- /dev/null
+++ b/retired/CVE-2022-3028
@@ -0,0 +1,13 @@
+Description: af_key: Do not call xfrm_probe_algs in parallel
+References:
+ https://lore.kernel.org/all/YtoWqEkKzvimzWS5@gondor.apana.org.au/T/
+Notes:
+ carnil> Commit fixes 283bc9f35bbb ("xfrm: Namespacify xfrm state/policy
+ carnil> locks") in 3.14-rc1.
+Bugs:
+upstream: released (6.0-rc3) [ba953a9d89a00c078b85f4b190bc1dde66fe16b5]
+5.10-upstream-stable: released (5.10.140) [c5c4d4c9806dadac7bc82f9c29ef4e1b78894775]
+4.19-upstream-stable: released (4.19.257) [7dbfc8f25f22fe2a64dd808266e00c8d2661ebdd]
+sid: released (5.19.6-1)
+5.10-bullseye-security: released (5.10.140-1)
+4.19-buster-security: released (4.19.260-1)
diff --git a/retired/CVE-2022-30594 b/retired/CVE-2022-30594
new file mode 100644
index 00000000..62b30310
--- /dev/null
+++ b/retired/CVE-2022-30594
@@ -0,0 +1,13 @@
+Description: ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE
+References:
+ https://bugs.chromium.org/p/project-zero/issues/detail?id=2276
+Notes:
+Bugs:
+upstream: released (5.18-rc1) [ee1fee900537b5d9560e9f937402de5ddc8412f3]
+5.10-upstream-stable: released (5.10.110) [5a41a3033a9344d7683340e3d83f5435ffb06501]
+4.19-upstream-stable: released (4.19.238) [b1f438f872dcda10a79e6aeaf06fd52dfb15a6ab]
+4.9-upstream-stable: released (4.9.311) [4f96b94a8342fac058117962f1a76fc7ebd1c245]
+sid: released (5.17.3-1)
+5.10-bullseye-security: released (5.10.113-1)
+4.19-buster-security: released (4.19.249-1)
+4.9-stretch-security: released (4.9.320-2)
diff --git a/retired/CVE-2022-3077 b/retired/CVE-2022-3077
new file mode 100644
index 00000000..01fadf72
--- /dev/null
+++ b/retired/CVE-2022-3077
@@ -0,0 +1,13 @@
+Description: i2c: ismt: prevent memory corruption in ismt_access()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2123309
+Notes:
+ carnil> Commit fixes 5e9a97b1f449 ("i2c: ismt: Adding support for
+ carnil> I2C_SMBUS_BLOCK_PROC_CALL") in 5.11-rc1.
+Bugs:
+upstream: released (5.19-rc1) [690b2549b19563ec5ad53e5c82f6a944d910086e]
+5.10-upstream-stable: N/A "Vulnerability introduced later"
+4.19-upstream-stable: N/A "Vulnerability introduced later"
+sid: released (5.18.2-1)
+5.10-bullseye-security: N/A "Vulnerability introduced later"
+4.19-buster-security: N/A "Vulnerability introduced later"
diff --git a/retired/CVE-2022-3078 b/retired/CVE-2022-3078
new file mode 100644
index 00000000..eabc2aab
--- /dev/null
+++ b/retired/CVE-2022-3078
@@ -0,0 +1,13 @@
+Description: media: vidtv: Check for null return of vzalloc
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2123310
+Notes:
+ carnil> Introduced by f90cf6079bf6 ("media: vidtv: add a bridge
+ carnil> driver") in 5.10-rc1.
+Bugs:
+upstream: released (5.18-rc1) [e6a21a14106d9718aa4f8e115b1e474888eeba44]
+5.10-upstream-stable: released (5.10.110) [663e7a72871f89f7a10cc8d7b2f17f27c64e071d]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.17.3-1)
+5.10-bullseye-security: released (5.10.113-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-3103 b/retired/CVE-2022-3103
new file mode 100644
index 00000000..50dc88fc
--- /dev/null
+++ b/retired/CVE-2022-3103
@@ -0,0 +1,15 @@
+Description: io_uring: fix off-by-one in sync cancelation file check
+References:
+Notes:
+ carnil> The CVE entry is quite unclear, and just references the 6.0-rc3
+ carnil> tag. I suspect 47abea041f89 ("io_uring: fix off-by-one in sync
+ carnil> cancelation file check") is the targetted off-by-one issue.
+ carnil> Then this though only fixes 78a861b94959 ("io_uring: add sync
+ carnil> cancelation API through io_uring_register()") in 6.0-rc1.
+Bugs:
+upstream: released (6.0-rc3) [47abea041f897d64dbd5777f0cf7745148f85d75]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-3104 b/retired/CVE-2022-3104
new file mode 100644
index 00000000..3f0e4c4b
--- /dev/null
+++ b/retired/CVE-2022-3104
@@ -0,0 +1,16 @@
+Description: lkdtm/bugs: Check for the NULL pointer after calling kmalloc
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2153062
+Notes:
+ bwh> Introduced in 5.7 by commit ae2e1aad3e48e495878d9f149e437a308bfdaefa
+ bwh> "drivers/misc/lkdtm/bugs.c: add arithmetic overflow and array bounds
+ bwh> checks".
+ bwh> This doesn't seem to be a security issue because the *purpose* of
+ bwh> this driver is to trigger crashes (just not in this specific place).
+Bugs:
+upstream: released (5.19-rc1) [4a9800c81d2f34afb66b4b42e0330ae8298019a2]
+5.10-upstream-stable: released (5.10.122) [56ac04f35fc5dc8b5b67a1fa2f7204282aa887d5]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.18.5-1)
+5.10-bullseye-security: released (5.10.127-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-3105 b/retired/CVE-2022-3105
new file mode 100644
index 00000000..8226cf65
--- /dev/null
+++ b/retired/CVE-2022-3105
@@ -0,0 +1,13 @@
+Description: RDMA/uverbs: Check for null return of kmalloc_array
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2153067
+Notes:
+ bwh> Introduced in 5.0 by commit 6884c6c4bd09 "RDMA/verbs: Store the
+ bwh> write/write_ex uapi entry points in the uverbs_api".
+Bugs:
+upstream: released (5.16) [7694a7de22c53a312ea98960fcafc6ec62046531]
+5.10-upstream-stable: released (5.10.91) [16e5cad6eca1e506c38c39dc256298643fa1852a]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-3106 b/retired/CVE-2022-3106
new file mode 100644
index 00000000..046f8366
--- /dev/null
+++ b/retired/CVE-2022-3106
@@ -0,0 +1,13 @@
+Description: sfc_ef100: potential dereference of null pointer
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2153066
+Notes:
+ bwh> Introduced in 5.9 by commit b593b6f1b492 "sfc_ef100: statistics
+ bwh> gathering".
+Bugs:
+upstream: released (5.16-rc6) [407ecd1bd726f240123f704620d46e285ff30dd9]
+5.10-upstream-stable: released (5.10.88) [734a3f3106053ee41cecae2a995b3d4d0c246764]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-3107 b/retired/CVE-2022-3107
new file mode 100644
index 00000000..b569c48f
--- /dev/null
+++ b/retired/CVE-2022-3107
@@ -0,0 +1,11 @@
+Description: hv_netvsc: Add check for kvmalloc_array
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2153060
+Notes:
+Bugs:
+upstream: released (5.17) [886e44c9298a6b428ae046e2fa092ca52e822e6a]
+5.10-upstream-stable: released (5.10.108) [9b763ceda6f8963cc99df5772540c54ba46ba37c]
+4.19-upstream-stable: released (4.19.236) [a30c7c81db60f7f7ad52f75a4f7de5f628063df4]
+sid: released (5.16.18-1)
+5.10-bullseye-security: released (5.10.113-1)
+4.19-buster-security: released (4.19.249-1)
diff --git a/retired/CVE-2022-3110 b/retired/CVE-2022-3110
new file mode 100644
index 00000000..94f4f2a0
--- /dev/null
+++ b/retired/CVE-2022-3110
@@ -0,0 +1,16 @@
+Description: staging: r8188eu: add check for kzalloc
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2153055
+Notes:
+ bwh> Introduced in 5.15 by commit 15865124feed "staging: r8188eu: introduce
+ bwh> new core dir for RTL8188eu driver". The same bug existed and was fixed
+ bwh> earlier in the older rtl8188eu driver, by commit 7671ce0d9293
+ bwh> "staging: rtl8188eu: Fix potential NULL pointer dereference of kcalloc"
+ bwh> in 5.1 and 4.19.39.
+Bugs:
+upstream: released (5.19-rc1) [f94b47c6bde624d6c07f43054087607c52054a95]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.18.5-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-3111 b/retired/CVE-2022-3111
new file mode 100644
index 00000000..cc393239
--- /dev/null
+++ b/retired/CVE-2022-3111
@@ -0,0 +1,11 @@
+Description: power: supply: wm8350-power: Add missing free in free_charger_irq
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2153059
+Notes:
+Bugs:
+upstream: released (5.18-rc1) [6dee930f6f6776d1e5a7edf542c6863b47d9f078]
+5.10-upstream-stable: released (5.10.110) [48d23ef90116c8c702bfa4cad93744e4e5588d7d]
+4.19-upstream-stable: released (4.19.238) [60dd1082322966f192f42fe2a6605dfa08eef41f]
+sid: released (5.17.3-1)
+5.10-bullseye-security: released (5.10.113-1)
+4.19-buster-security: released (4.19.249-1)
diff --git a/retired/CVE-2022-3112 b/retired/CVE-2022-3112
new file mode 100644
index 00000000..d59a216a
--- /dev/null
+++ b/retired/CVE-2022-3112
@@ -0,0 +1,13 @@
+Description: media: meson: vdec: potential dereference of null pointer
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2153068
+Notes:
+ bwh> Introduced in 5.3 by commit 3e7f51bd9607 "media: meson: add v4l2 m2m
+ bwh> video decoder driver".
+Bugs:
+upstream: released (5.18-rc1) [c8c80c996182239ff9b05eda4db50184cf3b2e99]
+5.10-upstream-stable: released (5.10.110) [032b141a91a82a5f0107ce664a35b201e60c5ce1]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.17.3-1)
+5.10-bullseye-security: released (5.10.113-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-3113 b/retired/CVE-2022-3113
new file mode 100644
index 00000000..c6c91b15
--- /dev/null
+++ b/retired/CVE-2022-3113
@@ -0,0 +1,15 @@
+Description: media: mtk-vcodec: potential dereference of null pointer
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2153053
+Notes:
+ bwh> Introduced in 5.10 by commit 46233e91fa24 "media: mtk-vcodec: move
+ bwh> firmware implementations into their own files". That also introduced
+ bwh> the same bug mtk_vcodec_fw_scp.c, which has still not been fixed.
+ bwh> The driver is not enabled in any suite.
+Bugs:
+upstream: released (5.18-rc1) [e25a89f743b18c029bfbe5e1663ae0c7190912b0]
+5.10-upstream-stable: released (5.10.110) [bc2573abc691a269b54a6c14a2660f26d88876a5]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.17.3-1)
+5.10-bullseye-security: released (5.10.113-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-3170 b/retired/CVE-2022-3170
new file mode 100644
index 00000000..b0bc1a5a
--- /dev/null
+++ b/retired/CVE-2022-3170
@@ -0,0 +1,13 @@
+Description: ALSA: control: out-of-bounds access in get_ctl_id_hash()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2125879
+Notes:
+ carnil> Issue introduced in 6.0-rc1 with c27e1efb61c5 ("ALSA: control:
+ carnil> Use xarray for faster lookups").
+Bugs:
+upstream: released (6.0-rc4) [6ab55ec0a938c7f943a4edba3d6514f775983887, 5934d9a0383619c14df91af8fd76261dc3de2f5f]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-3176 b/retired/CVE-2022-3176
new file mode 100644
index 00000000..d78f433f
--- /dev/null
+++ b/retired/CVE-2022-3176
@@ -0,0 +1,16 @@
+Description: io_uring: disable polling pollfree files
+References:
+Notes:
+ carnil> Introduced by 221c5eb233823 ("io_uring: add support for
+ carnil> IORING_OP_POLL") 5.1-rc1.
+ carnil> We need to investigate how this was fixed in mainline through
+ carnil> refactorings likely?
+ carnil> Consider it as fixed with 791f3465c4af ("io_uring: fix UAF due
+ carnil> to missing POLLFREE handling") in 5.17-rc1.
+Bugs:
+upstream: released (5.17-rc1) [791f3465c4afde02d7f16cf7424ca87070b69396]
+5.10-upstream-stable: released (5.10.141) [28d8d2737e82fc29ff9e788597661abecc7f7994]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.17.3-1)
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-3202 b/retired/CVE-2022-3202
new file mode 100644
index 00000000..c99f9d2c
--- /dev/null
+++ b/retired/CVE-2022-3202
@@ -0,0 +1,11 @@
+Description: jfs: prevent NULL deref in diFree
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2126423
+Notes:
+Bugs:
+upstream: released (5.18-rc1) [a53046291020ec41e09181396c1e829287b48d47]
+5.10-upstream-stable: released (5.10.111) [b9c5ac0a15f24d63b20f899072fa6dd8c93af136]
+4.19-upstream-stable: released (4.19.238) [2ef74e3e0089b6615ee124e1183746974c6bb561]
+sid: released (5.17.3-1)
+5.10-bullseye-security: released (5.10.113-1)
+4.19-buster-security: released (4.19.249-1)
diff --git a/retired/CVE-2022-32250 b/retired/CVE-2022-32250
new file mode 100644
index 00000000..a73c6333
--- /dev/null
+++ b/retired/CVE-2022-32250
@@ -0,0 +1,17 @@
+Description: netfilter: nf_tables: disallow non-stateful expression in sets earlier
+References:
+ https://www.openwall.com/lists/oss-security/2022/05/31/1
+ https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/net/netfilter?id=520778042ccca019f3ffa136dd0ca565c486cedd
+ https://github.com/theori-io/CVE-2022-32250-exploit
+ https://research.nccgroup.com/2022/09/01/settlers-of-netlink-exploiting-a-limited-uaf-in-nf_tables-cve-2022-32250/
+Notes:
+ carnil> For 5.17.y fixed in 5.17.13 and for 5.18.y fixed in 5.18.2
+Bugs:
+upstream: released (5.19-rc1) [520778042ccca019f3ffa136dd0ca565c486cedd]
+5.10-upstream-stable: released (5.10.120) [ea62d169b6e731e0b54abda1d692406f6bc6a696]
+4.19-upstream-stable: released (4.19.247) [ed44398b45add3d9be56b7457cc9e05282e518b4]
+4.9-upstream-stable: released (4.9.318) [94e9b75919619ba8c4072abc4917011a7a888a79]
+sid: released (5.18.2-1)
+5.10-bullseye-security: released (5.10.120-1)
+4.19-buster-security: released (4.19.249-1)
+4.9-stretch-security: released (4.9.320-2)
diff --git a/retired/CVE-2022-32296 b/retired/CVE-2022-32296
new file mode 100644
index 00000000..28745ea9
--- /dev/null
+++ b/retired/CVE-2022-32296
@@ -0,0 +1,13 @@
+Description: tcp: increase source port perturb table to 2^16
+References:
+Notes:
+ bwh> This seems to be a duplicate of CVE-2022-1012.
+Bugs:
+upstream: released (5.18-rc6) [4c2c8f03a5ab7cb04ec64724d7d176d00bcc91e5]
+5.10-upstream-stable: released (5.10.125) [9429b75bc271b6f29e50dbb0ee0751800ff87dd9]
+4.19-upstream-stable: released (4.19.249) [514cd2859c5017fdc487165b093b328e24afe954]
+4.9-upstream-stable: released (4.9.320) [3c78eea640f69e2198b69128173e6d65a0bcdc02]
+sid: released (5.17.11-1)
+5.10-bullseye-security: released (5.10.127-1)
+4.19-buster-security: released (4.19.249-1)
+4.9-stretch-security: released (4.9.320-2)
diff --git a/retired/CVE-2022-3239 b/retired/CVE-2022-3239
new file mode 100644
index 00000000..469b63a0
--- /dev/null
+++ b/retired/CVE-2022-3239
@@ -0,0 +1,11 @@
+Description: media: em28xx: initialize refcount before kref_get
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2127985
+Notes:
+Bugs:
+upstream: released (5.18-rc1) [c08eadca1bdfa099e20a32f8fa4b52b2f672236d]
+5.10-upstream-stable: released (5.10.110) [ec8a37b2d9a76a9443feb0af95bd06ac3df25444]
+4.19-upstream-stable: released (4.19.238) [0113fa98a49a8e46a19b0ad80f29c904c6feec23]
+sid: released (5.17.3-1)
+5.10-bullseye-security: released (5.10.113-1)
+4.19-buster-security: released (4.19.249-1)
diff --git a/retired/CVE-2022-32981 b/retired/CVE-2022-32981
new file mode 100644
index 00000000..a87ae1b1
--- /dev/null
+++ b/retired/CVE-2022-32981
@@ -0,0 +1,17 @@
+Description: powerpc/32: Fix overread/overwrite of thread_struct via ptrace
+References:
+ https://www.openwall.com/lists/oss-security/2022/06/14/3
+Notes:
+ carnil> Commit fixes 87fec0514f61 ("powerpc:
+ carnil> PTRACE_PEEKUSR/PTRACE_POKEUSER of FPR registers in little
+ carnil> endian builds") in 3.13-rc1.
+ carnil> Fixed as well in 5.18.4 for 5.18.y.
+Bugs:
+upstream: released (5.19-rc2) [8e1278444446fc97778a5e5c99bca1ce0bbc5ec9]
+5.10-upstream-stable: released (5.10.122) [3be74fc0afbeadc2aff8dc69f3bf9716fbe66486]
+4.19-upstream-stable: released (4.19.247) [a0e38a2808ea708beb4196a8873cecc23efb8e64]
+4.9-upstream-stable: released (4.9.318) [89dda10b73b7ce184caf18754907126ce7ce3fad]
+sid: released (5.18.5-1)
+5.10-bullseye-security: ignored "no release architecture affected"
+4.19-buster-security: ignored "no release architecture affected"
+4.9-stretch-security: ignored "no release architecture affected"
diff --git a/retired/CVE-2022-33740 b/retired/CVE-2022-33740
new file mode 100644
index 00000000..23f583ed
--- /dev/null
+++ b/retired/CVE-2022-33740
@@ -0,0 +1,12 @@
+Description: Xen Linux disk/nic frontends data leaks
+References:
+ https://xenbits.xen.org/xsa/advisory-403.html
+Notes:
+ carnil> For 5.18.y fixed as well in 5.18.10.
+Bugs:
+upstream: released (5.19-rc6) [307c8de2b02344805ebead3440d8feed28f2f010]
+5.10-upstream-stable: released (5.10.129) [728d68bfe68d92eae1407b8a9edc7817d6227404]
+4.19-upstream-stable: released (4.19.251) [3650ac3218c1640a3d597a8cee17d8e2fcf0ed4e]
+sid: released (5.18.14-1)
+5.10-bullseye-security: released (5.10.127-2) [bugfix/all/xen-netfront-fix-leaking-data-in-shared-pages.patch]
+4.19-buster-security: released (4.19.260-1)
diff --git a/retired/CVE-2022-33741 b/retired/CVE-2022-33741
new file mode 100644
index 00000000..1d9c2abc
--- /dev/null
+++ b/retired/CVE-2022-33741
@@ -0,0 +1,12 @@
+Description: Xen Linux disk/nic frontends data leaks
+References:
+ https://xenbits.xen.org/xsa/advisory-403.html
+Notes:
+ carnil> For 5.18.y fixed as well in 5.18.10.
+Bugs:
+upstream: released (5.19-rc6) [4491001c2e0fa69efbb748c96ec96b100a5cdb7e]
+5.10-upstream-stable: released (5.10.129) [4923217af5742a796821272ee03f8d6de15c0cca]
+4.19-upstream-stable: released (4.19.251) [4b67d8e42dbba42cfafe22ac3e4117d9573fdd74]
+sid: released (5.18.14-1)
+5.10-bullseye-security: released (5.10.127-2) [bugfix/all/xen-netfront-force-data-bouncing-when-backend-is-unt.patch]
+4.19-buster-security: released (4.19.260-1)
diff --git a/retired/CVE-2022-33742 b/retired/CVE-2022-33742
new file mode 100644
index 00000000..02052bb5
--- /dev/null
+++ b/retired/CVE-2022-33742
@@ -0,0 +1,12 @@
+Description: Xen Linux disk/nic frontends data leaks
+References:
+ https://xenbits.xen.org/xsa/advisory-403.html
+Notes:
+ carnil> For 5.18.y fixed as well in 5.18.10.
+Bugs:
+upstream: released (5.19-rc6) [2400617da7eebf9167d71a46122828bc479d64c9]
+5.10-upstream-stable: released (5.10.129) [cbbd2d2531539212ff090aecbea9877c996e6ce6]
+4.19-upstream-stable: released (4.19.251) [981de55fb6b5253fa7ae345827c6c3ca77912e5c]
+sid: released (5.18.14-1)
+5.10-bullseye-security: released (5.10.127-2) [bugfix/all/xen-blkfront-force-data-bouncing-when-backend-is-unt.patch]
+4.19-buster-security: released (4.19.260-1)
diff --git a/retired/CVE-2022-33743 b/retired/CVE-2022-33743
new file mode 100644
index 00000000..5c1da7ca
--- /dev/null
+++ b/retired/CVE-2022-33743
@@ -0,0 +1,14 @@
+Description: Xen network backend may cause Linux netfront to use freed SKBs
+References:
+ https://xenbits.xen.org/xsa/advisory-405.html
+Notes:
+ carnil> For 5.18.y fixed as well in 5.18.10.
+ bwh> Fix says this was introduced by commit 6c5aa6fc4def "xen
+ bwh> networking: add basic XDP support for xen-netfront" in 5.9.
+Bugs:
+upstream: released (5.19-rc6) [f63c2c2032c2e3caad9add3b82cc6e91c376fd26]
+5.10-upstream-stable: released (5.10.129) [547b7c640df545a344358ede93e491a89194cdfa]
+4.19-upstream-stable: N/A "Vulnerability introduced later"
+sid: released (5.18.14-1)
+5.10-bullseye-security: released (5.10.127-2) [bugfix/all/xen-netfront-restore-__skb_queue_tail-positioning-in.patch]
+4.19-buster-security: N/A "Vulnerability introduced later"
diff --git a/retired/CVE-2022-33744 b/retired/CVE-2022-33744
new file mode 100644
index 00000000..d8a873db
--- /dev/null
+++ b/retired/CVE-2022-33744
@@ -0,0 +1,12 @@
+Description: Xen Arm guests can cause Dom0 DoS via PV devices
+References:
+ https://xenbits.xen.org/xsa/advisory-406.html
+Notes:
+ carnil> For 5.18.y fixed as well in 5.18.10.
+Bugs:
+upstream: released (5.19-rc6) [b75cd218274e01d026dc5240e86fdeb44bbed0c8]
+5.10-upstream-stable: released (5.10.129) [43c8d33ce353091f15312cb6de3531517d7bba90]
+4.19-upstream-stable: released (4.19.251) [274cb74da15ed13292fcec9097f04332eb3eea17]
+sid: released (5.18.14-1)
+5.10-bullseye-security: released (5.10.127-2) [bugfix/all/xen-arm-fix-race-in-rb-tree-based-p2m-accounting.patch]
+4.19-buster-security: released (4.19.260-1)
diff --git a/retired/CVE-2022-33981 b/retired/CVE-2022-33981
new file mode 100644
index 00000000..d8dd49a2
--- /dev/null
+++ b/retired/CVE-2022-33981
@@ -0,0 +1,14 @@
+Description: floppy: disable FDRAWCMD by default
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2080330
+ https://www.openwall.com/lists/oss-security/2022/04/28/1
+Notes:
+Bugs:
+upstream: released (5.18-rc5) [233087ca063686964a53c829d547c7571e3f67bf]
+5.10-upstream-stable: released (5.10.114) [54c028cfc49624bfc27a571b94edecc79bbaaab4]
+4.19-upstream-stable: released (4.19.241) [0e535976774504af36fab1dfb54f3d4d6cc577a9]
+4.9-upstream-stable: released (4.9.313) [0dd02ff72c6daf4e7800fb5dd1109fbacdde97dc]
+sid: released (5.17.6-1)
+5.10-bullseye-security: released (5.10.113-1) [bugfix/all/floppy-disable-FDRAWCMD-by-default.patch]
+4.19-buster-security: released (4.19.249-1)
+4.9-stretch-security: released (4.9.320-2)
diff --git a/retired/CVE-2022-3424 b/retired/CVE-2022-3424
new file mode 100644
index 00000000..5e2a5d29
--- /dev/null
+++ b/retired/CVE-2022-3424
@@ -0,0 +1,18 @@
+Description: misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2132640
+ https://www.spinics.net/lists/kernel/msg4518970.html
+ https://lore.kernel.org/all/20221006152643.1694235-1-zyytlz.wz@163.com/
+Notes:
+ carnil> Introduced by 55484c45dbec ("gru: allow users to specify gru
+ carnil> chiplet 2").
+ carnil> Fixed as well in 6.1.2 for 6.1.y and 6.0.16 for 6.0.y.
+ bwh> Not enabled in any Debian config (we try to enable it but its
+ bwh> dependencies are not met).
+Bugs:
+upstream: released (6.2-rc1) [643a16a0eb1d6ac23744bb6e90a00fc21148a9dc]
+5.10-upstream-stable: released (5.10.163) [0f67ed565f20ea2fdd98e3b0b0169d9e580bb83c]
+4.19-upstream-stable: released (4.19.270) [bcda4624e87d6b922e94f5c0fd0bd5f027b8b226]
+sid: released (6.1.4-1)
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2022-3435 b/retired/CVE-2022-3435
new file mode 100644
index 00000000..f3d2cc77
--- /dev/null
+++ b/retired/CVE-2022-3435
@@ -0,0 +1,14 @@
+Description: ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference
+References:
+ https://lore.kernel.org/netdev/20221005181257.8897-1-dsahern@kernel.org/T/#u
+Notes:
+ carnil> Commit fixes 493ced1ac47c ("ipv4: Allow routes to use nexthop
+ carnil> objects") in 5.3-rc1.
+ carnil> For 6.0.y fixed as well in 6.0.12.
+Bugs:
+upstream: released (6.1-rc1) [61b91eb33a69c3be11b259c5ea484505cd79f883]
+5.10-upstream-stable: released (5.10.158) [0b5394229ebae09afc07aabccb5ffd705ffd250e]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.12-1)
+5.10-bullseye-security: released (5.10.158-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-34494 b/retired/CVE-2022-34494
new file mode 100644
index 00000000..33cb210f
--- /dev/null
+++ b/retired/CVE-2022-34494
@@ -0,0 +1,14 @@
+Description: rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev()
+References:
+Notes:
+ carnil> Commit fixes c486682ae1e2 ("rpmsg: virtio: Register the
+ carnil> rpmsg_char device") in 5.13-rc1.
+Bugs:
+upstream: released (5.19-rc1) [1680939e9ecf7764fba8689cfb3429c2fe2bb23c]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.18.5-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-34495 b/retired/CVE-2022-34495
new file mode 100644
index 00000000..070be4d1
--- /dev/null
+++ b/retired/CVE-2022-34495
@@ -0,0 +1,14 @@
+Description: rpmsg: virtio: Fix possible double free in rpmsg_probe()
+References:
+Notes:
+ carnil> Commit fixes c486682ae1e2 ("rpmsg: virtio: Register the
+ carnil> rpmsg_char device") in 5.13-rc1.
+Bugs:
+upstream: released (5.19-rc1) [c2eecefec5df1306eafce28ccdf1ca159a552ecc]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.18.5-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-34918 b/retired/CVE-2022-34918
new file mode 100644
index 00000000..e15b43dd
--- /dev/null
+++ b/retired/CVE-2022-34918
@@ -0,0 +1,18 @@
+Description: netfilter: nf_tables: stricter validation of element data
+References:
+ https://www.openwall.com/lists/oss-security/2022/07/02/3
+ https://lore.kernel.org/netfilter-devel/cd9428b6-7ffb-dd22-d949-d86f4869f452@randorisec.fr/T/#u
+ https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=7e6bc1f6cabcd30aba0b11219d8e01b952eacbb6
+ https://www.openwall.com/lists/oss-security/2022/07/03/4
+ https://www.randorisec.fr/crack-linux-firewall/
+Notes:
+ carnil> Should be present since fdb9c405e35b ("netfilter: nf_tables:
+ carnil> allow up to 64 bytes in the set element data area") in 5.8-rc1.
+ carnil> Fixed as well in 5.18.11 for 5.18.y.
+Bugs:
+upstream: released (5.19-rc6) [7e6bc1f6cabcd30aba0b11219d8e01b952eacbb6]
+5.10-upstream-stable: released (5.10.130) [0a5e36dbcb448a7a8ba63d1d4b6ade2c9d3cc8bf]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.18.14-1)
+5.10-bullseye-security: released (5.10.127-2) [bugfix/all/netfilter-nf_tables-stricter-validation-of-element-d.patch]
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-3521 b/retired/CVE-2022-3521
new file mode 100644
index 00000000..5cf511b7
--- /dev/null
+++ b/retired/CVE-2022-3521
@@ -0,0 +1,13 @@
+Description: kcm: avoid potential race in kcm_tx_work
+References:
+Notes:
+ carnil> In Debian CONFIG_AF_KCM is not set (but there is a pending
+ carnil> request for enablement in #1023958)
+ carnil> Fixed as well in 6.0.10 for 6.10.y.
+Bugs:
+upstream: released (6.1-rc1) [ec7eede369fe5b0d085ac51fdbb95184f87bfc6c]
+5.10-upstream-stable: released (5.10.156) [7deb7a9d33e4941c5ff190108146d3a56bf69e9d]
+4.19-upstream-stable: released (4.19.267) [23a0a5869749c7833772330313ae7aec6581ec60]
+sid: released (6.0.10-1)
+5.10-bullseye-security: released (5.10.158-1)
+4.19-buster-security: released (4.19.269-1)
diff --git a/retired/CVE-2022-3524 b/retired/CVE-2022-3524
new file mode 100644
index 00000000..49589fd9
--- /dev/null
+++ b/retired/CVE-2022-3524
@@ -0,0 +1,11 @@
+Description: tcp/udp: Fix memory leak in ipv6_renew_options().
+References:
+Notes:
+ carnil> Fixed in 6.0.7 for 6.0.y.
+Bugs:
+upstream: released (6.1-rc1) [3c52c6bb831f6335c176a0fc7214e26f43adbd11]
+5.10-upstream-stable: released (5.10.154) [818c36b988b82f31e4be8ad8415e1be902b8e5f8]
+4.19-upstream-stable: released (4.19.268) [bbfbdca680b0cbea0e57be597b5e2cae19747052]
+sid: released (6.0.7-1)
+5.10-bullseye-security: released (5.10.158-1)
+4.19-buster-security: released (4.19.269-1)
diff --git a/retired/CVE-2022-3526 b/retired/CVE-2022-3526
new file mode 100644
index 00000000..0ab90cca
--- /dev/null
+++ b/retired/CVE-2022-3526
@@ -0,0 +1,10 @@
+Description: macvlan: Fix leaking skb in source mode with nodst option
+References:
+Notes:
+Bugs:
+upstream: released (5.18-rc3) [e16b859872b87650bb55b12cca5a5fcdc49c1442]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.17.6-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-3541 b/retired/CVE-2022-3541
new file mode 100644
index 00000000..d5a6da54
--- /dev/null
+++ b/retired/CVE-2022-3541
@@ -0,0 +1,11 @@
+Description: eth: sp7021: fix use after free bug in spl2sw_nvmem_get_mac_address
+References:
+Notes:
+ carnil> For 6.0.y fixed as well in 6.0.3.
+Bugs:
+upstream: released (6.1-rc1) [12aece8b01507a2d357a1861f470e83621fbb6f2]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.3-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-3543 b/retired/CVE-2022-3543
new file mode 100644
index 00000000..414480ff
--- /dev/null
+++ b/retired/CVE-2022-3543
@@ -0,0 +1,12 @@
+Description: af_unix: Fix memory leaks of the whole sk due to OOB skb.
+References:
+Notes:
+ carnil> Commit fixes 314001f0bf92 ("af_unix: Add OOB support") in 5.15-rc1.
+ carnil> For 6.0.y fixed as well in 6.0.3.
+Bugs:
+upstream: released (6.1-rc1) [7a62ed61367b8fd01bae1e18e30602c25060d824]
+5.10-upstream-stable: N/A "Vulnerable code introduced later"
+4.19-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (6.0.3-1)
+5.10-bullseye-security: N/A "Vulnerable code introduced later"
+4.19-buster-security: N/A "Vulnerable code introduced later"
diff --git a/retired/CVE-2022-3544 b/retired/CVE-2022-3544
new file mode 100644
index 00000000..35312065
--- /dev/null
+++ b/retired/CVE-2022-3544
@@ -0,0 +1,10 @@
+Description: damon/sysfs: fix possible memleak on damon_sysfs_add_target
+References:
+Notes:
+Bugs:
+upstream: released (6.0) [damon/sysfs: fix possible memleak on damon_sysfs_add_target]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.2-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-3545 b/retired/CVE-2022-3545
new file mode 100644
index 00000000..eb4e10c8
--- /dev/null
+++ b/retired/CVE-2022-3545
@@ -0,0 +1,11 @@
+Description: nfp: fix use-after-free in area_cache_get()
+References:
+Notes:
+ bwh> Bug has been present since this code was added in 4.11.
+Bugs:
+upstream: released (6.0-rc1) [02e1a114fdb71e59ee6770294166c30d437bf86a]
+5.10-upstream-stable: released (5.10.160) [eb6313c12955c58c3d3d40f086c22e44ca1c9a1b]
+4.19-upstream-stable: released (4.19.270) [6ff23e9b9a04b833388862246838bb38ac0c46b6]
+sid: released (6.0.2-1)
+5.10-bullseye-security: released (5.10.162-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2022-3564 b/retired/CVE-2022-3564
new file mode 100644
index 00000000..81f33636
--- /dev/null
+++ b/retired/CVE-2022-3564
@@ -0,0 +1,11 @@
+Description: Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu
+References:
+ https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=89f9f3cb86b1c63badaf392a83dd661d56cc50b1
+Notes:
+Bugs:
+upstream: released (6.1-rc4) [3aff8aaca4e36dc8b17eaa011684881a80238966]
+5.10-upstream-stable: released (5.10.154) [cb1c012099ef5904cd468bdb8d6fcdfdd9bcb569]
+4.19-upstream-stable: released (4.19.265) [6c7407bfbeafc80a04e6eaedcf34d378532a04f2]
+sid: released (6.0.8-1)
+5.10-bullseye-security: released (5.10.158-1)
+4.19-buster-security: released (4.19.269-1)
diff --git a/retired/CVE-2022-3565 b/retired/CVE-2022-3565
new file mode 100644
index 00000000..5a7e3b52
--- /dev/null
+++ b/retired/CVE-2022-3565
@@ -0,0 +1,11 @@
+Description: mISDN: fix use-after-free bugs in l1oip timer handlers
+References:
+Notes:
+ carnil> For 6.0.y fixed as well in 6.0.3.
+Bugs:
+upstream: released (6.1-rc1) [2568a7e0832ee30b0a351016d03062ab4e0e0a3f]
+5.10-upstream-stable: released (5.10.150) [2a1d0363208528a3bacbc2c37264d60182efd482]
+4.19-upstream-stable: released (4.19.262) [27f74a47d5b1cf52d48af15993bb1caa31ad8f5b]
+sid: released (6.0.3-1)
+5.10-bullseye-security: released (5.10.158-1)
+4.19-buster-security: released (4.19.269-1)
diff --git a/retired/CVE-2022-3577 b/retired/CVE-2022-3577
new file mode 100644
index 00000000..627a800f
--- /dev/null
+++ b/retired/CVE-2022-3577
@@ -0,0 +1,11 @@
+Description: HID: bigben: fix slab-out-of-bounds Write in bigben_probe
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2135717
+Notes:
+Bugs:
+upstream: released (5.19-rc1) [fc4ef9d5724973193bfa5ebed181dba6de3a56db]
+5.10-upstream-stable: released (5.10.121) [296f8ca0f73f5268cd9b85cf72ff783596b2264e]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.18.5-1)
+5.10-bullseye-security: released (5.10.127-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-3586 b/retired/CVE-2022-3586
new file mode 100644
index 00000000..59380624
--- /dev/null
+++ b/retired/CVE-2022-3586
@@ -0,0 +1,12 @@
+Description: sch_sfb: Don't assume the skb is still around after enqueueing to child
+References:
+ https://lore.kernel.org/all/87wnao2ha3.fsf@toke.dk/T/
+ https://bugzilla.redhat.com/show_bug.cgi?id=2124475
+Notes:
+Bugs:
+upstream: released (6.0-rc5) [9efd23297cca530bb35e1848665805d3fcdd7889]
+5.10-upstream-stable: released (5.10.143) [2ee85ac1b29dbd2ebd2d8e5ac1dd5793235d516b]
+4.19-upstream-stable: released (4.19.258) [9245ed20950afe225bc6d1c4b9d28d55aa152e25]
+sid: released (5.19.11-1)
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: released (4.19.260-1)
diff --git a/retired/CVE-2022-3594 b/retired/CVE-2022-3594
new file mode 100644
index 00000000..cf908d97
--- /dev/null
+++ b/retired/CVE-2022-3594
@@ -0,0 +1,11 @@
+Description: r8152: Rate limit overflow messages
+References:
+Notes:
+ carnil> For 6.0.y fixed as well in 6.0.3.
+Bugs:
+upstream: released (6.1-rc1) [93e2be344a7db169b7119de21ac1bf253b8c6907]
+5.10-upstream-stable: released (5.10.150) [484400d433ca1903a87268c55f019e932297538a]
+4.19-upstream-stable: released (4.19.262) [88d2a93972c369eb812952aa15a25c1385506c1d]
+sid: released (6.0.3-1)
+5.10-bullseye-security: released (5.10.158-1)
+4.19-buster-security: released (4.19.269-1)
diff --git a/retired/CVE-2022-3595 b/retired/CVE-2022-3595
new file mode 100644
index 00000000..7e91058d
--- /dev/null
+++ b/retired/CVE-2022-3595
@@ -0,0 +1,13 @@
+Description: cifs: fix double-fault crash during ntlmssp
+References:
+Notes:
+ carnil> Commit fixes a4e430c8c8ba ("cifs: replace kfree() with
+ carnil> kfree_sensitive() for sensitive data") which is as well only in
+ carnil> 6.1-rc1. No released version were ever affected.
+Bugs:
+upstream: released (6.1-rc1) [b854b4ee66437e6e1622fda90529c814978cb4ca]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-36123 b/retired/CVE-2022-36123
new file mode 100644
index 00000000..82601aa3
--- /dev/null
+++ b/retired/CVE-2022-36123
@@ -0,0 +1,18 @@
+Description:
+References:
+ https://github.com/sickcodes/security/blob/master/advisories/SICK-2022-128.md
+ https://sick.codes/sick-2022-128
+Notes:
+ carnil> Though 38fa5479b413 ("x86: Clear .brk area at early boot") was
+ carnil> backported to various stable series, if I understand the report
+ carnil> correctly the issue is only present for kernels which include
+ carnil> 8b87d8cec1b3 ("x86/entry,xen: Early rewrite of
+ carnil> restore_regs_and_return_to_kernel()") 5.18-rc1.
+ carnil> Ben, please double-check if the triage is correct.
+Bugs:
+upstream: released (5.19-rc6) [38fa5479b41376dc9d7f57e71c83514285a25ca0]
+5.10-upstream-stable: N/A "Vulnerability introduced later"
+4.19-upstream-stable: N/A "Vulnerability introduced later"
+sid: released (5.18.14-1)
+5.10-bullseye-security: N/A "Vulnerability introduced later"
+4.19-buster-security: N/A "Vulnerability introduced later"
diff --git a/retired/CVE-2022-3619 b/retired/CVE-2022-3619
new file mode 100644
index 00000000..a27d7828
--- /dev/null
+++ b/retired/CVE-2022-3619
@@ -0,0 +1,13 @@
+Description: Bluetooth: L2CAP: Fix memory leak in vhci_write
+References:
+ https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=97097c85c088e11651146da32a4e1cdb9dfa6193
+Notes:
+ carnil> Introduced by 4d7ea8ee90e4 ("Bluetooth: L2CAP: Fix handling
+ carnil> fragmented length") in 5.12-rc1.
+Bugs:
+upstream: released (6.1-rc4) [7c9524d929648935bac2bbb4c20437df8f9c3f42]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.8-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-3621 b/retired/CVE-2022-3621
new file mode 100644
index 00000000..c0ab0bf2
--- /dev/null
+++ b/retired/CVE-2022-3621
@@ -0,0 +1,10 @@
+Description: nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level()
+References:
+Notes:
+Bugs:
+upstream: released (6.1-rc1) [21a87d88c2253350e115029f14fe2a10a7e6c856]
+5.10-upstream-stable: released (5.10.148) [3f840480e31495ce674db4a69912882b5ac083f2]
+4.19-upstream-stable: released (4.19.262) [fe8015680f383ea1dadec76972894dfabf8aefaa]
+sid: released (6.0.2-1)
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: released (4.19.269-1)
diff --git a/retired/CVE-2022-3623 b/retired/CVE-2022-3623
new file mode 100644
index 00000000..4ef1d33d
--- /dev/null
+++ b/retired/CVE-2022-3623
@@ -0,0 +1,12 @@
+Description: mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page
+References:
+Notes:
+ bwh> Fixing commit says this was introduced in 5.1 by commit 5480280d3f2d
+ bwh> "arm64/mm: enable HugeTLB migration for contiguous bit HugeTLB pages".
+Bugs:
+upstream: released (6.1-rc1) [fac35ba763ed07ba93154c95ffc0c4a55023707f]
+5.10-upstream-stable: released (5.10.159) [fccee93eb20d72f5390432ecea7f8c16af88c850]
+4.19-upstream-stable: N/A "Vulnerability introduced later"
+sid: released (6.0.3-1)
+5.10-bullseye-security: released (5.10.162-1)
+4.19-buster-security: N/A "Vulnerability introduced later"
diff --git a/retired/CVE-2022-3624 b/retired/CVE-2022-3624
new file mode 100644
index 00000000..dcd4291f
--- /dev/null
+++ b/retired/CVE-2022-3624
@@ -0,0 +1,12 @@
+Description: bonding: fix reference count leak in balance-alb mode
+References:
+Notes:
+ carnil> Commit fixes d5410ac7b0ba ("net:bonding:support balance-alb
+ carnil> interface with vlan to bridge") as well only in 6.0-rc1.
+Bugs:
+upstream: released (6.0-rc1) [4f5d33f4f798b1c6d92b613f0087f639d9836971]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-3625 b/retired/CVE-2022-3625
new file mode 100644
index 00000000..41aa0c52
--- /dev/null
+++ b/retired/CVE-2022-3625
@@ -0,0 +1,12 @@
+Description: devlink: Fix use-after-free after a failed reload
+References:
+Notes:
+ carnil> Commit fixes 98bbf70c1c41 ("mlxsw: spectrum: add
+ carnil> "acl_region_rehash_interval" devlink param") in 5.1-rc1.
+Bugs:
+upstream: released (6.0-rc1) [6b4db2e528f650c7fb712961aac36455468d5902]
+5.10-upstream-stable: released (5.10.138) [0e28678a770df7989108327cfe86f835d8760c33]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.19.6-1)
+5.10-bullseye-security: released (5.10.140-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-3628 b/retired/CVE-2022-3628
new file mode 100644
index 00000000..1ecb92c4
--- /dev/null
+++ b/retired/CVE-2022-3628
@@ -0,0 +1,15 @@
+Description: wifi: Fix potential buffer overflow in 'brcmf_fweh_event_worker'
+References:
+ https://www.openwall.com/lists/oss-security/2022/10/29/1
+ https://lore.kernel.org/linux-wireless/10230673-8dbe-bf67-ba76-9f8cdc35faf3@gmail.com/T/#u
+Notes:
+ carnil> The commit did not land in mainline to date (2022-11-10) but
+ carnil> the fix applied already to several stable versions. For 6.0.y
+ carnil> the issue is fixed in 6.0.8.
+Bugs:
+upstream: released (6.1-rc5) [6788ba8aed4e28e90f72d68a9d794e34eac17295]
+5.10-upstream-stable: released (5.10.154) [c6678c8f4f3f8383fe2dff3455de3d504382638f]
+4.19-upstream-stable: released (4.19.265) [5e7d546917431400b7d6e5e38f588e0bd13083c9]
+sid: released (6.0.8-1)
+5.10-bullseye-security: released (5.10.158-1)
+4.19-buster-security: released (4.19.269-1)
diff --git a/retired/CVE-2022-36280 b/retired/CVE-2022-36280
new file mode 100644
index 00000000..0c9e82c3
--- /dev/null
+++ b/retired/CVE-2022-36280
@@ -0,0 +1,12 @@
+Description: out-of-bounds write vulnerability in vmwgfx driver
+References:
+ https://bugzilla.openanolis.cn/show_bug.cgi?id=2071
+Notes:
+ carnil> For 6.1.y fixed as well in 6.1.4
+Bugs:
+upstream: released (6.2-rc1) [4cf949c7fafe21e085a4ee386bb2dade9067316e]
+5.10-upstream-stable: released (5.10.163) [439cbbc1519547f9a7b483f0de33b556ebfec901]
+4.19-upstream-stable: released (4.19.270) [6b4e70a428b5a11f56db94047b68e144529fe512]
+sid: released (6.1.4-1)
+5.10-bullseye-security: released (5.10.162-1) [bugfix/x86/drm-vmwgfx-Validate-the-box-size-for-the-snooped-cur.patch]
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2022-3629 b/retired/CVE-2022-3629
new file mode 100644
index 00000000..92671deb
--- /dev/null
+++ b/retired/CVE-2022-3629
@@ -0,0 +1,10 @@
+Description: vsock: Fix memory leak in vsock_connect()
+References:
+Notes:
+Bugs:
+upstream: released (6.0-rc1) [7e97cfed9929eaabc41829c395eb0d1350fccb9d]
+5.10-upstream-stable: released (5.10.138) [38ddccbda5e8b762c8ee06670bb1f64f1be5ee50]
+4.19-upstream-stable: released (4.19.256) [2fc2a7767f661e6083f69588718cdf6f07cb9330]
+sid: released (5.19.6-1)
+5.10-bullseye-security: released (5.10.140-1)
+4.19-buster-security: released (4.19.260-1)
diff --git a/retired/CVE-2022-3630 b/retired/CVE-2022-3630
new file mode 100644
index 00000000..1c6ad5a1
--- /dev/null
+++ b/retired/CVE-2022-3630
@@ -0,0 +1,12 @@
+Description: scache: don't leak cookie access refs if invalidation is in progress or failed
+References:
+Notes:
+ carnil> Commit fixes 85e4ea1049c7 ("fscache: Fix invalidation/lookup
+ carnil> race") in 5.19-rc6 (and backported to 5.18.11).
+Bugs:
+upstream: released (6.0-rc1) [fb24771faf72a2fd62b3b6287af3c610c3ec9cf1]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.19.6-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-3633 b/retired/CVE-2022-3633
new file mode 100644
index 00000000..4acd6f7a
--- /dev/null
+++ b/retired/CVE-2022-3633
@@ -0,0 +1,12 @@
+Description: can: j1939: j1939_session_destroy(): fix memory leak of skbs
+References:
+Notes:
+ carnil> Fixes 9d71dd0c7009 ("can: add support of SAE J1939 protocol")
+ carnil> in 5.4-rc1.
+Bugs:
+upstream: released (6.0-rc1) [8c21c54a53ab21842f5050fa090f26b03c0313d6]
+5.10-upstream-stable: released (5.10.138) [a220ff343396bae8d3b6abee72ab51f1f34b3027]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.19.6-1)
+5.10-bullseye-security: released (5.10.140-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-3635 b/retired/CVE-2022-3635
new file mode 100644
index 00000000..0ce5d2e9
--- /dev/null
+++ b/retired/CVE-2022-3635
@@ -0,0 +1,10 @@
+Description: atm: idt77252: fix use-after-free bugs caused by tst_timer
+References:
+Notes:
+Bugs:
+upstream: released (6.0-rc1) [3f4093e2bf4673f218c0bf17d8362337c400e77b]
+5.10-upstream-stable: released (5.10.138) [a0ae122e9aeccbff75014c4d36d11a9d32e7fb5e]
+4.19-upstream-stable: released (4.19.256) [52fddbd9754b249546c89315787075b7247b029d]
+sid: released (5.19.6-1)
+5.10-bullseye-security: released (5.10.140-1)
+4.19-buster-security: released (4.19.260-1)
diff --git a/retired/CVE-2022-3636 b/retired/CVE-2022-3636
new file mode 100644
index 00000000..6051df04
--- /dev/null
+++ b/retired/CVE-2022-3636
@@ -0,0 +1,14 @@
+Description: net: ethernet: mtk_eth_soc: use after free in __mtk_ppe_check_skb()
+References:
+Notes:
+ carnil> Commit fixes 33fc42de3327 ("net: ethernet: mtk_eth_soc: support
+ carnil> creating mac address based offload entries") which is in 5.19-
+ carnil> rc1 as well. So the CVE seems not to be valid given no released
+ carnil> version was ever affected.
+Bugs:
+upstream: released (5.19-rc1) [17a5f6a78dc7b8db385de346092d7d9f9dc24df6]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-3640 b/retired/CVE-2022-3640
new file mode 100644
index 00000000..6142f507
--- /dev/null
+++ b/retired/CVE-2022-3640
@@ -0,0 +1,14 @@
+Description: Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del()
+References:
+ https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=42cf46dea905a80f6de218e837ba4d4cc33d6979
+Notes:
+ carnil> Commit fixes d0be8347c623 ("Bluetooth: L2CAP: Fix use-after-
+ carnil> free caused by l2cap_chan_put") in 5.19 (which was backported
+ carnil> to 5.18.16, 5.10.135, 4.19.326)
+Bugs:
+upstream: released (6.1-rc4) [0d0e2d032811280b927650ff3c15fe5020e82533]
+5.10-upstream-stable: released (5.10.154) [d9ec6e2fbd4a565b2345d4852f586b7ae3ab41fd]
+4.19-upstream-stable: released (4.19.265) [7f7bfdd9a9af3b12c33d9da9a012e7f4d5c91f4b]
+sid: released (6.0.8-1)
+5.10-bullseye-security: released (5.10.158-1)
+4.19-buster-security: released (4.19.269-1)
diff --git a/retired/CVE-2022-3643 b/retired/CVE-2022-3643
new file mode 100644
index 00000000..bfb8311e
--- /dev/null
+++ b/retired/CVE-2022-3643
@@ -0,0 +1,13 @@
+Description: xen/netback: Ensure protocol headers don't fall in the non-linear area
+References:
+ https://www.openwall.com/lists/oss-security/2022/12/06/1
+ https://xenbits.xen.org/xsa/advisory-423.html
+Notes:
+Bugs:
+ https://bugs.debian.org/1026035
+upstream: released (6.1) [ad7f402ae4f466647c3a669b8a6f3e5d4271c84a, 7dfa764e0223a324366a2a1fc056d4d9d4e95491]
+5.10-upstream-stable: released (5.10.159) [49e07c0768dbebff672ee1834eff9680fc6277bf, a00444e25bbc3ff90314ebc72e9b4952b12211d9]
+4.19-upstream-stable: released (4.19.269) [44dfdecc288b8d5932e09f5e6a597a089d5a82b2, 5215a8c7a72c0c9d49de9450ad92464832e981af]
+sid: released (6.0.12-1) [bugfix/all/xen-netback-Ensure-protocol-headers-don-t-fall-in-th.patch], released (6.1.4-1)
+5.10-bullseye-security: released (5.10.158-1) [bugfix/all/xen-netback-Ensure-protocol-headers-don-t-fall-in-th.patch], released (5.10.158-2) [bugfix/all/xen-netback-fix-build-warning.patch]
+4.19-buster-security: released (4.19.269-1)
diff --git a/retired/CVE-2022-3646 b/retired/CVE-2022-3646
new file mode 100644
index 00000000..a5ff1506
--- /dev/null
+++ b/retired/CVE-2022-3646
@@ -0,0 +1,10 @@
+Description: nilfs2: fix leak of nilfs_root in case of writer thread creation failure
+References:
+Notes:
+Bugs:
+upstream: released (6.1-rc1) [d0d51a97063db4704a5ef6bc978dddab1636a306]
+5.10-upstream-stable: released (5.10.148) [aad4c997857f1d4b6c1e296c07e4729d3f8058ee]
+4.19-upstream-stable: released (4.19.262) [4b748ef0f2afadd31c914623daa610f26385a4dc]
+sid: released (6.0.2-1)
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: released (4.19.269-1)
diff --git a/retired/CVE-2022-3649 b/retired/CVE-2022-3649
new file mode 100644
index 00000000..0e9ffef9
--- /dev/null
+++ b/retired/CVE-2022-3649
@@ -0,0 +1,10 @@
+Description: nilfs2: fix use-after-free bug of struct nilfs_root
+References:
+Notes:
+Bugs:
+upstream: released (6.1-rc1) [d325dc6eb763c10f591c239550b8c7e5466a5d09]
+5.10-upstream-stable: released (5.10.148) [21ee3cffed8fbabb669435facfd576ba18ac8652]
+4.19-upstream-stable: released (4.19.262) [bfc82a26545b5f61a64d51ca2179773706fb028f]
+sid: released (6.0.2-1)
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: released (4.19.269-1)
diff --git a/retired/CVE-2022-36879 b/retired/CVE-2022-36879
new file mode 100644
index 00000000..487affde
--- /dev/null
+++ b/retired/CVE-2022-36879
@@ -0,0 +1,11 @@
+Description: xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup()
+References:
+Notes:
+ carnil> Released as well in 5.18.15 for 5.18.y.
+Bugs:
+upstream: released (5.19-rc8) [f85daf0e725358be78dfd208dea5fd665d8cb901]
+5.10-upstream-stable: released (5.10.134) [47b696dd654450cdec3103a833e5bf29c4b83bfa]
+4.19-upstream-stable: released (4.19.254) [fdb4fba1ba8512fa579a9d091dcb6c410f82f96a]
+sid: released (5.18.16-1)
+5.10-bullseye-security: released (5.10.136-1)
+4.19-buster-security: released (4.19.260-1)
diff --git a/retired/CVE-2022-36946 b/retired/CVE-2022-36946
new file mode 100644
index 00000000..8161b61d
--- /dev/null
+++ b/retired/CVE-2022-36946
@@ -0,0 +1,14 @@
+Description: netfilter: nf_queue: do not allow packet truncation below transport header offset
+References:
+ https://marc.info/?l=netfilter-devel&m=165883202007292&w=2
+Notes:
+ carnil> Introduced by 7af4cc3fa158 ("[NETFILTER]: Add "nfnetlink_queue"
+ carnil> netfilter queue handler over nfnetlink")
+ carnil> For 5.18.y fixed as well in 5.18.16.
+Bugs:
+upstream: released (5.19) [99a63d36cb3ed5ca3aa6fcb64cffbeaf3b0fb164]
+5.10-upstream-stable: released (5.10.135) [440dccd80f627e0e11ceb0429e4cdab61857d17e]
+4.19-upstream-stable: released (4.19.255) [f295d365b30626f82423a923695274024016380e]
+sid: released (5.18.16-1)
+5.10-bullseye-security: released (5.10.136-1)
+4.19-buster-security: released (4.19.260-1)
diff --git a/retired/CVE-2022-3707 b/retired/CVE-2022-3707
new file mode 100644
index 00000000..48dc38ee
--- /dev/null
+++ b/retired/CVE-2022-3707
@@ -0,0 +1,13 @@
+Description: Double-free in split_2MB_gtt_entry when function intel_gvt_dma_map_guest_page failed
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2137979
+ https://lore.kernel.org/all/20221007013708.1946061-1-zyytlz.wz@163.com/
+Notes:
+Bugs:
+upstream: released (6.2-rc3) [4a61648af68f5ba4884f0e3b494ee1cabc4b6620]
+6.1-upstream-stable: released (6.1.5) [1022519da69d99d455c58ca181a6c499c562c70e]
+5.10-upstream-stable: released (5.10.170) [3d743415c6fb092167df6c23e9c7e9f6df7db625]
+4.19-upstream-stable: released (4.19.274) [c5245a6cf83ca5c4b68d643f8b31ed0eb127126e]
+sid: released (6.1.7-1)
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2022-3910 b/retired/CVE-2022-3910
new file mode 100644
index 00000000..6aaed29e
--- /dev/null
+++ b/retired/CVE-2022-3910
@@ -0,0 +1,12 @@
+Description: io_uring/msg_ring: check file type before putting
+References:
+Notes:
+ carnil> Commit fixes aa184e8671f0 ("io_uring: don't attempt to IOPOLL
+ carnil> for MSG_RING requests") in 5.18.
+Bugs:
+upstream: released (6.0-rc6) [fc7222c3a9f56271fba02aabbfbae999042f1679]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.19.11-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-39188 b/retired/CVE-2022-39188
new file mode 100644
index 00000000..d6e5eb20
--- /dev/null
+++ b/retired/CVE-2022-39188
@@ -0,0 +1,17 @@
+Description: unmap_mapping_range() race with munmap() on VM_PFNMAP mappings leads to stale TLB entry
+References:
+ https://bugs.chromium.org/p/project-zero/issues/detail?id=2329
+ https://lore.kernel.org/stable/CAG48ez3SEqOPcPCYGHVZv4iqEApujD5VtM3Re-tCKLDEFdEdbg@mail.gmail.com/
+ https://lore.kernel.org/stable/CAG48ez2sDEaDpiHBQJcDqPtvpCYK1JjLD=Jp8rE9ODnFW-MbRg@mail.gmail.com/
+ https://lore.kernel.org/stable/20220915142519.2941949-1-jannh@google.com/
+Notes:
+ carnil> For stable series an isolated backport is needed.
+ carnil> Turns out that the original backport for stable series is botched, cf.
+ carnil> https://lore.kernel.org/stable/CAG48ez2sDEaDpiHBQJcDqPtvpCYK1JjLD=Jp8rE9ODnFW-MbRg@mail.gmail.com/
+Bugs:
+upstream: released (5.19-rc8) [b67fbebd4cf980aecbcc750e1462128bffe8ae15]
+5.10-upstream-stable: released (5.10.141) [895428ee124ad70b9763259308354877b725c31d], released (5.10.144) [891f03f688de8418f44b32b88f6b4faed5b2aa81]
+4.19-upstream-stable: released (4.19.257) [c3b1e88f14e7f442e2ddcbec94527eec84ac0ca3], released (4.19.259) [56fa5f3dd44a05a5eacd75ae9d00c5415046d371]
+sid: released (5.19.6-1)
+5.10-bullseye-security: released (5.10.140-1) [bugfix/all/mm-force-tlb-flush-for-pfnmap-mappings-before-unlink_file_vma.patch], released (5.10.148-1)
+4.19-buster-security: released (4.19.260-1)
diff --git a/retired/CVE-2022-39190 b/retired/CVE-2022-39190
new file mode 100644
index 00000000..90979589
--- /dev/null
+++ b/retired/CVE-2022-39190
@@ -0,0 +1,13 @@
+Description: netfilter: nf_tables: disallow binding to already bound chain
+References:
+ https://lore.kernel.org/all/20220824220330.64283-12-pablo@netfilter.org/
+Notes:
+ carnil> Introduced in d0e2c7de92c7 ("netfilter: nf_tables: add
+ carnil> NFT_CHAIN_BINDING") 5.9-rc1.
+Bugs:
+upstream: released (6.0-rc3) [e02f0d3970404bfea385b6edb86f2d936db0ea2b]
+5.10-upstream-stable: released (5.10.140) [c08a104a8bce832f6e7a4e8d9ac091777b9982ea]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.19.6-1)
+5.10-bullseye-security: released (5.10.140-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-3977 b/retired/CVE-2022-3977
new file mode 100644
index 00000000..00432b2e
--- /dev/null
+++ b/retired/CVE-2022-3977
@@ -0,0 +1,15 @@
+Description: use-after-free bug in mctp_sk_unhash in net/mctp/af_mctp.c
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2142371
+ https://www.openwall.com/lists/oss-security/2022/11/14/1
+Notes:
+ carnil> Introduced by 63ed1aab3d40 ("mctp: Add SIOCMCTP{ALLOC,DROP}TAG
+ carnil> ioctls for tag control") in 5.18-rc1.
+ carnil> Fixed as well in 6.0.2 for 6.0.y.
+Bugs:
+upstream: released (6.1-rc1) [3a732b46736cd8a29092e4b0b1a9ba83e672bf89]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.2-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-39842 b/retired/CVE-2022-39842
new file mode 100644
index 00000000..a017faff
--- /dev/null
+++ b/retired/CVE-2022-39842
@@ -0,0 +1,11 @@
+Description: video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write
+References:
+Notes:
+ bwh> Driver is not enabled by any Debian config.
+Bugs:
+upstream: released (5.19-rc4) [a09d2d00af53b43c6f11e6ab3cb58443c2cac8a7]
+5.10-upstream-stable: released (5.10.145) [06e194e1130c98f82d46beb40cdbc88a0d4fd6de]
+4.19-upstream-stable: released (4.19.260) [a34547fc43d02f2662b2b62c9a4c578594cf662d]
+sid: released (5.19.6-1)
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: released (4.19.260-1)
diff --git a/retired/CVE-2022-40307 b/retired/CVE-2022-40307
new file mode 100644
index 00000000..01d01d04
--- /dev/null
+++ b/retired/CVE-2022-40307
@@ -0,0 +1,11 @@
+Description: efi: capsule-loader: Fix use-after-free in efi_capsule_write
+References:
+Notes:
+ carnil> For 5.19.y fixed as well in 5.19.9.
+Bugs:
+upstream: released (6.0-rc5) [9cb636b5f6a8cc6d1b50809ec8f8d33ae0c84c95]
+5.10-upstream-stable: released (5.10.143) [918d9c4a4bdf5205f2fb3f64dddfb56c9a1d01d6]
+4.19-upstream-stable: released (4.19.258) [021805af5bedeafc76c117fc771c100b358ab419]
+sid: released (5.19.11-1)
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: released (4.19.260-1)
diff --git a/retired/CVE-2022-40476 b/retired/CVE-2022-40476
new file mode 100644
index 00000000..d854f8a1
--- /dev/null
+++ b/retired/CVE-2022-40476
@@ -0,0 +1,14 @@
+Description: io_uring: use original request task for inflight tracking
+References:
+ https://lore.kernel.org/lkml/CAO4S-mdVW5GkODk0+vbQexNAAJZopwzFJ9ACvRCJ989fQ4A6Ow@mail.gmail.com/
+Notes:
+ carnil> Issue introduced in 9cae36a094e7 ("io_uring: reinstate the
+ carnil> inflight tracking") in 5.19-rc1 (and got backported to 5.18.6)
+ carnil> For 5.18.y fixed in 5.18.7.
+Bugs:
+upstream: released (5.19-rc4) [386e4fb6962b9f248a80f8870aea0870ca603e89]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code never present in unstable"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-40768 b/retired/CVE-2022-40768
new file mode 100644
index 00000000..a2b56b4f
--- /dev/null
+++ b/retired/CVE-2022-40768
@@ -0,0 +1,12 @@
+Description: scsi: stex: properly zero out the passthrough command structure
+References:
+ https://www.openwall.com/lists/oss-security/2022/09/09/1
+ https://lore.kernel.org/all/20220908145154.2284098-1-gregkh@linuxfoundation.org/
+Notes:
+Bugs:
+upstream: released (6.1-rc1) [6022f210461fef67e6e676fd8544ca02d1bcfa7a]
+5.10-upstream-stable: released (5.10.148) [36b33c63515a93246487691046d18dd37a9f589b]
+4.19-upstream-stable: released (4.19.262) [a99c5e38dc6c3dc3da28489b78db09a4b9ffc8c3]
+sid: released (6.0.2-1)
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: released (4.19.269-1)
diff --git a/retired/CVE-2022-4095 b/retired/CVE-2022-4095
new file mode 100644
index 00000000..302d95f5
--- /dev/null
+++ b/retired/CVE-2022-4095
@@ -0,0 +1,14 @@
+Description: staging: rtl8712: fix use after free bugs
+References:
+ https://www.openwall.com/lists/oss-security/2022/11/18/1
+ https://www.openwall.com/lists/oss-security/2022/11/21/2
+ https://lore.kernel.org/all/20220906132823.157986856@linuxfoundation.org/
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c53b3dcb9942b8ed7f81ee3921c4085d87070c73
+Notes:
+Bugs:
+upstream: released (6.0-rc4) [e230a4455ac3e9b112f0367d1b8e255e141afae0]
+5.10-upstream-stable: released (5.10.142) [19e3f69d19801940abc2ac37c169882769ed9770]
+4.19-upstream-stable: released (4.19.258) [9fd6170c5e2d0ccd027abe26f6f5ffc528e1bb27]
+sid: released (5.19.11-1)
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: released (4.19.260-1)
diff --git a/retired/CVE-2022-40982 b/retired/CVE-2022-40982
new file mode 100644
index 00000000..5c7f0bcb
--- /dev/null
+++ b/retired/CVE-2022-40982
@@ -0,0 +1,15 @@
+Description: Gather Data Sampling (GDS)
+References:
+ https://www.openwall.com/lists/oss-security/2023/08/08/5
+ https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/gather-data-sampling.html
+ https://downfall.page/
+Notes:
+Bugs:
+upstream: released (6.5-rc6) [8974eb588283b7d44a7c91fa09fcbaf380339f3a, 553a5c03e90a6087e88f8ff878335ef0621536fb, 53cf5797f114ba2bd86d23a862302119848eff19, 81ac7e5d741742d650b4ed6186c4826c1a0631a7, 1b0fc0345f2852ffe54fb9ae0e12e2ee69ad6a20]
+6.1-upstream-stable: released (6.1.44) [d5501f2ff80d30d615d59531825d3a5f0bb0d35d, 7918a3555a2502a4d86b831da089f3b985d1bca9, e2e06240ae4780977387906e2e11774283ca7997, 403e4cc67e4cf9226c57a7cb27c7f4365d2143b7, 08e86d42e2c916e362d124e3bc6c824eb1862498, 489ae02c89936c7e40f04191e8c160ac53649526, 6a90583dbd9b794071b8b54d8c36f40a459d1051, 84f585542ec69226311be5a4500a4b3cbad6fb5b, ce97072e10cc844fac8176681b2cb17bf3eaaa7b, 8beabde0ed8d31e45a3d9484f0591a18c0c94cc7, a3342c60dcc58007cc14b2cf1ebc7e2b563423a8, 8183a89caf67a1f56f1da1d6081e26a0ae7a5fdf, b0837880fa65fa4a6dc407b42e9b33e18f7b44e3, c956807d8462e94a1450dc0737728c25917b1d67, 9e8d9d399094dd911059ff337dd8a104f052e1ca, e26932942b2c505d5e8a9f263cbe66de4fab1b24, f25ad76d92176f41a543a812972e9937ce4f7d08, c66ebe070d9641c9339e42e1c2d707a5052e9904, 92fc27c79bc7f3e2bfd2b88e197762566daf02a1, c04579e95492dff342cb4976dd2f5728c0f87eee, b6fd07c41b4c64faff368728cef13439ee62860d, baa7b7501e41344f95da0bd3042dd04110d58edb, 7f3982de36c6620c2faae6fd960fa4021d71e16a, d972c8c08f96518ff02efd87c4fef594a833f6ea, 9ae15aaff39c831e2f9d8b029e85a2d70c7c8a68, e0fd83a193c530fdeced8b2e2ec83039ffdb884b, 051f5dcf144aa7659c4f4be04c66c3eda9b1bad3, dacb0bac2edb649ce01c25da9f8898769516d716]
+5.10-upstream-stable: released (5.10.189) [6e606e681873b37aa252486d43be4cf007544e85, e5eb18e164d08986543f8259d0cc10e120fb8746, c0fff20d4efa3bdb3ef203a8ae6e703e0c010199, 12d93c6c98d5478128d90ad4fbdf705753a0197e, 1cd3fc18eb169e2f81a34eeaf8147f9395ee8a11, 75bb54c951e92714a50cdc063f9953d11e8d36a2, 3c45134b38b417d17103f1f0b9a8b32f98ac358c, 2edb3b39ca793bf13a123ea6a25da640be36e7a5, b05031c2bca790afed717bc59cde2dac722efb94, bf2fa3a9d0e65326917273d17a8e9c6880d7b97c, 09658b81d158c15112a56323d8db8fed83e8cd4a, 18fcd72da1ed6166f1cbb03f713bed50c839fc22, 7a2f42bce9ab23fb9e59fe6de45bfedb5d611eee, 2462bc3ef0611646d94658ff250bb16669347361, 4ae1cbb730bd574d57d3996d4c20974972d47009, 288a2f6bc1ce03ddb3f05fd8c79b00d5d7160b4a, 363c98f9cfa8124cc49b2dfc5d48666b138f7e2e, 7db4ddcb8d8e356387a773728b2479d390488b1e, eb13cce488745176db654b20ea438f4b5b91ab9c, 583016037a092e4189c86bad7946c6d88669b4ca, f076d081787803b972a9939e477c6456f0c8fd70, 6ee042fd240fb669f4637f8cd89899b15911e5df, 1ff14defdfc9180bfcfd76a70463a5feb188a5db, 79972c2b95eca5e7d3d237d728339b21e9075629, 6750468784314bc8a336f80493cd82cde2afa655]
+4.19-upstream-stable: released (4.19.290) [ecc9d725a30dc53046f3739be9b7ac800d66c11b, 047ac82a3a9792264ec261f8812a14df28f28302, c3188cac78ced4eafdc4280feaeb08a47585151d, 6c18fb3d9d3876a709b43c42c8d45a8a4e5ca6f0, edb21f8093a187c9e17acb507900eaab80e516df, c0f82528e7afa445c5e8d67e2a7615e1ed87aa00, 15f5646fd2dbfa7298216418d383be36b470d01b, b698b5d11a169b4d41d7afe488ab3c408e39e5bc, 504aece3f6bcf88b31a809b3bbbe6b1931f78d18, ecc68c37bba469401a2cdc1a73661c31ef014742, 82f4acbce852b4795c32d38be2b164af27d1d125, 211ec614c9f107dfd1c3a1c14d097be474bb6b53, 7c7bb95ece11a94b9fa1cf117cf27ce6324bbe3b, 542dac06335106f81149ae96577f28d6123506e0, 2323f105866e6a456b219b9e3cde53d560464c43, e81494b7259b6b1ab81a9f9be3385b4aa99a7a59, 91e24758cd8e53b030146fbe7ff5c2b258e60c66, 0461f6027566f1bc68c7de160213813d340abf75, 1af834f2f4f824fd36130d3efe52922aec5a852c, 64f142253bd20cf39de9f931bb910f0e6de0d268, b8d22bdfef99923c3727950ae4158ee07ecc8740]
+sid: released (6.4.4-3) [bugfix/x86/gds/init-provide-arch_cpu_finalize_init.patch, bugfix/x86/gds/x86-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/arm-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/ia64-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/loongarch-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/m68k-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/mips-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/sh-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/sparc-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/um-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/init-remove-check_bugs-leftovers.patch, bugfix/x86/gds/init-invoke-arch_cpu_finalize_init-earlier.patch, bugfix/x86/gds/init-x86-move-mem_encrypt_init-into-arch_cpu_finalize_init.patch, bugfix/x86/gds/x86-init-initialize-signal-frame-size-late.patch, bugfix/x86/gds/x86-fpu-remove-cpuinfo-argument-from-init-functions.patch, bugfix/x86/gds/x86-fpu-mark-init-functions-__init.patch, bugfix/x86/gds/x86-fpu-move-fpu-initialization-into-arch_cpu_finalize_init.patch, bugfix/x86/gds/x86-speculation-add-gather-data-sampling-mitigation.patch, bugfix/x86/gds/x86-speculation-add-force-option-to-gds-mitigation.patch, bugfix/x86/gds/x86-speculation-add-kconfig-option-for-gds.patch, bugfix/x86/gds/kvm-add-gds_no-support-to-kvm.patch, bugfix/x86/gds/x86-mem_encrypt-unbreak-the-amd_mem_encrypt-n-build.patch, bugfix/x86/gds/x86-xen-fix-secondary-processors-fpu-initialization.patch, bugfix/x86/gds/documentation-x86-fix-backwards-on-off-logic-about-ymm-support.patch]
+6.1-bookworm-security: released (6.1.38-3) [bugfix/x86/gds/init-provide-arch_cpu_finalize_init.patch, bugfix/x86/gds/x86-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/arm-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/ia64-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/loongarch-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/m68k-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/mips-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/sh-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/sparc-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/um-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/init-remove-check_bugs-leftovers.patch, bugfix/x86/gds/init-invoke-arch_cpu_finalize_init-earlier.patch, bugfix/x86/gds/init-x86-move-mem_encrypt_init-into-arch_cpu_finalize_init.patch, bugfix/x86/gds/x86-init-initialize-signal-frame-size-late.patch, bugfix/x86/gds/x86-fpu-remove-cpuinfo-argument-from-init-functions.patch, bugfix/x86/gds/x86-fpu-mark-init-functions-__init.patch, bugfix/x86/gds/x86-fpu-move-fpu-initialization-into-arch_cpu_finalize_init.patch, bugfix/x86/gds/x86-speculation-add-gather-data-sampling-mitigation.patch, bugfix/x86/gds/x86-speculation-add-force-option-to-gds-mitigation.patch, bugfix/x86/gds/x86-speculation-add-kconfig-option-for-gds.patch, bugfix/x86/gds/kvm-add-gds_no-support-to-kvm.patch, bugfix/x86/gds/x86-mem_encrypt-unbreak-the-amd_mem_encrypt-n-build.patch, bugfix/x86/gds/x86-xen-fix-secondary-processors-fpu-initialization.patch, bugfix/x86/gds/x86-mm-fix-poking_init-for-xen-pv-guests.patch, bugfix/x86/gds/x86-mm-use-mm_alloc-in-poking_init.patch, bugfix/x86/gds/mm-move-mm_cachep-initialization-to-mm_init.patch, bugfix/x86/gds/x86-mm-initialize-text-poking-earlier.patch, bugfix/x86/gds/documentation-x86-fix-backwards-on-off-logic-about-ymm-support.patch]
+5.10-bullseye-security: released (5.10.179-4) [bugfix/x86/gds/init-provide-arch_cpu_finalize_init.patch, bugfix/x86/gds/x86-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/arm-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/ia64-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/m68k-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/mips-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/sh-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/sparc-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/um-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/init-remove-check_bugs-leftovers.patch, bugfix/x86/gds/init-invoke-arch_cpu_finalize_init-earlier.patch, bugfix/x86/gds/init-x86-move-mem_encrypt_init-into-arch_cpu_finalize_init.patch, bugfix/x86/gds/x86-fpu-remove-cpuinfo-argument-from-init-functions.patch, bugfix/x86/gds/x86-fpu-mark-init-functions-__init.patch, bugfix/x86/gds/x86-fpu-move-fpu-initialization-into-arch_cpu_finalize_init.patch, bugfix/x86/gds/x86-speculation-add-gather-data-sampling-mitigation.patch, bugfix/x86/gds/x86-speculation-add-force-option-to-gds-mitigation.patch, bugfix/x86/gds/x86-speculation-add-kconfig-option-for-gds.patch, bugfix/x86/gds/kvm-add-gds_no-support-to-kvm.patch, bugfix/x86/gds/x86-xen-fix-secondary-processors-fpu-initialization.patch, bugfix/x86/gds/x86-mm-fix-poking_init-for-xen-pv-guests.patch, bugfix/x86/gds/x86-mm-use-mm_alloc-in-poking_init.patch, bugfix/x86/gds/mm-move-mm_cachep-initialization-to-mm_init.patch, bugfix/x86/gds/x86-mm-initialize-text-poking-earlier.patch, bugfix/x86/gds/documentation-x86-fix-backwards-on-off-logic-about-ymm-support.patch]
+4.19-buster-security: released (4.19.289-2) [bugfix/x86/gds/init-provide-arch_cpu_finalize_init.patch, bugfix/x86/gds/x86-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/arm-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/ia64-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/m68k-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/mips-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/sh-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/sparc-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/um-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/init-remove-check_bugs-leftovers.patch, bugfix/x86/gds/init-invoke-arch_cpu_finalize_init-earlier.patch, bugfix/x86/gds/init-x86-move-mem_encrypt_init-into-arch_cpu_finalize_init.patch, bugfix/x86/gds/x86-fpu-remove-cpuinfo-argument-from-init-functions.patch, bugfix/x86/gds/x86-fpu-mark-init-functions-__init.patch, bugfix/x86/gds/x86-fpu-move-fpu-initialization-into-arch_cpu_finalize_init.patch, bugfix/x86/gds/x86-speculation-add-gather-data-sampling-mitigation.patch, bugfix/x86/gds/x86-speculation-add-force-option-to-gds-mitigation.patch, bugfix/x86/gds/x86-speculation-add-kconfig-option-for-gds.patch, bugfix/x86/gds/kvm-add-gds_no-support-to-kvm.patch, bugfix/x86/gds/x86-xen-fix-secondary-processors-fpu-initialization.patch, bugfix/x86/gds/documentation-x86-fix-backwards-on-off-logic-about-ymm-support.patch]
diff --git a/retired/CVE-2022-41218 b/retired/CVE-2022-41218
new file mode 100644
index 00000000..caa97d62
--- /dev/null
+++ b/retired/CVE-2022-41218
@@ -0,0 +1,13 @@
+Description: media: dvb-core: Fix UAF due to refcount races at releasing
+References:
+ https://lore.kernel.org/all/20220908132754.30532-1-tiwai@suse.de/
+ https://www.openwall.com/lists/oss-security/2022/09/23/4
+Notes:
+ carnil> Fixed as well in 6.1.4 for 6.1.y.
+Bugs:
+upstream: released (6.2-rc1) [fd3d91ab1c6ab0628fe642dd570b56302c30a792]
+5.10-upstream-stable: released (5.10.163) [3df07728abde249e2d3f47cf22f134cb4d4f5fb1]
+4.19-upstream-stable: released (4.19.270) [8f537a1282cd877f132643ef8f9e9d6032f90025]
+sid: released (6.1.4-1)
+5.10-bullseye-security: released (5.10.162-1) [bugfix/all/media-dvb-core-Fix-UAF-due-to-refcount-races-at-rele.patch]
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2022-41222 b/retired/CVE-2022-41222
new file mode 100644
index 00000000..d0c3afae
--- /dev/null
+++ b/retired/CVE-2022-41222
@@ -0,0 +1,11 @@
+Description: mm/mremap: hold the rmap lock in write mode when moving page table entries
+References:
+ https://bugs.chromium.org/p/project-zero/issues/detail?id=2347
+Notes:
+Bugs:
+upstream: released (5.14-rc1) [97113eb39fa7972722ff490b947d8af023e1f6a2]
+5.10-upstream-stable: released (5.10.137) [2613baa3ab2153cc45b175c58700d93f72ef36c4]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.140-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-4127 b/retired/CVE-2022-4127
new file mode 100644
index 00000000..68b088ed
--- /dev/null
+++ b/retired/CVE-2022-4127
@@ -0,0 +1,15 @@
+Description: io_uring: check that we have a file table when allocating update slots
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2134370
+ https://lore.kernel.org/all/d5a19c1e-9968-e22e-5917-c3139c5e7e89@kernel.dk/
+Notes:
+ carnil> Commit fixes a7c41b4687f5 ("io_uring: let
+ carnil> IORING_OP_FILES_UPDATE support choosing fixed file slots") in
+ carnil> 5.19-rc1.
+Bugs:
+upstream: released (5.19-rc6) [d785a773bed966a75ca1f11d108ae1897189975b]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-4128 b/retired/CVE-2022-4128
new file mode 100644
index 00000000..2a6b8569
--- /dev/null
+++ b/retired/CVE-2022-4128
@@ -0,0 +1,12 @@
+Description: mptcp: NULL pointer dereference in subflow traversal at disconnect time
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2134380
+ https://lore.kernel.org/netdev/20220708233610.410786-2-mathew.j.martineau@linux.intel.com/
+Notes:
+Bugs:
+upstream: released (5.19-rc7) [5c835bb142d4013c2ab24bff5ae9f6709a39cbcf]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.18.14-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-4139 b/retired/CVE-2022-4139
new file mode 100644
index 00000000..cd09671f
--- /dev/null
+++ b/retired/CVE-2022-4139
@@ -0,0 +1,18 @@
+Description: drm/i915: fix TLB invalidation for Gen12 video and compute engines
+References:
+ https://www.openwall.com/lists/oss-security/2022/11/30/1
+ https://lore.kernel.org/stable/fa3a25d8-542c-b402-84a2-b699b183f044@intel.com/
+Notes:
+ carnil> Commit fixes 7938d61591d3 ("drm/i915: Flush TLBs before
+ carnil> releasing backing store") in 5.17-rc2 (but which got backported
+ carnil> to 4.19.227, 5.10.95 and other stable series). Though this
+ carnil> commit has been backported to older series, the bug in question
+ carnil> is only affecting those versions which the gen12 support.
+ carnil> For 6.0.y fixed as well in 6.0.11.
+Bugs:
+upstream: released (6.1-rc8) [04aa64375f48a5d430b5550d9271f8428883e550]
+5.10-upstream-stable: released (5.10.157) [86f0082fb9470904b15546726417f28077088fee]
+4.19-upstream-stable: N/A "Vulnerability not present"
+sid: released (6.0.10-2) [bugfix/x86/drm-i915-fix-TLB-invalidation-for-Gen12-video-and-co.patch]
+5.10-bullseye-security: released (5.10.158-1)
+4.19-buster-security: N/A "Vulnerability not present"
diff --git a/retired/CVE-2022-41674 b/retired/CVE-2022-41674
new file mode 100644
index 00000000..580dc644
--- /dev/null
+++ b/retired/CVE-2022-41674
@@ -0,0 +1,16 @@
+Description: fix u8 overflow in cfg80211_update_notlisted_nontrans
+References:
+ https://www.openwall.com/lists/oss-security/2022/10/13/2
+ https://lore.kernel.org/netdev/20221013100522.46346-1-johannes@sipsolutions.net/T/#u
+ https://github.com/PurpleVsGreen/beacown
+Notes:
+ carnil> Commit fixes 0b8fb8235be8 ("cfg80211: Parsing of Multiple BSSID
+ carnil> information in scanning") in 5.1-rc1.
+ carnil> Fixed as well in 5.19.16 and 6.0.2.
+Bugs:
+upstream: released (6.1-rc1) [aebe9f4639b13a1f4e9a6b42cdd2e38c617b442d]
+5.10-upstream-stable: released (5.10.148) [a6408e0b694c1bdd8ae7dd0464a86b98518145ec]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.2-1)
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-41849 b/retired/CVE-2022-41849
new file mode 100644
index 00000000..c24cc564
--- /dev/null
+++ b/retired/CVE-2022-41849
@@ -0,0 +1,11 @@
+Description: video: fbdev: smscufx: Fix use-after-free in ufx_ops_open()
+References:
+ https://lore.kernel.org/all/20220925133243.GA383897@ubuntu/T/
+Notes:
+Bugs:
+upstream: released (6.1-rc1) [5610bcfe8693c02e2e4c8b31427f1bdbdecc839c]
+5.10-upstream-stable: released (5.10.150) [e50472949604f385e09ce3fa4e74dce9f44fb19b]
+4.19-upstream-stable: released (4.19.262) [6d8dbefc4de96d35d68c723e2e75b5a23173c08c]
+sid: released (6.0.3-1)
+5.10-bullseye-security: released (5.10.158-1)
+4.19-buster-security: released (4.19.269-1)
diff --git a/retired/CVE-2022-41850 b/retired/CVE-2022-41850
new file mode 100644
index 00000000..9771d9aa
--- /dev/null
+++ b/retired/CVE-2022-41850
@@ -0,0 +1,11 @@
+Description: HID: roccat: Fix Use-After-Free in roccat_read
+References:
+ https://lore.kernel.org/all/20220904193115.GA28134@ubuntu/t/#u
+Notes:
+Bugs:
+upstream: released (6.1-rc1) [cacdb14b1c8d3804a3a7d31773bc7569837b71a4]
+5.10-upstream-stable: released (5.10.150) [dbcca76435a606a352c794956e6df62eedd3a353]
+4.19-upstream-stable: released (4.19.262) [13de81c7ea0fd68efb48a2d2957e349237905923]
+sid: released (6.0.3-1)
+5.10-bullseye-security: released (5.10.158-1)
+4.19-buster-security: released (4.19.269-1)
diff --git a/retired/CVE-2022-41858 b/retired/CVE-2022-41858
new file mode 100644
index 00000000..8ba7ccff
--- /dev/null
+++ b/retired/CVE-2022-41858
@@ -0,0 +1,11 @@
+Description: drivers: net: slip: fix NPD bug in sl_tx_timeout()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2144379
+Notes:
+Bugs:
+upstream: released (5.18-rc2) [ec4eb8a86ade4d22633e1da2a7d85a846b7d1798]
+5.10-upstream-stable: released (5.10.112) [ca24c5e8f0ac3d43ec0cff29e1c861be73aff165]
+4.19-upstream-stable: released (4.19.239) [753b9d220a7d36dac70e7c6d05492d10d6f9dd36]
+sid: released (5.17.6-1)
+5.10-bullseye-security: released (5.10.113-1)
+4.19-buster-security: released (4.19.249-1)
diff --git a/retired/CVE-2022-42328 b/retired/CVE-2022-42328
new file mode 100644
index 00000000..55b28951
--- /dev/null
+++ b/retired/CVE-2022-42328
@@ -0,0 +1,12 @@
+Description: xen/netback: don't call kfree_skb() with interrupts disabled
+References:
+ https://www.openwall.com/lists/oss-security/2022/12/06/2
+ https://xenbits.xen.org/xsa/advisory-424.html
+Notes:
+Bugs:
+upstream: released (6.1) [74e7e1efdad45580cc3839f2a155174cf158f9b5]
+5.10-upstream-stable: released (5.10.159) [83632fc41449c480f2d0193683ec202caaa186c9]
+4.19-upstream-stable: released (4.19.269) [d3e1b6151d5d40bedabea129f5873a83b9390b62]
+sid: released (6.0.12-1) [bugfix/all/xen-netback-don-t-call-kfree_skb-with-interrupts-dis.patch]
+5.10-bullseye-security: released (5.10.158-1) [bugfix/all/xen-netback-don-t-call-kfree_skb-with-interrupts-dis.patch]
+4.19-buster-security: released (4.19.269-1)
diff --git a/retired/CVE-2022-42329 b/retired/CVE-2022-42329
new file mode 100644
index 00000000..55b28951
--- /dev/null
+++ b/retired/CVE-2022-42329
@@ -0,0 +1,12 @@
+Description: xen/netback: don't call kfree_skb() with interrupts disabled
+References:
+ https://www.openwall.com/lists/oss-security/2022/12/06/2
+ https://xenbits.xen.org/xsa/advisory-424.html
+Notes:
+Bugs:
+upstream: released (6.1) [74e7e1efdad45580cc3839f2a155174cf158f9b5]
+5.10-upstream-stable: released (5.10.159) [83632fc41449c480f2d0193683ec202caaa186c9]
+4.19-upstream-stable: released (4.19.269) [d3e1b6151d5d40bedabea129f5873a83b9390b62]
+sid: released (6.0.12-1) [bugfix/all/xen-netback-don-t-call-kfree_skb-with-interrupts-dis.patch]
+5.10-bullseye-security: released (5.10.158-1) [bugfix/all/xen-netback-don-t-call-kfree_skb-with-interrupts-dis.patch]
+4.19-buster-security: released (4.19.269-1)
diff --git a/retired/CVE-2022-42432 b/retired/CVE-2022-42432
new file mode 100644
index 00000000..ed4f1e40
--- /dev/null
+++ b/retired/CVE-2022-42432
@@ -0,0 +1,15 @@
+Description: netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find()
+References:
+ https://patchwork.ozlabs.org/project/netfilter-devel/patch/20220907082618.1193201-1-pablo@netfilter.org/
+ https://www.zerodayinitiative.com/advisories/ZDI-22-1457/
+Notes:
+ carnil> Commit fixes 22c7652cdaa8 ("netfilter: nft_osf: Add version
+ carnil> option support") in 5.2-rc1.
+Bugs:
+upstream: released (6.0-rc7) [559c36c5a8d730c49ef805a72b213d3bba155cc8]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.146) [5d75fef3e61e797fab5c3fbba88caa74ab92ad47]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.2-1)
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-42703 b/retired/CVE-2022-42703
new file mode 100644
index 00000000..22c1b080
--- /dev/null
+++ b/retired/CVE-2022-42703
@@ -0,0 +1,12 @@
+Description: anon_vma UAF through bogus merge of VMAs caused by double-reuse of leaf anon_vma because of ->degree misinterpretation
+References:
+ https://bugs.chromium.org/p/project-zero/issues/detail?id=2351
+ https://googleprojectzero.blogspot.com/2022/12/exploiting-CVE-2022-42703-bringing-back-the-stack-attack.html
+Notes:
+Bugs:
+upstream: released (6.0-rc4) [2555283eb40df89945557273121e9393ef9b542b]
+5.10-upstream-stable: released (5.10.141) [98f401d36396134c0c86e9e3bd00b6b6b028b521]
+4.19-upstream-stable: released (4.19.257) [6dbfc25d68d922736381988d64156a649ccf7bf1]
+sid: released (5.19.11-1)
+5.10-bullseye-security: released (4.19.140-1) [bugfix/all/mm-rmap-fix-anon_vma-degree-ambiguity-leading-to-double-reuse.patch]
+4.19-buster-security: released (4.19.260-1)
diff --git a/retired/CVE-2022-42719 b/retired/CVE-2022-42719
new file mode 100644
index 00000000..13da3d05
--- /dev/null
+++ b/retired/CVE-2022-42719
@@ -0,0 +1,16 @@
+Description: wifi: mac80211: fix MBSSID parsing use-after-free
+References:
+ https://www.openwall.com/lists/oss-security/2022/10/13/2
+ https://lore.kernel.org/netdev/20221013100522.46346-1-johannes@sipsolutions.net/T/#u
+ https://github.com/PurpleVsGreen/beacown
+Notes:
+ carnil> Commit fixes 5023b14cf4df ("mac80211: support profile split
+ carnil> between elements") in 5.2-rc1.
+ carnil> Fixed as well in 6.0.2 and 5.19.16.
+Bugs:
+upstream: released (6.1-rc1) [ff05d4b45dd89b922578dac497dcabf57cf771c6]
+5.10-upstream-stable: released (5.10.149) [31ce5da48a845bac48930bbde1d45e7449591728]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.2-1)
+5.10-bullseye-security: released (5.10.148-1) [bugfix/all/wifi-mac80211-fix-MBSSID-parsing-use-after-free.patch]
+4.19-buster-security: N/A "vulnerable code not present"
diff --git a/retired/CVE-2022-42720 b/retired/CVE-2022-42720
new file mode 100644
index 00000000..d0193e03
--- /dev/null
+++ b/retired/CVE-2022-42720
@@ -0,0 +1,16 @@
+Description: wifi: cfg80211: fix BSS refcounting bugs
+References:
+ https://www.openwall.com/lists/oss-security/2022/10/13/2
+ https://lore.kernel.org/netdev/20221013100522.46346-1-johannes@sipsolutions.net/T/#u
+ https://github.com/PurpleVsGreen/beacown
+Notes:
+ carnil> Commit fixes a3584f56de1c ("cfg80211: Properly track
+ carnil> transmitting and non-transmitting BSS") in 5.1-rc1.
+ carnil> For 5.19.y fixed in 5.19.16 and 6.0.y in 6.0.2.
+Bugs:
+upstream: released (6.1-rc1) [0b7808818cb9df6680f98996b8e9a439fa7bcc2f]
+5.10-upstream-stable: released (5.10.148) [6b944845031356f3e0c0f6695f9252a8ddc8b02f]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.2-1)
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-42721 b/retired/CVE-2022-42721
new file mode 100644
index 00000000..831baabd
--- /dev/null
+++ b/retired/CVE-2022-42721
@@ -0,0 +1,16 @@
+Description: wifi: cfg80211: avoid nontransmitted BSS list corruption
+References:
+ https://www.openwall.com/lists/oss-security/2022/10/13/2
+ https://lore.kernel.org/netdev/20221013100522.46346-1-johannes@sipsolutions.net/T/#u
+ https://github.com/PurpleVsGreen/beacown
+Notes:
+ carnil> Commit fixes 0b8fb8235be8 ("cfg80211: Parsing of Multiple BSSID
+ carnil> information in scanning") in 5.1-rc1.
+ carnil> Fixed as well in 5.19.16 and 6.0.2
+Bugs:
+upstream: released (6.1-rc1) [bcca852027e5878aec911a347407ecc88d6fff7f]
+5.10-upstream-stable: released (5.10.148) [b0e5c5deb7880be5b8a459d584e13e1f9879d307]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.2-1)
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-42722 b/retired/CVE-2022-42722
new file mode 100644
index 00000000..b5e6b673
--- /dev/null
+++ b/retired/CVE-2022-42722
@@ -0,0 +1,16 @@
+Description: wifi: mac80211: fix crash in beacon protection for P2P-device
+References:
+ https://www.openwall.com/lists/oss-security/2022/10/13/2
+ https://lore.kernel.org/netdev/20221013100522.46346-1-johannes@sipsolutions.net/T/#u
+ https://github.com/PurpleVsGreen/beacown
+Notes:
+ carnil> Commit fixes 9eaf183af741 ("mac80211: Report beacon protection
+ carnil> failures to user space") in 5.8-rc1.
+ carnil> Fixed as well in 5.19.16 and 6.0.2.
+Bugs:
+upstream: released (6.1-rc1) [b2d03cabe2b2e150ff5a381731ea0355459be09f]
+5.10-upstream-stable: released (5.10.148) [58c0306d0bcd5f541714bea8765d23111c9af68a]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.2-1)
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-42895 b/retired/CVE-2022-42895
new file mode 100644
index 00000000..5c990cac
--- /dev/null
+++ b/retired/CVE-2022-42895
@@ -0,0 +1,13 @@
+Description: Bluetooth: L2CAP: Fix attempting to access uninitialized memory
+References:
+ https://github.com/google/security-research/security/advisories/GHSA-vccx-8h74-2357
+ https://www.openwall.com/lists/oss-security/2022/12/14/6
+Notes:
+ carnil> For 6.0.y fixed in 6.0.8.
+Bugs:
+upstream: released (6.1-rc4) [b1a2cd50c0357f243b7435a732b4e62ba3157a2e]
+5.10-upstream-stable: released (5.10.154) [26ca2ac091b49281d73df86111d16e5a76e43bd7]
+4.19-upstream-stable: released (4.19.265) [36919a82f335784d86b4def308739559bb47943d]
+sid: released (6.0.7-1) [bugfix/all/Bluetooth-L2CAP-Fix-attempting-to-access-uninitializ.patch]
+5.10-bullseye-security: released (5.10.158-1)
+4.19-buster-security: released (4.19.269-1)
diff --git a/retired/CVE-2022-42896 b/retired/CVE-2022-42896
new file mode 100644
index 00000000..1e32721f
--- /dev/null
+++ b/retired/CVE-2022-42896
@@ -0,0 +1,15 @@
+Description: Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM
+References:
+ https://github.com/google/security-research/security/advisories/GHSA-pf87-6c9q-jvm4
+ https://www.openwall.com/lists/oss-security/2022/12/14/7
+Notes:
+ carnil> for 6.0.y fixed in 6.0.8.
+ bwh> The Google advisory lists two commits; the second was backported in
+ bwh> 6.0.10.
+Bugs:
+upstream: released (6.1-rc4) [711f8c3fb3db61897080468586b970c87c61d9e4, f937b758a188d6fd328a81367087eddbb2fce50f]
+5.10-upstream-stable: released (5.10.154) [6b6f94fb9a74dd2891f11de4e638c6202bc89476), releaed (5.10.156) [bd487932408d462ed86b10833da35c61f618f62f]
+4.19-upstream-stable: released (4.19.268) [a2045d57e844864605d39e6cfd2237861d800f13), released (4.19.267) [fbe7cb8400700ddbd1a631c3a8b66604a6d0f479]
+sid: released (6.0.7-1) [bugfix/all/Bluetooth-L2CAP-Fix-accepting-connection-request-for.patch], released (6.0.10-1)
+5.10-bullseye-security: released (5.10.158-1)
+4.19-buster-security: released (4.19.269-1)
diff --git a/retired/CVE-2022-43750 b/retired/CVE-2022-43750
new file mode 100644
index 00000000..abc17b02
--- /dev/null
+++ b/retired/CVE-2022-43750
@@ -0,0 +1,10 @@
+Description: usb: mon: make mmapped memory read only
+References:
+Notes:
+Bugs:
+upstream: released (6.1-rc1) [a659daf63d16aa883be42f3f34ff84235c302198]
+5.10-upstream-stable: released (5.10.148) [1b257f97fec43d7a8a4c9ada8538d14421861b0a]
+4.19-upstream-stable: released (4.19.262) [bf7e2cee3899ede4c7c6548f28159ee3775fb67f]
+sid: released (6.0.2-1)
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: released (4.19.269-1)
diff --git a/retired/CVE-2022-4378 b/retired/CVE-2022-4378
new file mode 100644
index 00000000..eda3eb6b
--- /dev/null
+++ b/retired/CVE-2022-4378
@@ -0,0 +1,11 @@
+Description:
+References:
+ https://www.openwall.com/lists/oss-security/2022/12/09/1
+Notes:
+Bugs:
+upstream: released (6.1) [bce9332220bd677d83b19d21502776ad555a0e73, e6cfaf34be9fcd1a8285a294e18986bfc41a409c]
+5.10-upstream-stable: released (5.10.158) [9ba389863ac63032d4b6ffad2c90a62cd78082ee, 4aa32aaef6c1b5e39ae2508ec596bd7b67871043]
+4.19-upstream-stable: released (4.19.268) [a9c309fb49ffe3203f948973fd27b8f64f7f30c4, fe84d7f0cb66d150de094fba461f0cb5d5b12c85]
+sid: released (6.0.12-1)
+5.10-bullseye-security: released (5.10.158-1)
+4.19-buster-security: released (4.19.269-1)
diff --git a/retired/CVE-2022-4379 b/retired/CVE-2022-4379
new file mode 100644
index 00000000..25fb25ec
--- /dev/null
+++ b/retired/CVE-2022-4379
@@ -0,0 +1,15 @@
+Description: NFSD: fix use-after-free in __nfs42_ssc_open()
+References:
+ https://www.openwall.com/lists/oss-security/2022/12/14/3
+ https://lore.kernel.org/all/1670885411-10060-1-git-send-email-dai.ngo@oracle.com/
+Notes:
+ carnil> Fixed in 6.1.3 as well for 6.1.y.
+ bwh> The vulnerable code is conditional on CONFIG_NFSD_V4_2_INTER_SSC
+ bwh> which we don't yet enable.
+Bugs:
+upstream: released (6.2-rc1) [75333d48f92256a0dec91dbf07835e804fc411c0]
+5.10-upstream-stable: released (5.10.177) [01e4c9c03de8a9f8839cb7342bc4bccf9104efe5]
+4.19-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (6.1.4-1)
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: N/A "Vulnerable code introduced later"
diff --git a/retired/CVE-2022-45869 b/retired/CVE-2022-45869
new file mode 100644
index 00000000..bda19fab
--- /dev/null
+++ b/retired/CVE-2022-45869
@@ -0,0 +1,13 @@
+Description: KVM: x86/mmu: Fix race condition in direct_page_fault
+References:
+Notes:
+ carnil> Commit fixes a2855afc7ee8 ("KVM: x86/mmu: Allow parallel page
+ carnil> faults for the TDP MMU") 5.12-rc1.
+ carnil> Fixed in 6.0.11 for 6.0.y.
+Bugs:
+upstream: released (6.1-rc7) [47b0c2e4c220f2251fd8dcfbb44479819c715e15]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.12-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-45886 b/retired/CVE-2022-45886
new file mode 100644
index 00000000..71bbee98
--- /dev/null
+++ b/retired/CVE-2022-45886
@@ -0,0 +1,16 @@
+Description: media: dvb-core: Fix use-after-free due to race condition occurring in dvb_net
+References:
+ https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel@gmail.com/
+ https://lore.kernel.org/linux-media/20221115131822.6640-3-imv4bel@gmail.com/
+Notes:
+ carnil> Negligible security impact, would need physical access to
+ carnil> "exploit"
+Bugs:
+upstream: released (6.4-rc3) [4172385b0c9ac366dcab78eda48c26814b87ed1a]
+6.1-upstream-stable: released (6.1.33) [93b5dfebcb1821dde466e29404fcf1fb919f4c72]
+5.10-upstream-stable: released (5.10.183) [2ea7d26ed851db7176e4bfa8174c8a1380255bbe]
+4.19-upstream-stable: released (4.19.285) [7bb9c6e05efcecb15b0354d574efbc36ca321d75]
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.289-1)
diff --git a/retired/CVE-2022-45887 b/retired/CVE-2022-45887
new file mode 100644
index 00000000..a6124c95
--- /dev/null
+++ b/retired/CVE-2022-45887
@@ -0,0 +1,16 @@
+Description: media: ttusb-dec: Fix memory leak in ttusb_dec_exit_dvb()
+References:
+ https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel@gmail.com/
+ https://lore.kernel.org/linux-media/20221115131822.6640-5-imv4bel@gmail.com/
+Notes:
+ carnil> Negligible security impact, would need physical access to
+ carnil> "exploit"
+Bugs:
+upstream: released (6.4-rc3) [517a281338322ff8293f988771c98aaa7205e457]
+6.1-upstream-stable: released (6.1.33) [ea2938c27b0212aaab6702c16b7385e073b35643]
+5.10-upstream-stable: released (5.10.183) [eb37fef417a246fe54530901a3ea9c0abc914fc2]
+4.19-upstream-stable: released (4.19.285) [3e5af0745a4702ab0df2f880bfe0431eb30f9164]
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.289-1)
diff --git a/retired/CVE-2022-45888 b/retired/CVE-2022-45888
new file mode 100644
index 00000000..68dcc341
--- /dev/null
+++ b/retired/CVE-2022-45888
@@ -0,0 +1,16 @@
+Description: char: xillybus: Fix use-after-free in xillyusb_open()
+References:
+ https://lore.kernel.org/all/20221022175404.GA375335@ubuntu/
+Notes:
+ bwh> Driver was added in 5.14.
+ carnil> Negligible security impact, would need physical access to
+ carnil> "exploit"
+Bugs:
+upstream: released (6.2-rc1) [282a4b71816b6076029017a7bab3a9dcee12a920]
+6.1-upstream-stable: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.3.7-1)
+6.1-bookworm-security: ignored "non issue, if anyone has physical access to trigger this they can do more harm anyway"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-45919 b/retired/CVE-2022-45919
new file mode 100644
index 00000000..cfebed39
--- /dev/null
+++ b/retired/CVE-2022-45919
@@ -0,0 +1,15 @@
+Description: media: dvb-core: Fix use-after-free due to race condition occurring in dvb_ca_en50221
+References:
+ https://lore.kernel.org/linux-media/20221121063308.GA33821%40ubuntu/T/#u
+Notes:
+ carnil> Negligible security impact, would need physical access to
+ carnil> "exploit"
+Bugs:
+upstream: released (6.4-rc3) [280a8ab81733da8bc442253c700a52c4c0886ffd]
+6.1-upstream-stable: released (6.1.33) [d5d61f747e3f1ff9042db66896f2f90afa5f3197]
+5.10-upstream-stable: released (5.10.183) [76169f7490899d74aad4b0e2c4c1b9d4904dd01f]
+4.19-upstream-stable: released (4.19.285) [8624c7e048fa9ba584b7ba43715090ab1aed765c]
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.289-1)
diff --git a/retired/CVE-2022-45934 b/retired/CVE-2022-45934
new file mode 100644
index 00000000..87fe1047
--- /dev/null
+++ b/retired/CVE-2022-45934
@@ -0,0 +1,12 @@
+Description: Bluetooth: L2CAP: Fix u8 overflow
+References:
+ https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=ae4569813a6e931258db627cdfe50dfb4f917d5d
+Notes:
+ carnil> Fixed as well in 6.0.15 for 6.0.y.
+Bugs:
+upstream: released (6.1) [bcd70260ef56e0aee8a4fc6cd214a419900b0765]
+5.10-upstream-stable: released (5.10.161) [f3fe6817156a2ad4b06f01afab04638a34d7c9a6]
+4.19-upstream-stable: released (4.19.270) [ad528fde0702903208d0a79d88d5a42ae3fc235b]
+sid: released (6.1.4-1)
+5.10-bullseye-security: released (5.10.162-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2022-4662 b/retired/CVE-2022-4662
new file mode 100644
index 00000000..337b7c86
--- /dev/null
+++ b/retired/CVE-2022-4662
@@ -0,0 +1,13 @@
+Description: USB: core: Prevent nested device-reset calls
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2155788
+ https://lore.kernel.org/all/20220913140355.910732567@linuxfoundation.org/
+ https://lore.kernel.org/all/CAB7eexLLApHJwZfMQ=X-PtRhw0BgO+5KcSMS05FNUYejJXqtSA@mail.gmail.com/
+Notes:
+Bugs:
+upstream: released (6.0-rc4) [9c6d778800b921bde3bff3cff5003d1650f942d1]
+5.10-upstream-stable: released (5.10.142) [abe3cfb7a7c8e907b312c7dbd7bf4d142b745aa8]
+4.19-upstream-stable: released (4.19.258) [cc9a12e12808af178c600cc485338bac2e37d2a8]
+sid: released (5.19.11-1)
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: released (4.19.260-1)
diff --git a/retired/CVE-2022-4696 b/retired/CVE-2022-4696
new file mode 100644
index 00000000..66252565
--- /dev/null
+++ b/retired/CVE-2022-4696
@@ -0,0 +1,15 @@
+Description: io_uring: add missing item types for splice request
+References:
+ https://kernel.dance/#75454b4bbfc7e6a4dd8338556f36ea9107ddf61a
+Notes:
+ carnil> No upstream commit exists for this issue. Denote the commit
+ carnil> wich removes any grabbing of context as the fixing commit for
+ carnil> upstream, which is 44526bedc2ff ("io_uring: remove any grabbing
+ carnil> of context").
+Bugs:
+upstream: released (5.12-rc1) [44526bedc2ff8fcd58552e3c5bae928524b6f13c]
+5.10-upstream-stable: released (5.10.160) [75454b4bbfc7e6a4dd8338556f36ea9107ddf61a]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.162-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-4744 b/retired/CVE-2022-4744
new file mode 100644
index 00000000..31253572
--- /dev/null
+++ b/retired/CVE-2022-4744
@@ -0,0 +1,12 @@
+Description: tun: avoid double free in tun_free_netdev
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2156322
+Notes:
+Bugs:
+upstream: released (5.16-rc7) [158b515f703e75e7d68289bf4d98c664e1d632df]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.136) [a01a4e9f5dc93335c716fa4023b1901956e8c904]
+4.19-upstream-stable: released (4.19.280) [8eb43d635950e27c29f1e9e49a23b31637f37757]
+sid: released (5.15.15-1)
+5.10-bullseye-security: released (5.10.136-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2022-47929 b/retired/CVE-2022-47929
new file mode 100644
index 00000000..d2815c04
--- /dev/null
+++ b/retired/CVE-2022-47929
@@ -0,0 +1,11 @@
+Description: net: sched: disallow noqueue for qdisc classes
+References:
+ https://www.spinics.net/lists/netdev/msg555705.html
+Notes:
+Bugs:
+upstream: released (6.2-rc4) [96398560f26aa07e8f2969d73c8197e6a6d10407]
+5.10-upstream-stable: released (5.10.163) [9f7bc28a6b8afc2274e25650511555e93f45470f]
+4.19-upstream-stable: released (4.19.270) [0195d5ad539382a83e1bfaab51b93b8685f0b7c7]
+sid: released (6.1.7-1)
+5.10-bullseye-security: released (5.10.162-1) [bugfix/all/net-sched-disallow-noqueue-for-qdisc-classes.patch]
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2022-47938 b/retired/CVE-2022-47938
new file mode 100644
index 00000000..fa20d8b3
--- /dev/null
+++ b/retired/CVE-2022-47938
@@ -0,0 +1,11 @@
+Description: ksmbd: prevent out of bound read for SMB2_TREE_CONNNECT
+References:
+ https://www.zerodayinitiative.com/advisories/ZDI-CAN-17818/
+Notes:
+Bugs:
+upstream: released (6.0-rc1) [824d4f64c20093275f72fc8101394d75ff6a249e]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.19.6-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-47939 b/retired/CVE-2022-47939
new file mode 100644
index 00000000..b7c2c11c
--- /dev/null
+++ b/retired/CVE-2022-47939
@@ -0,0 +1,11 @@
+Description: ksmbd: fix use-after-free bug in smb2_tree_disconect
+References:
+ https://www.zerodayinitiative.com/advisories/ZDI-CAN-17816
+Notes:
+Bugs:
+upstream: released (6.0-rc1) [cf6531d98190fa2cf92a6d8bbc8af0a4740a223c]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.19.6-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-47940 b/retired/CVE-2022-47940
new file mode 100644
index 00000000..0a5423d1
--- /dev/null
+++ b/retired/CVE-2022-47940
@@ -0,0 +1,10 @@
+Description: ksmbd: validate length in smb2_write()
+References:
+Notes:
+Bugs:
+upstream: released (5.19-rc1) [158a66b245739e15858de42c0ba60fcf3de9b8e6]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.19.6-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-47941 b/retired/CVE-2022-47941
new file mode 100644
index 00000000..f05d1da3
--- /dev/null
+++ b/retired/CVE-2022-47941
@@ -0,0 +1,11 @@
+Description: ksmbd: fix memory leak in smb2_handle_negotiate
+References:
+ https://www.zerodayinitiative.com/advisories/ZDI-CAN-17815/
+Notes:
+Bugs:
+upstream: released (6.0-rc1) [aa7253c2393f6dcd6a1468b0792f6da76edad917]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.19.6-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-47942 b/retired/CVE-2022-47942
new file mode 100644
index 00000000..34b66461
--- /dev/null
+++ b/retired/CVE-2022-47942
@@ -0,0 +1,11 @@
+Description: ksmbd: fix heap-based overflow in set_ntacl_dacl()
+References:
+ https://www.zerodayinitiative.com/advisories/ZDI-CAN-17771/
+Notes:
+Bugs:
+upstream: released (6.0-rc1) [8f0541186e9ad1b62accc9519cc2b7a7240272a7]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.19.6-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-47943 b/retired/CVE-2022-47943
new file mode 100644
index 00000000..07d52e88
--- /dev/null
+++ b/retired/CVE-2022-47943
@@ -0,0 +1,10 @@
+Description: ksmbd: prevent out of bound read for SMB2_WRITE
+References:
+Notes:
+Bugs:
+upstream: released (6.0-rc1) [ac60778b87e45576d7bfdbd6f53df902654e6f09]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.19.6-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-47946 b/retired/CVE-2022-47946
new file mode 100644
index 00000000..053416f2
--- /dev/null
+++ b/retired/CVE-2022-47946
@@ -0,0 +1,11 @@
+Description: io_uring: kill goto error handling in io_sqpoll_wait_sq()
+References:
+ https://www.openwall.com/lists/oss-security/2022/12/22/2
+Notes:
+Bugs:
+upstream: released (5.12-rc2) [70aacfe66136809d7f080f89c492c278298719f4]
+5.10-upstream-stable: released (5.10.155) [0f544353fec8e717d37724d95b92538e1de79e86]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.158-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-4842 b/retired/CVE-2022-4842
new file mode 100644
index 00000000..7e94b826
--- /dev/null
+++ b/retired/CVE-2022-4842
@@ -0,0 +1,15 @@
+Description: fs/ntfs3: Fix attr_punch_hole() null pointer derenference
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2156927
+ https://lore.kernel.org/ntfs3/784f82c4-de71-b8c3-afd6-468869a369af@paragon-software.com/T/#t
+Notes:
+ carnil> Marked sid as needed to track the source level fix. NTFS3
+ carnil> driver is not enabled in Debian builds.
+ carnil> For 6.1.y fixed as well in 6.1.8.
+Bugs:
+upstream: released (6.2-rc1) [6d5c9e79b726cc473d40e9cb60976dbe8e669624]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.1.8-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-48423 b/retired/CVE-2022-48423
new file mode 100644
index 00000000..f27eb151
--- /dev/null
+++ b/retired/CVE-2022-48423
@@ -0,0 +1,11 @@
+Description: fs/ntfs3: Validate resident attribute name
+References:
+Notes:
+Bugs:
+upstream: released (6.2-rc1) [54e45702b648b7c0000e90b3e9b890e367e16ea8]
+6.1-upstream-stable: released (6.1.3) [2f041a19f4eb72bcc851f9e3a15f3cfd1ae1addf]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.1.4-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-48424 b/retired/CVE-2022-48424
new file mode 100644
index 00000000..905a1cdf
--- /dev/null
+++ b/retired/CVE-2022-48424
@@ -0,0 +1,11 @@
+Description: fs/ntfs3: Validate attribute name offset
+References:
+Notes:
+Bugs:
+upstream: released (6.2-rc1) [4f1dc7d9756e66f3f876839ea174df2e656b7f79]
+6.1-upstream-stable: released (6.1.3) [b343c40bb7ff9095430c3f31468a59f8a760dabd]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.1.4-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-48425 b/retired/CVE-2022-48425
new file mode 100644
index 00000000..83f943be
--- /dev/null
+++ b/retired/CVE-2022-48425
@@ -0,0 +1,13 @@
+Description: fs/ntfs3: Validate MFT flags before replaying logs
+References:
+ https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/fs/ntfs3?id=467333af2f7b95eeaa61a5b5369a80063cd971fd
+Notes:
+Bugs:
+upstream: released (6.4-rc1) [98bea253aa28ad8be2ce565a9ca21beb4a9419e5]
+6.1-upstream-stable: released (6.1.33) [a8eaa9a06addbd9cb0238cb1c729921ecbb6504c]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-48502 b/retired/CVE-2022-48502
new file mode 100644
index 00000000..09846e6d
--- /dev/null
+++ b/retired/CVE-2022-48502
@@ -0,0 +1,14 @@
+Description: fs/ntfs3: Check fields while reading
+References:
+ https://syzkaller.appspot.com/bug?extid=8778f030156c6cd16d72
+Notes:
+ carnil> NTFS3 driver not enabled in Debian.
+Bugs:
+upstream: released (6.2-rc1) [0e8235d28f3a0e9eda9f02ff67ee566d5f42b66b]
+6.1-upstream-stable: released (6.1.40) [000a9a72efa4a9df289bab9c9e8ba1639c72e0d6]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-48619 b/retired/CVE-2022-48619
new file mode 100644
index 00000000..b413e514
--- /dev/null
+++ b/retired/CVE-2022-48619
@@ -0,0 +1,12 @@
+Description: Input: add bounds checking to input_set_capability()
+References:
+Notes:
+Bugs:
+upstream: released (5.18-rc1) [409353cbe9fe48f6bc196114c442b1cff05a39bc]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.118) [d5e88c2d76efa9d7bb7ceffaec60fe6c76c748d7]
+4.19-upstream-stable: released (4.19.245) [01d41d7e7fc7eef99ae5b1065d9186f91ff099e7]
+sid: released (5.17.11-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.120-1)
+4.19-buster-security: released (4.19.249-1)
diff --git a/retired/CVE-2022-48626 b/retired/CVE-2022-48626
new file mode 100644
index 00000000..ca1c47f1
--- /dev/null
+++ b/retired/CVE-2022-48626
@@ -0,0 +1,14 @@
+Description: moxart: fix potential use-after-free on remove path
+References:
+Notes:
+Bugs:
+upstream: released (5.17-rc4) [bd2db32e7c3e35bd4d9b8bbff689434a50893546]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.100) [be93028d306dac9f5b59ebebd9ec7abcfc69c156]
+4.19-upstream-stable: released (4.19.229) [9c25d5ff1856b91bd4365e813f566cb59aaa9552]
+sid: released (5.16.10-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.232-1)
diff --git a/retired/CVE-2022-48629 b/retired/CVE-2022-48629
new file mode 100644
index 00000000..d4d13174
--- /dev/null
+++ b/retired/CVE-2022-48629
@@ -0,0 +1,16 @@
+Description: crypto: qcom-rng - ensure buffer for generate is completely filled
+References:
+Notes:
+ carnil> Introduced in ceec5f5b5988 ("crypto: qcom-rng - Add Qcom prng driver").
+ carnil> Vulnerable versions: 4.19-rc1.
+Bugs:
+upstream: released (5.17) [a680b1832ced3b5fa7c93484248fd221ea0d614b]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.108) [0f9b7b8df17525e464294c916acc8194ce38446b]
+4.19-upstream-stable: released (4.19.236) [a8e32bbb96c25b7ab29b1894dcd45e0b3b08fd9d]
+sid: released (5.16.18-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.113-1)
+4.19-buster-security: released (4.19.249-1)
diff --git a/retired/CVE-2022-48630 b/retired/CVE-2022-48630
new file mode 100644
index 00000000..2f5b8f29
--- /dev/null
+++ b/retired/CVE-2022-48630
@@ -0,0 +1,17 @@
+Description: crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ
+References:
+Notes:
+ carnil> Introduced in a680b1832ced ("crypto: qcom-rng - ensure buffer for generate is
+ carnil> completely filled"). Vulnerable versions: 4.19.236 5.4.187 5.10.108 5.15.31
+ carnil> 5.16.17 5.17.
+Bugs:
+upstream: released (5.18) [16287397ec5c08aa58db6acf7dbc55470d78087d]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.118) [233a3cc60e7a8fe0be8cf9934ae7b67ba25a866c]
+4.19-upstream-stable: released (4.19.245) [71a89789552b7faf3ef27969b9bc783fa0df3550]
+sid: released (5.17.11-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.120-1)
+4.19-buster-security: released (4.19.249-1)
diff --git a/retired/CVE-2023-0045 b/retired/CVE-2023-0045
new file mode 100644
index 00000000..c6b3025b
--- /dev/null
+++ b/retired/CVE-2023-0045
@@ -0,0 +1,13 @@
+Description: Bypassing Spectre-BTI User Space Mitigations
+References:
+ https://www.openwall.com/lists/oss-security/2023/02/03/1
+ https://github.com/google/security-research/security/advisories/GHSA-9x5g-vmxf-4qj8#event-88245
+ https://github.com/es0j/CVE-2023-0045
+Notes:
+Bugs:
+upstream: released (6.2-rc3) [a664ec9158eeddd75121d39c9a0758016097fa96]
+5.10-upstream-stable: released (5.10.163) [67e39c4f4cb318cfbbf8982ab016c649ed97edaf]
+4.19-upstream-stable: released (4.19.270) [940ede60d74d2fc7291b96cb38072d705333c8e0]
+sid: released (6.1.7-1)
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2023-0122 b/retired/CVE-2023-0122
new file mode 100644
index 00000000..8c5cb086
--- /dev/null
+++ b/retired/CVE-2023-0122
@@ -0,0 +1,17 @@
+Description: NVME driver: null pointer dereference in drivers/nvme/target/auth.c
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2157927
+ https://lore.kernel.org/linux-nvme/20220823161255.GA21462@lst.de/T/#t
+ https://lore.kernel.org/linux-nvme/20220831045908.GC18042@lst.de/T/#u
+ https://www.openwall.com/lists/oss-security/2023/01/12/1
+Notes:
+ carnil> Issue introduced in 6.0-rc1 with db1312dd9548 ("nvmet:
+ carnil> implement basic In-Band Authentication"). In Debian
+ carnil> NVME_TARGET_AUTH is not set.
+Bugs:
+upstream: released (6.0-rc4) [da0342a3aa0357795224e6283df86444e1117168]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-0179 b/retired/CVE-2023-0179
new file mode 100644
index 00000000..62ec3709
--- /dev/null
+++ b/retired/CVE-2023-0179
@@ -0,0 +1,16 @@
+Description: netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits
+References:
+ https://www.openwall.com/lists/oss-security/2023/01/13/2
+ https://www.openwall.com/lists/oss-security/2023/01/13/4
+ https://groups.google.com/g/syzkaller/c/YRNDJBsJn_s?pli=1
+ https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230111212251.193032-4-pablo@netfilter.org/
+ https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git/commit/?id=696e1a48b1a1b01edad542a1ef293665864a4dd0
+Notes:
+ carnil> Fixed as well in 6.1.7 for 6.1.y.
+Bugs:
+upstream: released (6.2-rc5) [696e1a48b1a1b01edad542a1ef293665864a4dd0]
+5.10-upstream-stable: released (5.10.164) [550efeff989b041f3746118c0ddd863c39ddc1aa]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.1.7-1)
+5.10-bullseye-security: released (5.10.162-1) [bugfix/all/netfilter-nft_payload-incorrect-arithmetics-when-fet.patch]
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-0210 b/retired/CVE-2023-0210
new file mode 100644
index 00000000..9a7c46f4
--- /dev/null
+++ b/retired/CVE-2023-0210
@@ -0,0 +1,12 @@
+Description: ksmbd: check nt_len to be at least CIFS_ENCPWD_SIZE in ksmbd_decode_ntlmssp_auth_blob
+References:
+ https://www.openwall.com/lists/oss-security/2023/01/04/1
+Notes:
+ carnil> For 6.1.y fixed in 6.1.5.
+Bugs:
+upstream: released (6.2-rc4) [797805d81baa814f76cf7bdab35f86408a79d707]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.1.7-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-0240 b/retired/CVE-2023-0240
new file mode 100644
index 00000000..5238ce90
--- /dev/null
+++ b/retired/CVE-2023-0240
@@ -0,0 +1,16 @@
+Description:
+References:
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/io_uring?h=linux-5.10.y&id=788d0824269bef539fe31a785b1517882eafed93
+ https://kernel.dance/#788d0824269bef539fe31a785b1517882eafed93
+Notes:
+ carnil> Introduced with 1e6fa5216a0e ("io_uring: COW io_identity on
+ carnil> mismatch") in 5.10-rc1. For mainline and other branches
+ carnil> consider the commit removing io_identity as the final one
+ carnil> fixing the issue.
+Bugs:
+upstream: released (5.12-rc1) [4379bf8bd70b5de6bba7d53015b0c36c57a634ee]
+5.10-upstream-stable: released (5.10.162)
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.162-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-0266 b/retired/CVE-2023-0266
new file mode 100644
index 00000000..781c046c
--- /dev/null
+++ b/retired/CVE-2023-0266
@@ -0,0 +1,13 @@
+Description: ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
+References:
+Notes:
+ carnil> Commit fixes 1fa4445f9adf ("ALSA: control - introduce
+ carnil> snd_ctl_notify_one() helper") in 5.13-rc1.
+ carnil> Fixed as well in 6.1.6 for 6.1.y.
+Bugs:
+upstream: released (6.2-rc4) [56b88b50565cd8b946a2d00b0c83927b7ebb055e]
+5.10-upstream-stable: released (5.10.163) [df02234e6b87d2a9a82acd3198e44bdeff8488c6]
+4.19-upstream-stable: released (4.19.270) [5b2ea7e91352165054c5b3f8e5442cd31c3e73f9]
+sid: released (6.1.7-1)
+5.10-bullseye-security: released (5.10.162-1) [bugfix/all/ALSA-pcm-Move-rwsem-lock-inside-snd_ctl_elem_read-to.patch]
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2023-0394 b/retired/CVE-2023-0394
new file mode 100644
index 00000000..cd3a3f6f
--- /dev/null
+++ b/retired/CVE-2023-0394
@@ -0,0 +1,11 @@
+Description: ipv6: raw: Deduct extension header length in rawv6_push_pending_frames
+References:
+ https://www.openwall.com/lists/oss-security/2023/01/18/2
+Notes:
+Bugs:
+upstream: released (6.2-rc4) [cb3e9864cdbe35ff6378966660edbcbac955fe17]
+5.10-upstream-stable: released (5.10.164) [6c9e2c11c33c35563d34d12b343d43b5c12200b5]
+4.19-upstream-stable: released (4.19.270) [f487d636e49bc1fdfbd8105bc1ab159164e2d8bd]
+sid: released (6.1.7-1)
+5.10-bullseye-security: released (5.10.162-1) [bugfix/all/ipv6-raw-Deduct-extension-header-length-in-rawv6_pus.patch]
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2023-0458 b/retired/CVE-2023-0458
new file mode 100644
index 00000000..4bb8cebe
--- /dev/null
+++ b/retired/CVE-2023-0458
@@ -0,0 +1,13 @@
+Description: Half Spectre-v1 Gadget prlimit
+References:
+ https://github.com/google/security-research/security/advisories/GHSA-m7j5-797w-vmrh
+ https://kernel.dance/#739790605705ddcf18f21782b9c99ad7d53a8c11
+Notes:
+Bugs:
+upstream: released (6.2-rc5) [739790605705ddcf18f21782b9c99ad7d53a8c11]
+6.1-upstream-stable: released (6.1.8) [91185568c99d60534bacf38439846103962d1e2c]
+5.10-upstream-stable: released (5.10.165) [9f8e45720e0e7edb661d0082422f662ed243d8d8]
+4.19-upstream-stable: released (4.19.271) [d3ee91e50a6b3c5a45398e3dcb912a8a264f575c]
+sid: released (6.1.8-1)
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2023-0459 b/retired/CVE-2023-0459
new file mode 100644
index 00000000..b1c3efba
--- /dev/null
+++ b/retired/CVE-2023-0459
@@ -0,0 +1,13 @@
+Description: Spectre-v1 Usercopy Hardening
+References:
+ https://github.com/google/security-research/security/advisories/GHSA-m7j5-797w-vmrh
+ https://kernel.dance/#74e19ef0ff8061ef55957c3abd71614ef0f42f47
+Notes:
+Bugs:
+upstream: released (6.3-rc1) [74e19ef0ff8061ef55957c3abd71614ef0f42f47]
+6.1-upstream-stable: released (6.1.14) [684db631a15779c8f3b2235d507efdfe6bb10278]
+5.10-upstream-stable: released (5.10.170) [3b6ce54cfa2c04f0636fd0c985913af8703b408d]
+4.19-upstream-stable: released (4.19.274) [f8e54da1c729cc23d9a7b7bd42379323e7fb7979]
+sid: released (6.1.15-1)
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2023-0461 b/retired/CVE-2023-0461
new file mode 100644
index 00000000..30550f71
--- /dev/null
+++ b/retired/CVE-2023-0461
@@ -0,0 +1,17 @@
+Description: net/ulp: prevent ULP without clone op from entering the LISTEN status
+References:
+ https://ubuntu.com/security/CVE-2023-0461
+ https://kernel.dance/#2c02d41d71f90a5168391b6a5f2954112ba2307c
+Notes:
+ carnil> To reach the vulnerability it is said that the kernel needs to
+ carnil> be configured with CONFIG_TLS or CONFIG_XFRM_ESPINTCP. While
+ carnil> code present the issue should not be exploitable for privilege
+ carnil> escalation in bullseye and earlier.
+Bugs:
+upstream: released (6.2-rc3) [2c02d41d71f90a5168391b6a5f2954112ba2307c]
+6.1-upstream-stable: released (6.1.5) [7d242f4a0c8319821548c7176c09a6e0e71f223c]
+5.10-upstream-stable: released (5.10.163) [f8ed0a93b5d576bbaf01639ad816473bdfd1dcb0]
+4.19-upstream-stable: released (4.19.270) [755193f2523ce5157c2f844a4b6d16b95593f830]
+sid: released (6.1.7-1)
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2023-0468 b/retired/CVE-2023-0468
new file mode 100644
index 00000000..15b45b2d
--- /dev/null
+++ b/retired/CVE-2023-0468
@@ -0,0 +1,16 @@
+Description: use-after-free in io_uring poll events due to race condition
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2164024
+Notes:
+ carnil> As 5.10.y got a rebase to the io_uring code base for 5.15.y
+ carnil> 5.10.y needs to be checked explicitly. The issue was fixed as
+ carnil> well in 5.15.82.
+ bwh> The io_uring update in 5.10.162 is based on 5.15.85, so this issue
+ bwh> was never present in 5.10.y.
+Bugs:
+upstream: released (6.1-rc7) [12ad3d2d6c5b0131a6052de91360849e3e154846, a26a35e9019fd70bf3cf647dcfdae87abc7bacea]
+5.10-upstream-stable: N/A "Vulnerability never present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.12-1)
+5.10-bullseye-security: N/A "Vulnerability never present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-0469 b/retired/CVE-2023-0469
new file mode 100644
index 00000000..c0de76c8
--- /dev/null
+++ b/retired/CVE-2023-0469
@@ -0,0 +1,11 @@
+Description: io_uring/filetable: fix file reference underflow
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2163723
+Notes:
+Bugs:
+upstream: released (6.1-rc7) [9d94c04c0db024922e886c9fd429659f22f48ea4]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.12-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-0590 b/retired/CVE-2023-0590
new file mode 100644
index 00000000..7aed61a1
--- /dev/null
+++ b/retired/CVE-2023-0590
@@ -0,0 +1,14 @@
+Description: net: sched: fix race condition in qdisc_graft()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2165741
+ https://lore.kernel.org/all/20221018203258.2793282-1-edumazet@google.com/
+Notes:
+Bugs:
+upstream: released (6.1-rc2) [ebda44da44f6f309d302522b049f43d6f829f7aa]
+6.1-upstream-stable: N/A "Fixed before branch point"
+5.10-upstream-stable: released (5.10.152) [7aa3d623c11b9ab60f86b7833666e5d55bac4be9]
+4.19-upstream-stable: released (4.19.300) [f782929b90b5ac88d4445c853949d9efa6db6bae]
+sid: released (6.0.6-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.158-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-0615 b/retired/CVE-2023-0615
new file mode 100644
index 00000000..91ceb465
--- /dev/null
+++ b/retired/CVE-2023-0615
@@ -0,0 +1,26 @@
+Description: multiple issues for the Video for Linux version 2 test driver
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2166287
+ https://bugzilla.redhat.com/show_bug.cgi?id=2166287#c7
+Notes:
+ carnil> According to the Red Hat Bugzilla #c7 reference, they should be
+ carnil> fixed all in the latest upstream vivid code. Debian builds
+ carnil> VIDEO_VIVID as module.
+Bugs:
+ bwh> The issues mentioned are (1) memory leak (2) divide by zero
+ bwh> (3) integer overflow and were already fixed by 2023-02-01.
+ bwh> So I think (1) was fixed by 1f65ea411cc7 "media: vivid:
+ bwh> dev->bitmap_cap wasn't freed in all cases" and (3) was fixed
+ bwh> by f8bcaf714abf "media: vivid: s_fbuf: add more sanity checks".
+ bwh> By process of elimination, I think (2) must have been fixed by
+ bwh> 69d78a80da4e "media: vivid: set num_in/outputs to 0 if not
+ bwh> supported" although I didn't see a specific code flow that
+ bwh> would lead to division by zero.
+upstream: released (6.1-rc3) [1f65ea411cc7b6ff128d82a3493d7b5648054e6f, 69d78a80da4ef12faf2a6f9cfa2097ab4ac43983, f8bcaf714abfc94818dff8c0db84d750433984f4]
+6.1-upstream-stable: N/A "Fixed before branch point"
+5.10-upstream-stable: released (5.10.153) [147b8f1892aaa474f912ac75babfd316ee0de672, 905f05c0ab1950e6f24611b2ea69625f154392d5, 1cf51d51581c1e0a876623e0a89d10029fc8cdc4]
+4.19-upstream-stable: released (4.19.264) [29385e601f3420cfe46550271714b6685719eb33, c106967b34725dfb1c76a914b6c2e2773936323f]
+sid: released (6.1.4-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.158-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2023-1032 b/retired/CVE-2023-1032
new file mode 100644
index 00000000..477d1505
--- /dev/null
+++ b/retired/CVE-2023-1032
@@ -0,0 +1,14 @@
+Description: net: avoid double iput when sock_alloc_file fails
+References:
+ https://www.openwall.com/lists/oss-security/2023/03/13/2
+Notes:
+ carnil> Commit fixes da214a475f8b ("net: add __sys_socket_file()") in
+ carnil> 5.19-rc1.
+Bugs:
+upstream: released (6.3-rc2) [649c15c7691e9b13cbe9bf6c65c365350e056067]
+6.1-upstream-stable: released (6.1.16) [7c7570791b15c3b78e3229ae97825e7eb869c7da]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.1.20-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-1073 b/retired/CVE-2023-1073
new file mode 100644
index 00000000..fe2f782e
--- /dev/null
+++ b/retired/CVE-2023-1073
@@ -0,0 +1,14 @@
+Description: HID: check empty report_list in hid_validate_values()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2173403
+ https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=b12fece4c64857e5fab4290bf01b2e0317a88456
+ https://www.openwall.com/lists/oss-security/2023/01/17/3
+Notes:
+Bugs:
+upstream: released (6.2-rc5) [b12fece4c64857e5fab4290bf01b2e0317a88456]
+6.1-upstream-stable: released (6.1.9) [cdcdc0531a51659527fea4b4d064af343452062d]
+5.10-upstream-stable: released (5.10.166) [5dc3469a1170dd1344d262a332b26994214eeb58]
+4.19-upstream-stable: released (4.19.272) [f958da03d9a71808548b2e5418d95482b106eb9a]
+sid: released (6.1.11-1)
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2023-1074 b/retired/CVE-2023-1074
new file mode 100644
index 00000000..58fbd6c2
--- /dev/null
+++ b/retired/CVE-2023-1074
@@ -0,0 +1,14 @@
+Description: sctp: fail if no bound addresses can be used for a given scope
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2173430
+ https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=458e279f861d3f61796894cd158b780765a1569f
+ https://www.openwall.com/lists/oss-security/2023/01/23/1
+Notes:
+Bugs:
+upstream: released (6.2-rc6) [458e279f861d3f61796894cd158b780765a1569f]
+6.1-upstream-stable: released (6.1.9) [9f08bb650078dca24a13fea1c375358ed6292df3]
+5.10-upstream-stable: released (5.10.166) [6ef652f35dcfaa1ab2b2cf6c1694718595148eee]
+4.19-upstream-stable: released (4.19.272) [26436553aabfd9b40e1daa537a099bf5bb13fb55]
+sid: released (6.1.11-1)
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2023-1077 b/retired/CVE-2023-1077
new file mode 100644
index 00000000..f5f58621
--- /dev/null
+++ b/retired/CVE-2023-1077
@@ -0,0 +1,15 @@
+Description: sched/rt: pick_next_rt_entity(): check list_entry
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2173436
+ https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=7c4a5b89a0b5a57a64b601775b296abf77a9fe97
+Notes:
+ carnil> Commit fixes 326587b84078 ("sched: fix goto retry in pick_next_task_rt()")
+Bugs:
+upstream: released (6.3-rc1) [7c4a5b89a0b5a57a64b601775b296abf77a9fe97]
+6.1-upstream-stable: released (6.1.16) [6b4fcc4e8a3016e85766c161daf0732fca16c3a3]
+5.10-upstream-stable: released (5.10.173) [80a1751730b302d8ab63a084b2fa52c820ad0273]
+4.19-upstream-stable: released (4.19.293) [84d90fb72a053c034b018fcc3cfaa6f606faf1c6]
+sid: released (6.1.20-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-1078 b/retired/CVE-2023-1078
new file mode 100644
index 00000000..c39b5874
--- /dev/null
+++ b/retired/CVE-2023-1078
@@ -0,0 +1,12 @@
+Description: rds: rds_rm_zerocopy_callback() use list_first_entry()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2173440
+Notes:
+Bugs:
+upstream: released (6.2-rc8) [f753a68980cf4b59a80fe677619da2b1804f526d]
+6.1-upstream-stable: released (6.1.12) [1d52bbfd469af69fbcae88c67f160ce1b968e7f3]
+5.10-upstream-stable: released (5.10.168) [c53f34ec3fbf3e9f67574118a6bb35ae1146f7ca]
+4.19-upstream-stable: released (4.19.273) [909d5eef5ce792bb76d7b5a9b7a6852b813d8cac]
+sid: released (6.1.12-1)
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2023-1079 b/retired/CVE-2023-1079
new file mode 100644
index 00000000..8bc46cb9
--- /dev/null
+++ b/retired/CVE-2023-1079
@@ -0,0 +1,12 @@
+Description: Use-After-Free in asus_kbd_backlight_set()
+References:
+ https://www.openwall.com/lists/oss-security/2023/03/01/4
+Notes:
+Bugs:
+upstream: released (6.3-rc1) [4ab3a086d10eeec1424f2e8a968827a6336203df]
+6.1-upstream-stable: released (6.1.16) [ee907829b36949c452c6f89485cb2a58e97c048e]
+5.10-upstream-stable: released (5.10.173) [21a2eec4a440060a6eb294dc890eaf553101ba09]
+4.19-upstream-stable: released (4.19.276) [74b78391a9b6f67de90b13f5a85e329e3b3f5a72]
+sid: released (6.1.20-1)
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2023-1095 b/retired/CVE-2023-1095
new file mode 100644
index 00000000..5a07c3af
--- /dev/null
+++ b/retired/CVE-2023-1095
@@ -0,0 +1,12 @@
+Description: netfilter: nf_tables: fix null deref due to zeroed list head
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2173973
+Notes:
+Bugs:
+upstream: released (6.0-rc1) [580077855a40741cf511766129702d97ff02f4d9]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.137) [80977126bc20309f7f7bae6d8621356b393e8b41]
+4.19-upstream-stable: released (4.19.256) [d3f409c375490a86d342eae1d0f6271d12dc19d0]
+sid: released (5.19.6-1)
+5.10-bullseye-security: released (5.10.140-1)
+4.19-buster-security: released (4.19.260-1)
diff --git a/retired/CVE-2023-1118 b/retired/CVE-2023-1118
new file mode 100644
index 00000000..76351f30
--- /dev/null
+++ b/retired/CVE-2023-1118
@@ -0,0 +1,12 @@
+Description: media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2174400
+Notes:
+Bugs:
+upstream: released (6.3-rc1) [29b0589a865b6f66d141d79b2dd1373e4e50fe17]
+6.1-upstream-stable: released (6.1.16) [029c1410e345ce579db5c007276340d072aac54a]
+5.10-upstream-stable: released (5.10.173) [78da5a378bdacd5bf68c3a6389bdc1dd0c0f5b3c]
+4.19-upstream-stable: released (4.19.276) [52bde2754d76fc97390f097fba763413607f157a]
+sid: released (6.1.20-1)
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2023-1193 b/retired/CVE-2023-1193
new file mode 100644
index 00000000..af419ca5
--- /dev/null
+++ b/retired/CVE-2023-1193
@@ -0,0 +1,13 @@
+Description: use-after-free in setup_async_work()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2154177
+Notes:
+Bugs:
+upstream: released (6.3-rc6) [3a9b557f44ea8f216aab515a7db20e23f0eb51b9]
+6.1-upstream-stable: released (6.1.71) [8d271ef5e5cac8a470076891b248a28a2c57fb1e]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-1194 b/retired/CVE-2023-1194
new file mode 100644
index 00000000..780106ff
--- /dev/null
+++ b/retired/CVE-2023-1194
@@ -0,0 +1,13 @@
+Description: use-after-free in parse_lease_state()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2154176
+Notes:
+Bugs:
+upstream: released (6.4-rc6) [fc6c6a3c324c1b3e93a03d0cfa3749c781f23de0]
+6.1-upstream-stable: released (6.1.34) [8f2984233c87a1d08f4c45f077130590c7a2c991]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.3.11-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-1195 b/retired/CVE-2023-1195
new file mode 100644
index 00000000..36b1bf77
--- /dev/null
+++ b/retired/CVE-2023-1195
@@ -0,0 +1,15 @@
+Description: cifs: fix use-after-free caused by invalid pointer `hostname`
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2154171
+Notes:
+ carnil> Commit fixes 7be3248f3139 ("cifs: To match file servers, make
+ carnil> sure the server hostname matches") in 5.16-rc1 (and backported
+ carnil> to 5.15.3, 5.14.19).
+Bugs:
+upstream: released (6.1-rc3) [153695d36ead0ccc4d0256953c751cabf673e621]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.1.4-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-1206 b/retired/CVE-2023-1206
new file mode 100644
index 00000000..c5e076d9
--- /dev/null
+++ b/retired/CVE-2023-1206
@@ -0,0 +1,16 @@
+Description: hash collisions in the IPv6 connection lookup table
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2175903
+ https://bugzilla.suse.com/show_bug.cgi?id=1212703
+Notes:
+ carnil> No public reference found as per 2023-06-28.
+ carnil> Fixed in 6.4.8 for 6.4.y.
+Bugs:
+upstream: released (6.5-rc4) [d11b0df7ddf1831f3e170972f43186dad520bfcc]
+6.1-upstream-stable: released (6.1.43) [51aea7e9d5212adb8a3d198510cfcde4125988f9]
+5.10-upstream-stable: released (5.10.190) [0cd74fbd3b8327e60525e1ec4a6c28895693909f]
+4.19-upstream-stable: released (4.19.291) [8fa0dea2fc96f192d81a12434e48deda2e556320]
+sid: released (6.4.11-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-1252 b/retired/CVE-2023-1252
new file mode 100644
index 00000000..8ff9d0e5
--- /dev/null
+++ b/retired/CVE-2023-1252
@@ -0,0 +1,12 @@
+Description: ovl: fix use after free in struct ovl_aio_req
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2176140
+Notes:
+Bugs:
+upstream: released (5.16-rc1) [9a254403760041528bc8f69fe2f5e1ef86950991]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.80) [4fd9f0509a1452b45e89c668e2bab854cb05cd25]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.3-1)
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-1281 b/retired/CVE-2023-1281
new file mode 100644
index 00000000..6de1ded4
--- /dev/null
+++ b/retired/CVE-2023-1281
@@ -0,0 +1,17 @@
+Description: net/sched: tcindex: update imperfect hash filters respecting rcu
+References:
+ https://kernel.dance/#ee059170b1f7e94e55fa6cadee544e176a6e59c2
+ https://www.openwall.com/lists/oss-security/2023/04/11/3
+Notes:
+ carnil> Commit fixes 9b0d4446b569 ("net: sched: avoid atomic swap in
+ carnil> tcf_exts_change") in 4.14-rc1.
+ bwh> For 4.19, this was fixed along with CVE-2023-1829 by removing
+ bwh> tcindex.
+Bugs:
+upstream: released (6.2) [ee059170b1f7e94e55fa6cadee544e176a6e59c2]
+6.1-upstream-stable: released (6.1.13) [bd662ba56187b5ef8a62a3511371cd38299a507f]
+5.10-upstream-stable: released (5.10.169) [eb8e9d8572d1d9df17272783ad8a84843ce559d4]
+4.19-upstream-stable: released (4.19.276) [01d0d2b8b4e3cf2110baba9371c0c3d04ad5c77b]
+sid: released (6.1.15-1)
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2023-1295 b/retired/CVE-2023-1295
new file mode 100644
index 00000000..b50fa346
--- /dev/null
+++ b/retired/CVE-2023-1295
@@ -0,0 +1,14 @@
+Description: io_uring: get rid of intermediate IORING_OP_CLOSE stage
+References:
+ https://kernel.dance/#9eac1904d3364254d622bf2c771c4f85cd435fc2
+ https://kernel.dance/#788d0824269bef539fe31a785b1517882eafed93
+Notes:
+Bugs:
+upstream: released (5.12-rc1) [9eac1904d3364254d622bf2c771c4f85cd435fc2]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.162) [788d0824269bef539fe31a785b1517882eafed93]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.162-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-1380 b/retired/CVE-2023-1380
new file mode 100644
index 00000000..b812867c
--- /dev/null
+++ b/retired/CVE-2023-1380
@@ -0,0 +1,14 @@
+Description: wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()
+References:
+ https://www.openwall.com/lists/oss-security/2023/03/13/1
+ https://lore.kernel.org/linux-wireless/20230309104457.22628-1-jisoo.jang@yonsei.ac.kr/T/#u
+Notes:
+Bugs:
+upstream: released (6.4-rc1) [0da40e018fd034d87c9460123fa7f897b69fdee7]
+6.1-upstream-stable: released (6.1.27) [e29661611e6e71027159a3140e818ef3b99f32dd]
+5.10-upstream-stable: released (5.10.180) [549825602e3e6449927ca1ea1a08fd89868439df]
+4.19-upstream-stable: released (4.19.283) [39f9bd880abac6068bedb24a4e16e7bd26bf92da]
+sid: released (6.1.27-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.289-1)
diff --git a/retired/CVE-2023-1382 b/retired/CVE-2023-1382
new file mode 100644
index 00000000..7c86b6c1
--- /dev/null
+++ b/retired/CVE-2023-1382
@@ -0,0 +1,13 @@
+Description: tipc: add an extra conn_get in tipc_conn_alloc
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2177371
+ https://lore.kernel.org/netdev/bc7bd3183f1c275c820690fc65b708238fe9e38e.1668807842.git.lucien.xin@gmail.com/T/#u
+Notes:
+Bugs:
+upstream: released (6.1-rc7) [a7b42969d63f47320853a802efd879fbdc4e010e]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.157) [4058e3b74ab3eabe0835cee9a0c6deda79e8a295]
+4.19-upstream-stable: released (4.19.268) [f46826a6fce33c3549332c3eb1fbf615dc79be18]
+sid: released (6.0.12-1)
+5.10-bullseye-security: released (5.10.158-1)
+4.19-buster-security: released (4.19.269-1)
diff --git a/retired/CVE-2023-1390 b/retired/CVE-2023-1390
new file mode 100644
index 00000000..9bfc2f3e
--- /dev/null
+++ b/retired/CVE-2023-1390
@@ -0,0 +1,12 @@
+Description: tipc: fix NULL deref in tipc_link_xmit()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2178212
+Notes:
+Bugs:
+upstream: released (5.11-rc4) [b77413446408fdd256599daf00d5be72b5f3e7c6]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.10) [60b8b4e6310b7dfc551ba68e8639eeaf70a0b2dd]
+4.19-upstream-stable: released (4.19.170) [4d1d3dddcb3f26000e66cd0a9b8b16f7c2eb41bb]
+sid: released (5.10.12-1)
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.171-1)
diff --git a/retired/CVE-2023-1513 b/retired/CVE-2023-1513
new file mode 100644
index 00000000..62eb729c
--- /dev/null
+++ b/retired/CVE-2023-1513
@@ -0,0 +1,13 @@
+Description: kvm: initialize all of the kvm_debugregs structure before sending it to userspace
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2179892
+ https://lore.kernel.org/kvm/20230214103304.3689213-1-gregkh@linuxfoundation.org/
+Notes:
+Bugs:
+upstream: released (6.2) [2c10b61421a28e95a46ab489fd56c0f442ff6952]
+6.1-upstream-stable: released (6.1.13) [747ca7c8a0c7bce004709143d1cd6596b79b1deb]
+5.10-upstream-stable: released (5.10.169) [6416c2108ba54d569e4c98d3b62ac78cb12e7107]
+4.19-upstream-stable: released (4.19.273) [669c76e55de332fbcbce5b74fccef1b4698a8936]
+sid: released (6.1.15-1)
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2023-1583 b/retired/CVE-2023-1583
new file mode 100644
index 00000000..fbe7229a
--- /dev/null
+++ b/retired/CVE-2023-1583
@@ -0,0 +1,14 @@
+Description: io_uring/rsrc: fix null-ptr-deref in io_file_bitmap_get()
+References:
+ https://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux-block.git/commit/?h=io_uring-6.3&id=761efd55a0227aca3a69deacdaa112fffd44fe37
+Notes:
+ carnil> Commit fixes 4278a0deb1f6 ("io_uring: defer alloc_hint update
+ carnil> to io_file_bitmap_set()") in 5.19-rc1.
+Bugs:
+upstream: released (6.3-rc4) [02a4d923e4400a36d340ea12d8058f69ebf3a383]
+6.1-upstream-stable: released (6.1.22) [7b100a45dc19ffd708f364ba66601efaca1ccf56]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.1.25-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-1611 b/retired/CVE-2023-1611
new file mode 100644
index 00000000..a1f620f3
--- /dev/null
+++ b/retired/CVE-2023-1611
@@ -0,0 +1,19 @@
+Description: btrfs: fix race between quota disable and quota assign ioctls
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2181342
+ https://lore.kernel.org/linux-btrfs/35b9a70650ea947387cf352914a8774b4f7e8a6f.1679481128.git.fdmanana@suse.com/
+Notes:
+ bwh> It looks like this was introduced in 5.17 by commit 232796df8c14
+ bwh> "btrfs: fix deadlock between quota enable and other quota
+ bwh> operations" which was then backported into 5.10.94. This
+ bwh> issue doesn't currently affect 4.19, but will do if that earlier
+ bwh> fix is picked alone.
+Bugs:
+upstream: released (6.3-rc5) [2f1a6be12ab6c8470d5776e68644726c94257c54]
+6.1-upstream-stable: released (6.1.23) [a38ff2024805a30d9b96f52557c6ea0bbc31252a]
+5.10-upstream-stable: released (5.10.177) [5f6347034341bf45056ca1ec3fa72040152ecf83]
+4.19-upstream-stable: N/A "Vulnerability introduced later"
+sid: released (6.1.25-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: N/A "Vulnerability introduced later"
diff --git a/retired/CVE-2023-1637 b/retired/CVE-2023-1637
new file mode 100644
index 00000000..17152bbc
--- /dev/null
+++ b/retired/CVE-2023-1637
@@ -0,0 +1,13 @@
+Description: x86/speculation: Restore speculation related MSRs during S3 resume
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2181891
+ https://sourceware.org/bugzilla/show_bug.cgi?id=27398
+Notes:
+Bugs:
+upstream: released (5.18-rc2) [e2a1256b17b16f9b9adf1b6fea56819e7b68e463]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.111) [fc4bdaed4d4ea4209e65115bd3948a1e4ac51cbb]
+4.19-upstream-stable: released (4.19.238) [edc7b755e8fce10009ac85bb234a035557301bc4]
+sid: released (5.17.3-1)
+5.10-bullseye-security: released (5.10.113-1)
+4.19-buster-security: released (4.19.249-1)
diff --git a/retired/CVE-2023-1652 b/retired/CVE-2023-1652
new file mode 100644
index 00000000..dee217c9
--- /dev/null
+++ b/retired/CVE-2023-1652
@@ -0,0 +1,14 @@
+Description: NFSD: fix use-after-free in nfsd4_ssc_setup_dul()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2182031
+Notes:
+ carnil> Commit fixes f4e44b393389 ("NFSD: delay unmount source's export
+ carnil> after inter-server copy completed.") in 5.14-rc1.
+Bugs:
+upstream: released (6.2-rc5) [e6cf91b7b47ff82b624bdfe2fdcde32bb52e71dd]
+6.1-upstream-stable: released (6.1.9) [32d5eb95f8f0e362e37c393310b13b9e95404560]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.1.11-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-1670 b/retired/CVE-2023-1670
new file mode 100644
index 00000000..edff1c5c
--- /dev/null
+++ b/retired/CVE-2023-1670
@@ -0,0 +1,12 @@
+Description: xirc2ps_cs: Fix use after free bug in xirc2ps_detach
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2182111
+Notes:
+Bugs:
+upstream: released (6.3-rc4) [e8d20c3ded59a092532513c9bd030d1ea66f5f44]
+6.1-upstream-stable: released (6.1.22) [9d882229d365f68f74028252261ab14a8de7faed]
+5.10-upstream-stable: released (5.10.177) [bfeeb3aaad4ee8eaaefe5d9edd9b2ccb5d9b7505]
+4.19-upstream-stable: released (4.19.280) [526660c25d3b93b1232a525b75469048388f0928]
+sid: released (6.1.20-2) [bugfix/x86/xirc2ps_cs-Fix-use-after-free-bug-in-xirc2ps_detach.patch]
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2023-1829 b/retired/CVE-2023-1829
new file mode 100644
index 00000000..402b2125
--- /dev/null
+++ b/retired/CVE-2023-1829
@@ -0,0 +1,13 @@
+Description: net/sched: Retire tcindex classifier
+References:
+ https://www.openwall.com/lists/oss-security/2023/04/11/3
+ https://www.zerodayinitiative.com/advisories/ZDI-23-898/
+Notes:
+Bugs:
+upstream: released (6.3-rc1) [8c710f75256bb3cf05ac7b1672c82b92c43f3d28]
+6.1-upstream-stable: released (6.1.18) [3abebc503a5148072052c229c6b04b329a420ecd]
+5.10-upstream-stable: released (5.10.173) [18c3fa7a7fdbb4d21dafc8a7710ae2c1680930f6]
+4.19-upstream-stable: released (4.19.276) [01d0d2b8b4e3cf2110baba9371c0c3d04ad5c77b]
+sid: released (6.1.20-1)
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2023-1838 b/retired/CVE-2023-1838
new file mode 100644
index 00000000..a9124934
--- /dev/null
+++ b/retired/CVE-2023-1838
@@ -0,0 +1,13 @@
+Description: Fix double fget() in vhost_net_set_backend()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2087568
+ https://lore.kernel.org/netdev/20220516084213.26854-1-jasowang@redhat.com/T/
+Notes:
+Bugs:
+upstream: released (5.18) [fb4554c2232e44d595920f4d5c66cf8f7d13f9bc]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.118) [ec0d801d1a44d9259377142c6218885ecd685e41]
+4.19-upstream-stable: released (4.19.245) [6ca70982c646cc32e458150ee7f2530a24369b8c]
+sid: released (5.17.11-1)
+5.10-bullseye-security: released (5.10.120-1)
+4.19-buster-security: released (4.19.249-1)
diff --git a/retired/CVE-2023-1855 b/retired/CVE-2023-1855
new file mode 100644
index 00000000..31824f42
--- /dev/null
+++ b/retired/CVE-2023-1855
@@ -0,0 +1,13 @@
+Description: Fix use after free bug in xgene_hwmon_remove due to race condition
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2184578
+ https://lore.kernel.org/all/20230318122758.2140868-1-linux@roeck-us.net/
+Notes:
+Bugs:
+upstream: released (6.3-rc3) [cb090e64cf25602b9adaf32d5dfc9c8bec493cd1]
+6.1-upstream-stable: released (6.1.21) [b2ae1f15cd6fe0cb36e432a179ae7d479ae2e6e0]
+5.10-upstream-stable: released (5.10.176) [0a73c8b3cc99d214dff83c51805c844240c4f749]
+4.19-upstream-stable: released (4.19.279) e0a37b43cd732038e37b4e7f6c6c0658fe0b6d73]
+sid: released (6.1.20-2) [bugfix/arm64/hwmon-xgene-Fix-use-after-free-bug-in-xgene_hwmon_re.patch]
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2023-1859 b/retired/CVE-2023-1859
new file mode 100644
index 00000000..388e2619
--- /dev/null
+++ b/retired/CVE-2023-1859
@@ -0,0 +1,13 @@
+Description: 9p/xen: Fix use after free bug in xen_9pfs_front_remove due to race condition
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2184395
+ https://lore.kernel.org/all/20230313090002.3308025-1-zyytlz.wz@163.com/
+Notes:
+Bugs:
+upstream: released (6.3-rc7) [ea4f1009408efb4989a0f139b70fb338e7f687d0]
+6.1-upstream-stable: released (6.1.25) [c4002b9d5e837f152a40d1333c56ccb84975147b]
+5.10-upstream-stable: released (5.10.178) [9266e939d76279d8710196d86215ba2be6345041]
+4.19-upstream-stable: released (4.19.281) [c078fcd3f00ea5eadad07da169956d84f65af49b]
+sid: released (6.1.25-1)
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2023-1872 b/retired/CVE-2023-1872
new file mode 100644
index 00000000..e639fbbf
--- /dev/null
+++ b/retired/CVE-2023-1872
@@ -0,0 +1,18 @@
+Description:
+References:
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=08681391b84da27133deefaaddefd0acfa90c2be
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=da24142b1ef9fd5d36b76e36bab328a5b27523e8
+Notes:
+ carnil> No single upstream patch exists for this issue, it was fixed as
+ carnil> part of the file assignment changes that went into the 5.18
+ carnil> cycle. Take 5106dd6e74ab ("io_uring: propagate issue_flags
+ carnil> state down to file assignment") as the relevant commit for
+ carnil> tracking in higher versions (in 5.18-rc2, 5.17.3).
+Bugs:
+upstream: released (5.18-rc2) [5106dd6e74ab6c94daac1c357094f11e6934b36f]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.171) [08681391b84da27133deefaaddefd0acfa90c2be], released (5.10.172) [da24142b1ef9fd5d36b76e36bab328a5b27523e8]
+4.19-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (5.17.3-1)
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: N/A "Vulnerable code introduced later"
diff --git a/retired/CVE-2023-1989 b/retired/CVE-2023-1989
new file mode 100644
index 00000000..bf51cce7
--- /dev/null
+++ b/retired/CVE-2023-1989
@@ -0,0 +1,15 @@
+Description: Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work
+References:
+ https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=f132c2d13088
+Notes:
+ carnil> Original fix was later reverted in 6.4-rc1, and then the revert
+ carnil> backported to 6.3.2, 6.2.15, 6.1.28, 5.10.180 and 4.19.283.
+Bugs:
+upstream: released (6.3-rc4) [1e9ac114c4428fdb7ff4635b45d4f46017e8916f], released (6.3-rc7) [73f7b171b7c09139eb3c6a5677c200dc1be5f318]
+6.1-upstream-stable: released (6.1.22) [cbf8deacb7053ce3e3fed64b277c6c6989e65bba], released (6.1.52) [179c65828593aff1f444e15debd40a477cb23cf4]
+5.10-upstream-stable: released (5.10.177) [da3d3fdfb4d523c5da30e35a8dd90e04f0fd8962], released (5.10.195) [746b363bef41cc159c051c47f9e30800bc6b520d]
+4.19-upstream-stable: released (4.19.280) [af4d48754d5517d33bac5e504ff1f1de0808e29e], released (4.19.295) [3efcbf25e5ab4d4ad1b7e6ba0869ff85540e3f6e]
+sid: released (6.1.25-1), released (6.3.7-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.178-1), released (5.10.197-1)
+4.19-buster-security: released (4.19.282-1), released (4.19.304-1)
diff --git a/retired/CVE-2023-1990 b/retired/CVE-2023-1990
new file mode 100644
index 00000000..8d57c068
--- /dev/null
+++ b/retired/CVE-2023-1990
@@ -0,0 +1,15 @@
+Description: nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2183247
+ https://lore.kernel.org/all/167886541893.32297.9466042495115598646.git-patchwork-notify@kernel.org/
+Notes:
+ carnil> STMicroelectronics ST NCI NFC driver (NFC_ST_NCI_I2C,
+ carnil> NFC_ST_NCI_SPI) not enabled in Debian.
+Bugs:
+upstream: released (6.3-rc3) [5000fe6c27827a61d8250a7e4a1d26c3298ef4f6]
+6.1-upstream-stable: released (6.1.21) [5e331022b448fbc5e76f24349cd0246844dcad25]
+5.10-upstream-stable: released (5.10.176) [43aa468df246175207a7d5d7d6d31b231f15b49c]
+4.19-upstream-stable: released (4.19.279) [3405eb641dafcc8b28d174784b203c1622c121bf]
+sid: released (6.1.25-1)
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2023-1998 b/retired/CVE-2023-1998
new file mode 100644
index 00000000..a26eec56
--- /dev/null
+++ b/retired/CVE-2023-1998
@@ -0,0 +1,13 @@
+Description: x86/speculation: Allow enabling STIBP with legacy IBRS
+References:
+ https://github.com/google/security-research/security/advisories/GHSA-mj4w-6495-6crx
+ https://kernel.dance/#6921ed9049bc7457f66c1596c5b78aec0dae4a9d
+Notes:
+Bugs:
+upstream: released (6.3-rc1) [6921ed9049bc7457f66c1596c5b78aec0dae4a9d]
+6.1-upstream-stable: released (6.1.16) [08d87c87d6461d16827c9b88d84c48c26b6c994a]
+5.10-upstream-stable: released (5.10.173) [abfed855f05863d292de2d0ebab4656791bab9c8]
+4.19-upstream-stable: released (4.19.276) [10543fb3c9b019e45e2045f08f46fdf526add593]
+sid: released (6.1.20-1)
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2023-2002 b/retired/CVE-2023-2002
new file mode 100644
index 00000000..0cc8a750
--- /dev/null
+++ b/retired/CVE-2023-2002
@@ -0,0 +1,15 @@
+Description: bluetooth: Perform careful capability checks in hci_sock_ioctl()
+References:
+ https://www.openwall.com/lists/oss-security/2023/04/16/3
+ https://lore.kernel.org/linux-bluetooth/20230416081404.8227-1-lrh2000@pku.edu.cn/
+ https://lore.kernel.org/linux-bluetooth/20230416080251.7717-1-lrh2000@pku.edu.cn/
+Notes:
+Bugs:
+upstream: released (6.4-rc1) [25c150ac103a4ebeed0319994c742a90634ddf18]
+6.1-upstream-stable: released (6.1.27) [47e6893a5b0ad14c0b1c25983a1facb1cf667b6e]
+5.10-upstream-stable: released (5.10.180) [98cfbad52fc286c2a1a75e04bf47b98d6489db1f]
+4.19-upstream-stable: released (4.19.283) [8d59548bae309000442c297bff3e54ab535f0ab7]
+sid: released (6.1.27-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.289-1)
diff --git a/retired/CVE-2023-2006 b/retired/CVE-2023-2006
new file mode 100644
index 00000000..a15c463c
--- /dev/null
+++ b/retired/CVE-2023-2006
@@ -0,0 +1,15 @@
+Description: rxrpc: Fix race between conn bundle lookup and bundle removal [ZDI-CAN-15975]
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2189112
+ https://www.zerodayinitiative.com/advisories/ZDI-23-439/
+Notes:
+ carnil> Commit fixes 245500d853e9 ("rxrpc: Rewrite the client
+ carnil> connection manager") 5.10-rc1.
+Bugs:
+upstream: released (6.1-rc7) [3bcd6c7eaa53b56c3f584da46a1f7652e759d0e5]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.157) [3535c632e6d16c98f76e615da8dc0cb2750c66cc]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.12-1)
+5.10-bullseye-security: released (5.10.158-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-2007 b/retired/CVE-2023-2007
new file mode 100644
index 00000000..fbe4ba4b
--- /dev/null
+++ b/retired/CVE-2023-2007
@@ -0,0 +1,17 @@
+Description: dpt_i2o: TOCTTOU in adpt_i2o_passthru()
+References:
+ https://www.zerodayinitiative.com/advisories/ZDI-23-440/
+ https://lore.kernel.org/stable/b1d71ba992d0adab2519dff17f6d241279c0f5f1.camel@debian.org/
+Notes:
+ carnil> Issue upstream fixed by removing the driver.
+ carnil> For other stable backports "scsi: dpt_i2o: Remove broken pass-
+ carnil> through ioctl (I2OUSERCMD)" fixes the issue.
+Bugs:
+upstream: released (6.0-rc1) [b04e75a4a8a81887386a0d2dbf605a48e779d2a0]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.183) [a2cd7599b558d6c70c01880d470f6eedaf6a8f23]
+4.19-upstream-stable: released (4.19.285) [1b88816a9499608c736e192e0f442e65d4b71de1]
+sid: released (6.0.2-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.289-1)
diff --git a/retired/CVE-2023-2008 b/retired/CVE-2023-2008
new file mode 100644
index 00000000..c0fac3ed
--- /dev/null
+++ b/retired/CVE-2023-2008
@@ -0,0 +1,14 @@
+Description: udmabuf: add back sanity check
+References:
+ https://www.zerodayinitiative.com/advisories/ZDI-23-441/
+Notes:
+ carnil> Commit fixes 7b26e4e2119d ("udmabuf: drop WARN_ON() check.") in
+ carnil> 4.20-rc1.
+Bugs:
+upstream: released (5.19-rc4) [05b252cccb2e5c3f56119d25de684b4f810ba40a]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.127) [20119c1e0fff89542ff3272ace87e04cf6ee6bea]
+4.19-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (5.18.14-1)
+5.10-bullseye-security: released (5.10.127-1)
+4.19-buster-security: N/A "Vulnerable code introduced later"
diff --git a/retired/CVE-2023-2019 b/retired/CVE-2023-2019
new file mode 100644
index 00000000..cea0c000
--- /dev/null
+++ b/retired/CVE-2023-2019
@@ -0,0 +1,14 @@
+Description: netdevsim: fib: Fix reference count leak on route deletion failure
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2189137
+ https://www.zerodayinitiative.com/advisories/ZDI-CAN-17811/
+Notes:
+Bugs:
+upstream: released (6.0-rc1) [180a6a3ee60a7cb69ed1232388460644f6a21f00]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.19.6-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-20569 b/retired/CVE-2023-20569
new file mode 100644
index 00000000..d2705b0f
--- /dev/null
+++ b/retired/CVE-2023-20569
@@ -0,0 +1,18 @@
+Description: Speculative Return Stack Overflow (SRSO)
+References:
+ https://comsec.ethz.ch/research/microarch/inception/
+ https://comsec.ethz.ch/wp-content/files/inception_sec23.pdf
+ https://github.com/comsec-group/inception
+ https://www.openwall.com/lists/oss-security/2023/08/08/4
+ https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-7005
+ https://www.amd.com/content/dam/amd/en/documents/corporate/cr/speculative-return-stack-overflow-whitepaper.pdf
+Notes:
+Bugs:
+upstream: released (6.5-rc6) [0e52740ffd10c6c316837c6c128f460f1aaba1ea, fb3bd914b3ec28f5fb697ac55c4846ac2d542855, 79113e4060aba744787a81edb9014f2865193854, 1b5277c0ea0b247393a9c426769fde18cff5e2f6, 233d6f68b98d480a7c42ebe78c38f79d44741ca9, d893832d0e1ef41c72cdae444268c1d64a2be8ad, 238ec850b95a02dcdff3edc86781aa913549282f, 3bbbe97ad83db8d9df06daf027b0840188de625d, 5a15d8348881e9371afdf9f5357a135489496955]
+6.1-upstream-stable: released (6.1.44) [dfede4cb8ef732039b7a479d260bd89d3b474f14, dec3b91f2c4b2c9b24d933e2c3f17493e30149ac, ac41e90d8daa8815d8bee774a1975435fbfe1ae7, 9139f4b6dd4fe1003ba79ab317d1a9f48849b369, 98f62883e7519011bf63f85381d637f65d7f180e, 79c8091888ef61aac79ef72122d1e6cd0b620669, c9ae63d773ca182c4ef63fbdd22cdf090d9c1cd7, c7f2cd04554259c2474c4f9fa134528bc2826b22, 77cf32d0dbfbf575fe66561e069228c532dc1da9, 4f25355540ad4d40dd3445f66159a321dad29cc8]
+5.10-upstream-stable: released (5.10.189) [baf6d6c39e2390ef91bec12d057294dd507d1115, 437fa179f2136d349fda78331fd28696e40def9d, 9b7fe7c6fbc007564f97805ff45882e79f0c70d0, 073a28a9b50662991e7d6956c2cf2fc5d54f28cd, 34f23ba8a399ecd38b45c84da257b91d278e88aa, 3f9b7101bea1dcb63410c016ceb266f6e9f733c9, df76a59feba549825f426cb1586bfa86b49c08fa, e47af0c255aed7da91202f26250558a8e34e1c26, 4acaea47e3bcb7cd55cc56c7fd4e5fb60eebdada, 384d41bea948a18288aff668b7bdf3b522b7bf73, 4873939c0e1cec2fd04a38ddf2c03a05e4eeb7ef, 8457fb5740b14311a8941044ff4eb5a3945de9b2]
+4.19-upstream-stable: ignored "Mitigation is too invasive to backport"
+sid: released (6.4.4-3) [bugfix/x86/srso/x86-bugs-increase-the-x86-bugs-vector-size-to-two-u32s.patch, bugfix/x86/srso/x86-srso-add-a-speculative-ras-overflow-mitigation.patch, bugfix/x86/srso/x86-srso-add-ibpb_brtype-support.patch, bugfix/x86/srso/x86-srso-add-srso_no-support.patch, bugfix/x86/srso/x86-srso-add-ibpb.patch, bugfix/x86/srso/x86-srso-add-ibpb-on-vmexit.patch, bugfix/x86/srso/x86-srso-fix-return-thunks-in-generated-code.patch, bugfix/x86/srso/x86-srso-add-a-forgotten-noendbr-annotation.patch, bugfix/x86/srso/x86-srso-tie-sbpb-bit-setting-to-microcode-patch-detection.patch]
+6.1-bookworm-security: released (6.1.38-3) [bugfix/x86/srso/x86-bugs-increase-the-x86-bugs-vector-size-to-two-u32s.patch, bugfix/x86/srso/x86-cpu-kvm-add-support-for-cpuid_80000021_eax.patch, bugfix/x86/srso/x86-srso-add-a-speculative-ras-overflow-mitigation.patch, bugfix/x86/srso/x86-srso-add-ibpb_brtype-support.patch, bugfix/x86/srso/x86-srso-add-srso_no-support.patch, bugfix/x86/srso/x86-srso-add-ibpb.patch, bugfix/x86/srso/x86-srso-add-ibpb-on-vmexit.patch, bugfix/x86/srso/x86-srso-fix-return-thunks-in-generated-code.patch, bugfix/x86/srso/x86-srso-add-a-forgotten-noendbr-annotation.patch, bugfix/x86/srso/x86-srso-tie-sbpb-bit-setting-to-microcode-patch-detection.patch]
+5.10-bullseye-security: released (5.10.179-4) [bugfix/x86/srso/x86-cpu-add-vm-page-flush-msr-availablility-as-a-cpuid-feature.patch, bugfix/x86/srso/x86-cpufeatures-assign-dedicated-feature-word-for-cpuid_0x8000001f.patch, bugfix/x86/srso/tools-headers-cpufeatures-sync-with-the-kernel-sources.patch, bugfix/x86/srso/x86-bugs-increase-the-x86-bugs-vector-size-to-two-u32s.patch, bugfix/x86/srso/x86-cpu-kvm-add-support-for-cpuid_80000021_eax.patch, bugfix/x86/srso/x86-srso-add-a-speculative-ras-overflow-mitigation.patch, bugfix/x86/srso/x86-srso-add-ibpb_brtype-support.patch, bugfix/x86/srso/x86-srso-add-srso_no-support.patch, bugfix/x86/srso/x86-srso-add-ibpb.patch, bugfix/x86/srso/x86-srso-add-ibpb-on-vmexit.patch, bugfix/x86/srso/x86-srso-fix-return-thunks-in-generated-code.patch, bugfix/x86/srso/x86-srso-tie-sbpb-bit-setting-to-microcode-patch-detection.patch]
+4.19-buster-security: ignored "Mitigation is too invasive to backport"
diff --git a/retired/CVE-2023-20593 b/retired/CVE-2023-20593
new file mode 100644
index 00000000..c868d79d
--- /dev/null
+++ b/retired/CVE-2023-20593
@@ -0,0 +1,20 @@
+Description: Zenbleed
+References:
+ https://www.openwall.com/lists/oss-security/2023/07/24/1
+ https://lock.cmpxchg8b.com/zenbleed.html
+ https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html
+ https://github.com/google/security-research/security/advisories/GHSA-v6wh-rxpg-cmm8
+ https://xenbits.xen.org/xsa/advisory-433.html
+Notes:
+ carnil> Technically not a linux issue but track with the CVE entry as well
+ carnil> the kernel side mitigations for the issue in case no amd64-microcode
+ carnil> update is available and we need the fallback to the chicken bit set.
+Bugs:
+upstream: released (6.5-rc4) [522b1d69219d8f083173819fde04f994aa051a98]
+6.1-upstream-stable: released (6.1.41) [ed9b87010aa84c157096f98c322491e9af8e8f07]
+5.10-upstream-stable: released (5.10.187) [93df00f9d48d48466ddbe01a06eaaf3311ecfb53]
+4.19-upstream-stable: released (4.19.289) [cfef7bbf0dca27209ea5d82d7060d4fc2c0d72ea]
+sid: released (6.4.4-2) [bugfix/x86/x86-cpu-amd-Add-a-Zenbleed-fix.patch]
+6.1-bookworm-security: released (6.1.38-2) [bugfix/x86/x86-cpu-amd-Add-a-Zenbleed-fix.patch]
+5.10-bullseye-security: released (5.10.179-3) [bugfix/x86/x86-cpu-amd-Add-a-Zenbleed-fix.patch]
+4.19-buster-security: released (4.19.289-1)
diff --git a/retired/CVE-2023-20928 b/retired/CVE-2023-20928
new file mode 100644
index 00000000..3459320f
--- /dev/null
+++ b/retired/CVE-2023-20928
@@ -0,0 +1,19 @@
+Description: binder: fix UAF of alloc->vma in race with munmap()
+References:
+ https://android.googlesource.com/kernel/common/+/201d5f4a3ec1
+ https://source.android.com/docs/security/bulletin/2023-01-01
+ https://bugs.chromium.org/p/project-zero/issues/detail?id=2374
+Notes:
+ carnil> As noted in the commit: Note this patch is specific to stable
+ carnil> branches 5.4 and 5.10. Since in newer kernel releases binder no
+ carnil> longer caches a pointer to the vma. Instead, it has been
+ carnil> refactored to use vma_lookup() which avoids the issue described
+ carnil> here. This switch was introduced in commit a43cfc87caaf
+ carnil> ("android: binder: stop saving a pointer to the VMA").
+Bugs:
+upstream: released (6.0-rc1) [a43cfc87caaf46710c8027a8c23b8a55f1078f19]
+5.10-upstream-stable: released (5.10.154) [015ac18be7de25d17d6e5f1643cb3b60bfbe859e]
+4.19-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (5.19.6-1)
+5.10-bullseye-security: released (5.10.158-1)
+4.19-buster-security: N/A "Vulnerable code introduced later"
diff --git a/retired/CVE-2023-21102 b/retired/CVE-2023-21102
new file mode 100644
index 00000000..31a6de3e
--- /dev/null
+++ b/retired/CVE-2023-21102
@@ -0,0 +1,16 @@
+Description: arm64: efi: Execute runtime services from a dedicated stack
+References:
+ https://source.android.com/docs/security/bulletin/2023-05-01
+ https://android.googlesource.com/kernel/common/+/ec6fe823507b2f6ef4a58f3a9bee9a5ec086c32c%5E%21/#F2
+Notes:
+ bwh> Introduced in 5.14 by commit cefc7ca46235 "ACPI: PRM: implement
+ bwh> OperationRegion handler for the PlatformRtMechanism subtype".
+Bugs:
+upstream: released (6.2-rc1) [ff7a167961d1b97e0e205f245f806e564d3505e7], released (6.2-rc4) [18bba1843fc7f264f58c9345d00827d082f9c558]
+6.1-upstream-stable: released (6.1.8) [f75a91c82dc805af8f718ff106ec9c090234b37b, 72b0e5faa5149f09c6a7a74e4012f29e33509bab]
+5.10-upstream-stable: released (5.10.165) [4012603cbd469223f225637d265a233f034c567a, d6544bccc1967cd6a883d6abac71fc7d863e8baa]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.1.8-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-21106 b/retired/CVE-2023-21106
new file mode 100644
index 00000000..8eeed46c
--- /dev/null
+++ b/retired/CVE-2023-21106
@@ -0,0 +1,14 @@
+Description: drm/msm/gpu: Fix potential double-free
+References:
+ https://source.android.com/docs/security/bulletin/2023-05-01
+Notes:
+ carnil> Commit fixes d4726d770068 ("drm/msm: Add a way to override
+ carnil> processes comm/cmdline") in 5.19-rc1.
+Bugs:
+upstream: released (6.2-rc5) [a66f1efcf748febea7758c4c3c8b5bc5294949ef]
+6.1-upstream-stable: released (6.1.9) [8103d53f25ec7b9aa99c134642c6e840e896be71]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.1.11-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-21255 b/retired/CVE-2023-21255
new file mode 100644
index 00000000..781bdc20
--- /dev/null
+++ b/retired/CVE-2023-21255
@@ -0,0 +1,17 @@
+Description: binder: fix UAF caused by faulty buffer cleanup
+References:
+ https://source.android.com/docs/security/bulletin/2023-07-01
+ https://android.googlesource.com/kernel/common/+/1ca1130ec62d
+Notes:
+ carnil> Commit fixes 32e9f56a96d8 ("binder: don't detect sender/target
+ carnil> during buffer cleanup") in 5.16-rc1 (which was backported to
+ carnil> 5.4.159, 5.10.79, 5.14.18, 5.15.2)
+Bugs:
+upstream: released (6.4-rc4) [bdc1c5fac982845a58d28690cdb56db8c88a530d]
+6.1-upstream-stable: released (6.1.31) [e1e198eff1fbaf56fd8022c4fbbf59c5324ea320]
+5.10-upstream-stable: released (5.10.182) [2218752325a98861dfb10f59a9b0270d6d4abe21]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-21400 b/retired/CVE-2023-21400
new file mode 100644
index 00000000..aaaa530a
--- /dev/null
+++ b/retired/CVE-2023-21400
@@ -0,0 +1,19 @@
+Description: io_uring: ensure IOPOLL locks around deferred work
+References:
+ https://source.android.com/security/bulletin/pixel/2023-07-01
+ https://yanglingxi1993.github.io/dirty_pagetable/dirty_pagetable.html
+ https://www.openwall.com/lists/oss-security/2023/07/14/2
+ https://www.openwall.com/lists/oss-security/2023/07/25/9
+ https://twitter.com/VAR10CK/status/1683303642173153280
+Notes:
+ carnil> No upstream commit exists as the issue has been fixed in 5.18
+ carnil> development as part of a larger rework of the completion side.
+Bugs:
+upstream: released (5.18)
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.188) [810e401b34c4c4c244d8b93b9947ea5b3d4d49f8]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.18.2-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-2156 b/retired/CVE-2023-2156
new file mode 100644
index 00000000..5fce65f6
--- /dev/null
+++ b/retired/CVE-2023-2156
@@ -0,0 +1,23 @@
+Description: Linux Kernel IPv6 RPL Protocol Reachable Assertion Denial-of-Service Vulnerability
+References:
+ https://www.zerodayinitiative.com/advisories/ZDI-23-547/
+ https://bugzilla.redhat.com/show_bug.cgi?id=2196292#c1
+ https://www.interruptlabs.co.uk//articles/linux-ipv6-route-of-death
+Notes:
+ carnil> From ZDI advisory: "Mitigation: Given the nature of the
+ carnil> vulnerability, the only salient mitigation strategy is to
+ carnil> restrict interaction with the application." Upstream related
+ carnil> commit is 4e006c7a6dac ("net: rpl: fix rpl header size
+ carnil> calculation").
+ carnil> Exploitng the issue requires rpl_seg_enabled to be enabled
+ carnil> (net.ipv6.conf.*.rpl_seg_enabled=1)
+ carnil> Fixed as well in 6.3.8 for 6.3.y.
+Bugs:
+upstream: released (6.4-rc6) [a2f4c143d76b1a47c91ef9bc46907116b111da0b]
+6.1-upstream-stable: released (6.1.34) [251b5d68ac4748f210577d84f1cd5a664c54785f]
+5.10-upstream-stable: released (5.10.184) [86e3981ff1bc501071100036435683c45aa70958]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.3.11-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: released (5.10.179-2) [bugfix/all/ipv6-rpl-Fix-Route-of-Death.patch]
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-2162 b/retired/CVE-2023-2162
new file mode 100644
index 00000000..bc5f985e
--- /dev/null
+++ b/retired/CVE-2023-2162
@@ -0,0 +1,13 @@
+Description: scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2187773
+ https://www.spinics.net/lists/linux-scsi/msg181542.html
+Notes:
+Bugs:
+upstream: released (6.2-rc6) [f484a794e4ee2a9ce61f52a78e810ac45f3fe3b3]
+6.1-upstream-stable: released (6.1.11) [61e43ebfd243bcbad11be26bd921723027b77441]
+5.10-upstream-stable: released (5.10.168) [9758ffe1c07b86aefd7ca8e40d9a461293427ca0]
+4.19-upstream-stable: released (4.19.273) [6abd4698f4c8a78e7bbfc421205c060c199554a0]
+sid: released (6.1.11-1)
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2023-2163 b/retired/CVE-2023-2163
new file mode 100644
index 00000000..d75d42ca
--- /dev/null
+++ b/retired/CVE-2023-2163
@@ -0,0 +1,15 @@
+Description: bpf: Fix incorrect verifier pruning due to missing register precision taints
+References:
+ https://github.com/google/security-research/security/advisories/GHSA-j87x-j6mh-mv8v#event-102578
+Notes:
+ carnil> Commit fixes b5dc0163d8fd ("bpf: precise scalar_value
+ carnil> tracking") in 5.3-rc1.
+Bugs:
+upstream: released (6.3) [71b547f561247897a0a14f3082730156c0533fed]
+6.1-upstream-stable: released (6.1.26) [89603f4c9154e818b9ead1abe08545a053c66ded]
+5.10-upstream-stable: released (5.10.179) [b1281d008845ae9a4de9ef7510dcc1667557a67a]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.1.27-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.179-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-2166 b/retired/CVE-2023-2166
new file mode 100644
index 00000000..cdc805ff
--- /dev/null
+++ b/retired/CVE-2023-2166
@@ -0,0 +1,14 @@
+Description: can: af_can: fix NULL pointer dereference in can_rcv_filter
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2187813
+ https://lore.kernel.org/lkml/CAO4mrfcV_07hbj8NUuZrA8FH-kaRsrFy-2metecpTuE5kKHn5w@mail.gmail.com/
+Notes:
+ carnil> Commit fixes 4e096a18867a ("net: introduce CAN specific pointer in the struct net_device")
+Bugs:
+upstream: released (6.1) [0acc442309a0a1b01bcdaa135e56e6398a49439c]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.159) [c42221efb1159d6a3c89e96685ee38acdce86b6f]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.1.4-1)
+5.10-bullseye-security: released (5.10.162-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-2194 b/retired/CVE-2023-2194
new file mode 100644
index 00000000..34b026d6
--- /dev/null
+++ b/retired/CVE-2023-2194
@@ -0,0 +1,11 @@
+Description: i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer()
+References:
+Notes:
+Bugs:
+upstream: released (6.3-rc4) [92fbb6d1296f81f41f65effd7f5f8c0f74943d15]
+6.1-upstream-stable: released (6.1.22) [7c64e839585eac8048bf67b1c6dcb7a5ca189a2e]
+5.10-upstream-stable: released (5.10.177) [1eaa2b7ae90c5a5e05586df310d804de250747d3]
+4.19-upstream-stable: released (4.19.280) [5fc2b9485a8722c8350c3379992f5931ccfeaf98]
+sid: released (6.1.25-1)
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2023-2235 b/retired/CVE-2023-2235
new file mode 100644
index 00000000..a2914cd6
--- /dev/null
+++ b/retired/CVE-2023-2235
@@ -0,0 +1,14 @@
+Description: perf: Fix check before add_event_to_groups() in perf_group_detach()
+References:
+ https://kernel.dance/fd0815f632c24878e325821943edccc7fde947a2
+Notes:
+ carnil> Commit fixes 2e498d0a74e5 ("perf: Add support for event removal
+ carnil> on exec") in 5.13-rc1.
+Bugs:
+upstream: released (6.3-rc3) [fd0815f632c24878e325821943edccc7fde947a2]
+6.1-upstream-stable: released (6.1.21) [529546ea2834ce58aa075837d57918740accf713]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.1.25-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-2236 b/retired/CVE-2023-2236
new file mode 100644
index 00000000..10d82d43
--- /dev/null
+++ b/retired/CVE-2023-2236
@@ -0,0 +1,14 @@
+Description: io_uring/filetable: fix file reference underflow
+References:
+ https://kernel.dance/#9d94c04c0db024922e886c9fd429659f22f48ea4
+Notes:
+ carnil> Commit fixes 61c1b44a21d7 ("io_uring: fix deadlock on iowq file
+ carnil> slot alloc") in 5.19-rc1.
+Bugs:
+upstream: released (6.1-rc7) [9d94c04c0db024922e886c9fd429659f22f48ea4]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.12-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-2269 b/retired/CVE-2023-2269
new file mode 100644
index 00000000..f0f1e4d5
--- /dev/null
+++ b/retired/CVE-2023-2269
@@ -0,0 +1,13 @@
+Description: A possible deadlock in dm_get_inactive_table in dm-ioctl.c leads to dos
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2189388
+Notes:
+Bugs:
+upstream: released (6.4-rc1) [3d32aaa7e66d5c1479a3c31d6c2c5d45dd0d3b89]
+6.1-upstream-stable: released (6.1.28) [9a94ebc74c3540aba5aa2c7b05032da4610a08c9]
+5.10-upstream-stable: released (5.10.180) [ea827627a9249154b34b646b1e1007013402afea]
+4.19-upstream-stable: released (4.19.283) [b4b94b25c78ed03be0e07fa4e76fe51e64dac533]
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.289-1)
diff --git a/retired/CVE-2023-22995 b/retired/CVE-2023-22995
new file mode 100644
index 00000000..f86435d8
--- /dev/null
+++ b/retired/CVE-2023-22995
@@ -0,0 +1,14 @@
+Description: usb: dwc3: dwc3-qcom: Add missing platform_device_put() in dwc3_qcom_acpi_register_core
+References:
+Notes:
+ bwh> This is a one-time resource leak in device probe, not a security
+ bwh> issue.
+Bugs:
+upstream: released (5.17-rc1) [fa0ef93868a6062babe1144df2807a8b1d4924d2]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: ignored "Not a security issue"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.17.3-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: ignored "Not a security issue"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-22996 b/retired/CVE-2023-22996
new file mode 100644
index 00000000..29f90add
--- /dev/null
+++ b/retired/CVE-2023-22996
@@ -0,0 +1,13 @@
+Description: soc: qcom: aoss: Fix missing put_device call in qmp_get
+References:
+Notes:
+ carnil> Commit fixes 8c75d585b931 ("soc: qcom: aoss: Expose send for
+ carnil> generic usecase") introduced in 5.16-rc1 (and 5.15.35).
+Bugs:
+upstream: released (5.18-rc1) [4b41a9d0fe3db5f91078a380f62f0572c3ecf2dd]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.17.3-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-22997 b/retired/CVE-2023-22997
new file mode 100644
index 00000000..d4bcd938
--- /dev/null
+++ b/retired/CVE-2023-22997
@@ -0,0 +1,11 @@
+Description: module: Fix NULL vs IS_ERR checking for module_get_next_page
+References:
+Notes:
+Bugs:
+upstream: released (6.2-rc1) [45af1d7aae7d5520d2858f8517a1342646f015db]
+6.1-upstream-stable: released (6.1.2) [7a779e84b3c451ce4713456a413d3300143747a7]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.1.4-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-22998 b/retired/CVE-2023-22998
new file mode 100644
index 00000000..be85220d
--- /dev/null
+++ b/retired/CVE-2023-22998
@@ -0,0 +1,14 @@
+Description: drm/virtio: Fix NULL vs IS_ERR checking in virtio_gpu_object_shmem_init
+References:
+Notes:
+ bwh> Introduced in 5.5 by commit c66df701e783 "drm/virtio: switch
+ bwh> from ttm to gem shmem helpers".
+Bugs:
+upstream: released (6.0-rc1) [c24968734abfed81c8f93dc5f44a7b7a9aecadfa, 64b88afbd92fbf434759d1896a7cf705e1c00e79]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.171) [0a4181b23acf53e9c95b351df6a7891116b98f9b, 87c647def389354c95263d6635c62ca0de7d12ca]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.3-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-22999 b/retired/CVE-2023-22999
new file mode 100644
index 00000000..8d0f764a
--- /dev/null
+++ b/retired/CVE-2023-22999
@@ -0,0 +1,14 @@
+Description: usb: dwc3: qcom: Fix NULL vs IS_ERR checking in dwc3_qcom_probe
+References:
+Notes:
+ bwh> Introduced in 5.12 by commit c25c210f590e "usb: dwc3: qcom: add
+ bwh> URS Host support for sdm845 ACPI boot" and backported into 5.10.
+Bugs:
+upstream: released (5.17-rc1) [b52fe2dbb3e655eb1483000adfab68a219549e13]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.94) [94177fcecc35e9e9d3aecaa5813556c6b5aed7b6]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.16.7-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.103-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-23000 b/retired/CVE-2023-23000
new file mode 100644
index 00000000..78b340f6
--- /dev/null
+++ b/retired/CVE-2023-23000
@@ -0,0 +1,17 @@
+Description: phy: tegra: xusb: Fix return value of tegra_xusb_find_port_node function
+References:
+Notes:
+ bwh> This doesn't seem to have a security impact as this function is
+ bwh> only called during probe of a platform device. Introduced in
+ bwh> 4.14 by commit 1df79cb3bae7 "phy: tegra: Handle return value of
+ bwh> kasprintf", which itself fixed a (theoretical) null pointer
+ bwh> dereference.
+Bugs:
+upstream: released (5.17-rc1) [045a31b95509c8f25f5f04ec5e0dec5cd09f2c5f]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: ignored "Not a security issue"
+4.19-upstream-stable: ignored "Not a security issue"
+sid: released (5.17.3-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: ignored "Not a security issue"
+4.19-buster-security: ignored "Not a security issue"
diff --git a/retired/CVE-2023-23001 b/retired/CVE-2023-23001
new file mode 100644
index 00000000..9860bd16
--- /dev/null
+++ b/retired/CVE-2023-23001
@@ -0,0 +1,13 @@
+Description: scsi: ufs: ufs-mediatek: Fix error checking in ufs_mtk_init_va09_pwr_ctrl()
+References:
+Notes:
+ carnil> Commit fixes cf137b3ea49a ("scsi: ufs-mediatek: Support VA09
+ carnil> regulator operations") in 5.11-rc1.
+Bugs:
+upstream: released (5.17-rc1) [3ba880a12df5aa4488c18281701b5b1bc3d4531a]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.16.7-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-23002 b/retired/CVE-2023-23002
new file mode 100644
index 00000000..46519a81
--- /dev/null
+++ b/retired/CVE-2023-23002
@@ -0,0 +1,11 @@
+Description: Bluetooth: hci_qca: Fix NULL vs IS_ERR_OR_NULL check in qca_serdev_probe
+References:
+Notes:
+Bugs:
+upstream: released (5.17-rc1) [6845667146a28c09b5dfc401c1ad112374087944]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.94) [4579954bf4cc0bdfc4a42c88b16fe596f1e7f82d]
+4.19-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (5.16.7-1)
+5.10-bullseye-security: released (5.10.103-1)
+4.19-buster-security: N/A "Vulnerable code introduced later"
diff --git a/retired/CVE-2023-23003 b/retired/CVE-2023-23003
new file mode 100644
index 00000000..b68c0464
--- /dev/null
+++ b/retired/CVE-2023-23003
@@ -0,0 +1,14 @@
+Description: perf expr: Fix missing check for return value of hashmap__new()
+References:
+Notes:
+ bwh> This is user-space code, and the result of the missing check
+ bwh> would be a segfault. I don't see any security impact.
+Bugs:
+upstream: released (5.16-rc6) [0a515a06c5ebfa46fee3ac519e418f801e718da4]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: ignored "Not a security issue"
+4.19-upstream-stable: ignored "Not a security issue"
+sid: released (5.16.7-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: ignored "Not a security issue"
+4.19-buster-security: ignored "Not a security issue"
diff --git a/retired/CVE-2023-23004 b/retired/CVE-2023-23004
new file mode 100644
index 00000000..8beaf28f
--- /dev/null
+++ b/retired/CVE-2023-23004
@@ -0,0 +1,14 @@
+Description: malidp: Fix NULL vs IS_ERR() checking
+References:
+Notes:
+ bwh> Introduced in 4.20 by commit 1f23a56a46b8 "drm/malidp: Enable
+ bwh> MMU prefetch on Mali-DP650".
+Bugs:
+upstream: released (5.19-rc1) [15342f930ebebcfe36f2415049736a77d7d2e045]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.173) [a5bbea50d622b8f49ab8ee3b0eb283107febcf1a]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.19.6-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-23006 b/retired/CVE-2023-23006
new file mode 100644
index 00000000..2a72f1e3
--- /dev/null
+++ b/retired/CVE-2023-23006
@@ -0,0 +1,14 @@
+Description: net/mlx5: DR, Fix NULL vs IS_ERR checking in dr_domain_init_resources
+References:
+Notes:
+ bwh> Introduced in 5.4 by commit 4ec9e7b02697 "net/mlx5: DR, Expose
+ bwh> steering domain functionality".
+Bugs:
+upstream: released (5.16-rc8) [6b8b42585886c59a008015083282aae434349094]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.90) [4cd1da02f0c39606e3378c9255f17d6f85d106c7]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-23454 b/retired/CVE-2023-23454
new file mode 100644
index 00000000..b92d7dca
--- /dev/null
+++ b/retired/CVE-2023-23454
@@ -0,0 +1,13 @@
+Description: net: sched: cbq: dont intepret cls results when asked to drop
+References:
+ https://www.openwall.com/lists/oss-security/2023/01/10/1
+ https://www.openwall.com/lists/oss-security/2023/01/10/4
+Notes:
+ carnil> For 6.1.y fixed in 6.1.5.
+Bugs:
+upstream: released (6.2-rc3) [caa4b35b4317d5147b3ab0fbdc9c075c7d2e9c12]
+5.10-upstream-stable: released (5.10.163) [b2c917e510e5ddbc7896329c87d20036c8b82952]
+4.19-upstream-stable: released (4.19.280) [8ed4c82571d848d76877c4d70687686e607766e3]
+sid: released (6.1.7-1)
+5.10-bullseye-security: released (5.10.162-1) [bugfix/all/net-sched-cbq-dont-intepret-cls-results-when-asked-t.patch]
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2023-23455 b/retired/CVE-2023-23455
new file mode 100644
index 00000000..ae05bf1e
--- /dev/null
+++ b/retired/CVE-2023-23455
@@ -0,0 +1,13 @@
+Description: net: sched: atm: dont intepret cls results when asked to drop
+References:
+ https://www.openwall.com/lists/oss-security/2023/01/10/1
+ https://www.openwall.com/lists/oss-security/2023/01/10/4
+Notes:
+ carnil> For 6.1.y fixed in 6.1.5.
+Bugs:
+upstream: released (6.2-rc3) [a2965c7be0522eaa18808684b7b82b248515511b]
+5.10-upstream-stable: released (5.10.163) [5f65f48516bfeebaab1ccc52c8fad698ddf21282]
+4.19-upstream-stable: released (4.19.270) [5374c455ebe6102e3d5f1842c6d8ff72b3ca659f]
+sid: released (6.1.7-1)
+5.10-bullseye-security: released (5.10.162-1) [bugfix/all/net-sched-atm-dont-intepret-cls-results-when-asked-t.patch]
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2023-23559 b/retired/CVE-2023-23559
new file mode 100644
index 00000000..c7afe695
--- /dev/null
+++ b/retired/CVE-2023-23559
@@ -0,0 +1,12 @@
+Description: rndis_wlan: Prevent buffer overflow in rndis_query_oid
+References:
+ https://patchwork.kernel.org/project/linux-wireless/patch/20230110173007.57110-1-szymon.heidrich@gmail.com/
+Notes:
+ carnil> Fixed as weill in 6.1.9 for 6.1.y.
+Bugs:
+upstream: released (6.2-rc5) [b870e73a56c4cccbec33224233eaf295839f228c]
+5.10-upstream-stable: released (5.10.166) [802fd7623e9ed19ee809b503e93fccc1e3f37bd6]
+4.19-upstream-stable: released (4.19.272) [b4cc9d7ae9bed976de5463958afea2983b4ca57f]
+sid: released (6.1.11-1)
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2023-23586 b/retired/CVE-2023-23586
new file mode 100644
index 00000000..860e0a3f
--- /dev/null
+++ b/retired/CVE-2023-23586
@@ -0,0 +1,15 @@
+Description:
+References:
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/io_uring?h=linux-5.10.y&id=788d0824269bef539fe31a785b1517882eafed93
+ https://kernel.dance/#788d0824269bef539fe31a785b1517882eafed93
+Notes:
+ carnil> Unclear if this is just a duplicate of CVE-2023-0240. Track it
+ carnil> as different for now. The only CVE record references available
+ carnil> are identical, but with different description of the issue.
+Bugs:
+upstream: released (5.12-rc1) [4379bf8bd70b5de6bba7d53015b0c36c57a634ee]
+5.10-upstream-stable: released (5.10.162)
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.162-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-2430 b/retired/CVE-2023-2430
new file mode 100644
index 00000000..713a1bd5
--- /dev/null
+++ b/retired/CVE-2023-2430
@@ -0,0 +1,18 @@
+Description: io_uring/msg_ring: fix missing lock on overflow for IOPOLL
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2192175
+ https://groups.google.com/g/syzkaller/c/T04q4HMUCdA/m/qVaOqv2RAAAJ
+Notes:
+ bwh> The two instances of the bug were introduced in 6.0 by commit
+ bwh> e6130eba8a84 "io_uring: add support for passing fixed file
+ bwh> descriptors" and in 6.2-rc1 by commit 6d043ee1164c "io_uring:
+ bwh> do msg_ring in target task via tw".
+Bugs:
+upstream: released (6.2-rc5) [e12d7a46f65ae4b7d58a5e0c1cbfa825cf8d830d]
+6.1-upstream-stable: released (6.1.50) [22a406b3629a10979916ea7cace47858410117b5]
+5.10-upstream-stable: N/A "Vulnerable code introduced later"
+4.19-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: N/A "Vulnerable code introduced later"
+4.19-buster-security: N/A "Vulnerable code introduced later"
diff --git a/retired/CVE-2023-25012 b/retired/CVE-2023-25012
new file mode 100644
index 00000000..e1d69729
--- /dev/null
+++ b/retired/CVE-2023-25012
@@ -0,0 +1,17 @@
+Description: HID: bigben_remove: manually unregister leds
+References:
+ https://lore.kernel.org/all/20230125-hid-unregister-leds-v1-1-9a5192dcef16@diag.uniroma1.it/
+ https://www.openwall.com/lists/oss-security/2023/01/25/5
+ https://lore.kernel.org/all/20230125-hid-unregister-leds-v2-1-689cc62fc878@diag.uniroma1.it/
+Notes:
+ carnil> Commit fixes 4eb1b01de5b9 ("HID: hid-bigbenff: fix race
+ carnil> condition for scheduled work during removal") in 5.6-rc4 (and
+ carnil> backported to 5.4.27 and 5.5.11).
+Bugs:
+upstream: released (6.3-rc1) [76ca8da989c7d97a7f76c75d475fe95a584439d7]
+6.1-upstream-stable: released (6.1.16) [f2bf592ebd5077661e00aa11e12e054c4c8f6dd0]
+5.10-upstream-stable: released (5.10.173) [fddde36316da8acb45a3cca2e5fda102f5215877]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.1.20-1)
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-2513 b/retired/CVE-2023-2513
new file mode 100644
index 00000000..85a1c00a
--- /dev/null
+++ b/retired/CVE-2023-2513
@@ -0,0 +1,17 @@
+Description: ext4: fix use-after-free in ext4_xattr_set_entry
+References:
+ https://lore.kernel.org/all/20220616021358.2504451-1-libaokun1@huawei.com/
+Notes:
+ carnil> In various stable series there was a fix for the issue, but
+ carnil> reverted again "in order to avoid conflicts on stable,
+ carnil> reverting the commit first and queuing its prereqisities
+ carnil> patches fist and then queue the same after again". Thus
+ carnil> tracking the first occurence of the fix.
+Bugs:
+upstream: released (6.0-rc1) [67d7d8ad99beccd9fe92d585b87f1760dc9018e3]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.137) [bb8592efcf8ef2f62947745d3182ea05b5256a15]
+4.19-upstream-stable: released (4.19.256) [c3ecf16b410fd88c15eb8353369a1943c3da5101]
+sid: released (5.19.6-1)
+5.10-bullseye-security: released (5.10.140-1)
+4.19-buster-security: released (4.19.260-1)
diff --git a/retired/CVE-2023-25775 b/retired/CVE-2023-25775
new file mode 100644
index 00000000..1aef9d84
--- /dev/null
+++ b/retired/CVE-2023-25775
@@ -0,0 +1,18 @@
+Description: RDMA/irdma: Prevent zero-length STAG registration
+References:
+ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00794.html
+Notes:
+ carnil> Commit fixes b48c24c2d710 ("RDMA/irdma: Implement device
+ carnil> supported verb APIs") in 5.14-rc1.
+ carnil> Fixed as well in 6.4.16 for 6.4.y and in 6.5.3 for 6.5.y.
+ carnil> Strangely the fix was as well backported to 5.10.203 and
+ carnil> 4.19.301 but it's not clear why.
+Bugs:
+upstream: released (6.6-rc1) [bb6d73d9add68ad270888db327514384dfa44958]
+6.1-upstream-stable: released (6.1.53) [f01cfec8d3456bf389918eb898eda11f46d8b1b7]
+5.10-upstream-stable: released (5.10.203) [ac65f8979b0eaac80c4710729c509d8837d8fdb7]
+4.19-upstream-stable: released (4.19.301) [f3c2760510c119c609e751c5a0b06cec6ae4bb4d]
+sid: released (6.5.3-1)
+6.1-bookworm-security: released (6.1.55-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-2598 b/retired/CVE-2023-2598
new file mode 100644
index 00000000..7ff580f1
--- /dev/null
+++ b/retired/CVE-2023-2598
@@ -0,0 +1,14 @@
+Description: io_uring/rsrc: check for nonconsecutive pages
+References:
+ https://www.openwall.com/lists/oss-security/2023/05/08/3
+Notes:
+ carnil> Commit fixes 57bebf807e2a ("io_uring/rsrc: optimise registered
+ carnil> huge pages") in 6.3-rc1.
+Bugs:
+upstream: released (6.4-rc1) [776617db78c6d208780e7c69d4d68d1fa82913de]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-26544 b/retired/CVE-2023-26544
new file mode 100644
index 00000000..1f3b35f6
--- /dev/null
+++ b/retired/CVE-2023-26544
@@ -0,0 +1,13 @@
+Description: KASAN: use-after-free Read in run_unpack
+References:
+ https://lkml.org/lkml/2023/2/20/128
+Notes:
+ carnil> NTFS3 driver not enabled in Debian.
+Bugs:
+upstream: released (6.2-rc1) [887bfc546097fbe8071dac13b2fef73b77920899]
+6.1-upstream-stable: released (6.1.3) [d34485d40b6a263d65bc476554299c42b2ec0187]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.1.4-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-26545 b/retired/CVE-2023-26545
new file mode 100644
index 00000000..149869cc
--- /dev/null
+++ b/retired/CVE-2023-26545
@@ -0,0 +1,11 @@
+Description: net: mpls: fix stale pointer if allocation fails during device rename
+References:
+Notes:
+Bugs:
+upstream: released (6.2) [fda6c89fe3d9aca073495a664e1d5aea28cd4377]
+6.1-upstream-stable: released (6.1.13) [c376227845eef8f2e62e2c29c3cf2140d35dd8e8]
+5.10-upstream-stable: released (5.10.169) [7ff0fdba82298d1f456c685e24930da89703c0fb]
+4.19-upstream-stable: released (4.19.273) [aa07c86e43ed8780d610ecfb2ce13da326729201]
+sid: released (6.1.15-1)
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2023-26605 b/retired/CVE-2023-26605
new file mode 100644
index 00000000..2240f9a8
--- /dev/null
+++ b/retired/CVE-2023-26605
@@ -0,0 +1,16 @@
+Description: KASAN: use-after-free Read in inode_cgwb_move_to_attached
+References:
+ https://lkml.org/lkml/2023/2/22/3
+ https://lore.kernel.org/all/CAGyP=7fWFjioc7ok0SZ7kBNh6_MAk1keL4BKPvUNdmpGjnsZOA@mail.gmail.com/
+Notes:
+ carnil> Introduced by cbfecb927f42 ("fs: record I_DIRTY_TIME even if
+ carnil> inode already has I_DIRTY_INODE") in 6.1-rc1 (but backported to
+ carnil> 6.0.3, 5.19.17 and 5.15.75).
+Bugs:
+upstream: released (6.1-rc7) [4e3c51f4e805291b057d12f5dda5aeb50a538dc4]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.12-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-26606 b/retired/CVE-2023-26606
new file mode 100644
index 00000000..7e3ecec2
--- /dev/null
+++ b/retired/CVE-2023-26606
@@ -0,0 +1,13 @@
+Description: KASAN: use-after-free Read in ntfs_trim_fs
+References:
+ https://lkml.org/lkml/2023/2/20/860
+Notes:
+ carnil> NTFS3 driver not enabled in Debian.
+Bugs:
+upstream: released (6.2-rc1) [557d19675a470bb0a98beccec38c5dc3735c20fa]
+6.1-upstream-stable: released (6.1.2) [f2e58e95273ce072ca95a2afa1f274825a1e1772]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.1.4-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-26607 b/retired/CVE-2023-26607
new file mode 100644
index 00000000..b4d42ccd
--- /dev/null
+++ b/retired/CVE-2023-26607
@@ -0,0 +1,13 @@
+Description: KASAN: slab-out-of-bounds Read in ntfs_attr_find
+References:
+ https://lkml.org/lkml/2023/2/21/1353
+Notes:
+ carnil> Upload for Debian disables NTFS_FS and marks it as BROKEN
+Bugs:
+upstream: released (6.1-rc1) [36a4d82dddbbd421d2b8e79e1cab68c8126d5075]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.156) [6322dda483344abe47d17335809f7bbb730bd88b]
+4.19-upstream-stable: released (4.19.267) [4301aa833a734257ad3715f607cbde17402eda94]
+sid: released (4.19.37-1) [debian/ntfs-mark-it-as-broken.patch]
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Fixed before branching point"
diff --git a/retired/CVE-2023-28327 b/retired/CVE-2023-28327
new file mode 100644
index 00000000..ef33831e
--- /dev/null
+++ b/retired/CVE-2023-28327
@@ -0,0 +1,17 @@
+Description: af_unix: Get user_ns from in_skb in unix_diag_get_exact().
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2177382
+ https://lore.kernel.org/netdev/CAO4mrfdvyjFpokhNsiwZiP-wpdSD0AStcJwfKcKQdAALQ9_2Qw@mail.gmail.com/
+ https://lore.kernel.org/netdev/e04315e7c90d9a75613f3993c2baf2d344eef7eb.camel@redhat.com/
+ https://lore.kernel.org/netdev/20221127012412.37969-3-kuniyu@amazon.com/T/
+Notes:
+ carnil> Commit fixes cae9910e7344 ("net: Add UNIX_DIAG_UID to Netlink
+ carnil> UNIX socket diagnostics.") in 5.3-rc1.
+Bugs:
+upstream: released (6.1) [b3abe42e94900bdd045c472f9c9be620ba5ce553]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.159) [575a6266f63dbb3b8eb1da03671451f0d81b8034]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.1.4-1)
+5.10-bullseye-security: released (5.10.162-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-28328 b/retired/CVE-2023-28328
new file mode 100644
index 00000000..e2e5e665
--- /dev/null
+++ b/retired/CVE-2023-28328
@@ -0,0 +1,14 @@
+Description: media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2177389
+ https://lore.kernel.org/linux-media/20221120065918.2160782-1-zhongbaisong@huawei.com/
+ https://lore.kernel.org/lkml/CAO4mrfcPHB5aQJO=mpqV+p8mPLNg-Fok0gw8gZ=zemAfMGTzMg@mail.gmail.com/
+Notes:
+Bugs:
+upstream: released (6.2-rc1) [0ed554fd769a19ea8464bb83e9ac201002ef74ad]
+6.1-upstream-stable: released (6.1.2) [6b60cf73a931af34b7a0a3f467a79d9fe0df2d70]
+5.10-upstream-stable: released (5.10.163) [559891d430e3f3a178040c4371ed419edbfa7d65]
+4.19-upstream-stable: released (4.19.270) [7abfe467cd685f5da7ecb415441e45e3e4e2baa8]
+sid: released (6.1.4-1)
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2023-28410 b/retired/CVE-2023-28410
new file mode 100644
index 00000000..2d90a2fc
--- /dev/null
+++ b/retired/CVE-2023-28410
@@ -0,0 +1,23 @@
+Description: INTEL-SA-00886
+References:
+ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00886.html
+ https://bugzilla.suse.com/show_bug.cgi?id=1211263#c1
+ http://blog.pi3.com.pl/?p=931
+ http://site.pi3.com.pl/adv/CVE-2023-28410_i915.txt
+Notes:
+ carnil> While it is said to be fixed with 6.2.10 upstream, there are no
+ carnil> i915 changes between 6.2.9 and 6.2.10 which seem to match
+ carnil> either the issue or the reporter.
+ carnil> Claimed that the actual fix is 661412e301e2 ("drm/i915/gem: add
+ carnil> missing boundary check in vm_access") which would imply that
+ carnil> the fix is already present in 5.19-rc1 and backported to
+ carnil> 5.17.2, 5.16.19, 5.15.33 and 5.10.110. This does not match the
+ carnil> 6.2.10 information.
+Bugs:
+upstream: released (5.19-rc1) [661412e301e2ca86799aa4f400d1cf0bd38c57c6]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.110) [89ddcc81914ab58cc203acc844f27d55ada8ec0e]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.17.3-1)
+5.10-bullseye-security: released (5.10.113-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-28464 b/retired/CVE-2023-28464
new file mode 100644
index 00000000..413e520a
--- /dev/null
+++ b/retired/CVE-2023-28464
@@ -0,0 +1,26 @@
+Description: Bluetooth: hci_conn_cleanup function has double free
+References:
+ https://www.openwall.com/lists/oss-security/2023/03/28/2
+ https://lore.kernel.org/lkml/20230309074645.74309-1-wzhmmmmm@gmail.com/
+ https://lore.kernel.org/linux-bluetooth/20230330220332.1035910-1-luiz.dentz@gmail.com/
+Notes:
+ bwh> Introduced in 6.3 by commit 0f00cd322d22 "Bluetooth: Free
+ bwh> potentially unfreed SCO connection" and backported to 6.1.25.
+ bwh> Since the fix was also backported in 6.1.25, neither sid nor
+ bwh> 6.1-upstream-stable was ever affected.
+ carnil> Upstream commit a85fb91e3d72 ("Bluetooth: Fix double free in
+ carnil> hci_conn_cleanup") in 6.7-rc1 and backported to 6.6.3, 6.5.13,
+ carnil> 6.1.64, 5.10.202 and 4.19.300 as well claim to fix the CVE.
+ carnil> Unclear if this is a followup fix needed to completely fix the
+ carnil> CVE, thus for now not considering it for tracking the fixed
+ carnil> version. The fix will be pulled in the next round of updates
+ carnil> anyway.
+Bugs:
+upstream: released (6.3-rc7) [5dc7d23e167e2882ef118456ceccd57873e876d8]
+6.1-upstream-stable: released (6.1.25) [8c4b65f6c707bc07cbcd871667b5056821c5685d]
+5.10-upstream-stable: N/A "Vulnerability introduced later"
+4.19-upstream-stable: N/A "Vulnerability introduced later"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: N/A "Vulnerability introduced later"
+4.19-buster-security: N/A "Vulnerability introduced later"
diff --git a/retired/CVE-2023-2860 b/retired/CVE-2023-2860
new file mode 100644
index 00000000..10c234e6
--- /dev/null
+++ b/retired/CVE-2023-2860
@@ -0,0 +1,13 @@
+Description: ipv6: sr: fix out-of-bounds read when setting HMAC data.
+References:
+ https://www.zerodayinitiative.com/advisories/ZDI-CAN-18511/
+Notes:
+Bugs:
+upstream: released (6.0-rc5) [84a53580c5d2138c7361c7c3eea5b31827e63b35]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.143) [076f2479fc5a15c4a970ca3b5e57d42ba09a31fa]
+4.19-upstream-stable: released (4.19.258) [f684c16971ed5e77dfa25a9ad25b5297e1f58eab]
+sid: released (5.19.11-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: released (4.19.260-1)
diff --git a/retired/CVE-2023-28772 b/retired/CVE-2023-28772
new file mode 100644
index 00000000..d3d532a6
--- /dev/null
+++ b/retired/CVE-2023-28772
@@ -0,0 +1,13 @@
+Description: seq_buf: Fix overflow in seq_buf_putmem_hex()
+References:
+ https://lore.kernel.org/all/20210626032156.47889-1-yun.zhou@windriver.com/T/#u
+ https://lore.kernel.org/lkml/20210625122453.5e2fe304@oasis.local.home/
+Notes:
+Bugs:
+upstream: released (5.14-rc1) [d3b16034a24a112bb83aeb669ac5b9b01f744bb7]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.51) [f9fb4986f4d81182f938d16beb4f983fe71212aa]
+4.19-upstream-stable: released (4.19.198) [1f4c6061fccee64b2072b28dfa3e93cf859c4c0a]
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.70-1)
+4.19-buster-security: released (4.19.208-1)
diff --git a/retired/CVE-2023-28866 b/retired/CVE-2023-28866
new file mode 100644
index 00000000..d6bc7870
--- /dev/null
+++ b/retired/CVE-2023-28866
@@ -0,0 +1,16 @@
+Description: Bluetooth: HCI: Fix global-out-of-bounds
+References:
+ https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=95084403f8c070ccf5d7cbe72352519c1798a40a
+ https://lore.kernel.org/lkml/20230321015018.1759683-1-iam@sung-woo.kim/
+ https://patchwork.kernel.org/project/bluetooth/patch/20230322232543.3079578-1-luiz.dentz@gmail.com/
+Notes:
+ carnil> Commit fixes d0b137062b2d ("Bluetooth: hci_sync: Rework init
+ carnil> stages") in 5.17-rc1.
+Bugs:
+upstream: released (6.3-rc4) [bce56405201111807cc8e4f47c6de3e10b17c1ac]
+6.1-upstream-stable: released (6.1.22) [b3168abd24245aa0775c5a387dcf94d36ca7e738]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.1.20-2) [bugfix/all/Bluetooth-HCI-Fix-global-out-of-bounds.patch]
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-2898 b/retired/CVE-2023-2898
new file mode 100644
index 00000000..3b2aac9d
--- /dev/null
+++ b/retired/CVE-2023-2898
@@ -0,0 +1,17 @@
+Description: f2fs: fix to avoid NULL pointer dereference f2fs_write_end_io()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2210102
+ https://lore.kernel.org/linux-f2fs-devel/20230522124203.3838360-1-chao@kernel.org/
+Notes:
+ carnil> Commit fixes b4b10061ef98 ("f2fs: refactor resize_fs to avoid
+ carnil> meta updates in progress") in 5.8-rc1.
+ carnil> Fixed as well in 6.4.4 for 6.4.y.
+Bugs:
+upstream: released (6.5-rc1) [d8189834d4348ae608083e1f1f53792cfcc2a9bc]
+6.1-upstream-stable: released (6.1.39) [ebe83e9bb8a6b3db28603fe938ee80ccaa01ed53]
+5.10-upstream-stable: released (5.10.188) [b39ef5b52f10b819bd0ceeb22e8f7df7800880ca]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.4.4-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-2985 b/retired/CVE-2023-2985
new file mode 100644
index 00000000..1026f907
--- /dev/null
+++ b/retired/CVE-2023-2985
@@ -0,0 +1,13 @@
+Description: fs: hfsplus: fix UAF issue in hfsplus_put_super
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2211097
+Notes:
+Bugs:
+upstream: released (6.3-rc1) [07db5e247ab5858439b14dd7cc1fe538b9efcf32]
+6.1-upstream-stable: released (6.1.16) [0c80bef0b7d297ea86e5408fe79c45479e504a26]
+5.10-upstream-stable: released (5.10.173) [ef7d71d7bd57b8b7fe514e459927696c1c6d1047]
+4.19-upstream-stable: released (4.19.276) [e226f1fdcee1ca6e68233b132718deb578a84e38]
+sid: released (6.1.20-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2023-3006 b/retired/CVE-2023-3006
new file mode 100644
index 00000000..6c1e2a0e
--- /dev/null
+++ b/retired/CVE-2023-3006
@@ -0,0 +1,14 @@
+Description: arm64: Add AMPERE1 to the Spectre-BHB affected list
+References:
+ https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git/commit/?id=0e5d5ae837c8ce04d2ddb874ec5f920118bd9d31
+ https://bugzilla.redhat.com/show_bug.cgi?id=2141026
+Notes:
+Bugs:
+upstream: released (6.1-rc1) [0e5d5ae837c8ce04d2ddb874ec5f920118bd9d31]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.153) [52a43b82006dc88f996bd06da5a3fcfef85220c8]
+4.19-upstream-stable: ignored "Too difficult and risky to backport"
+sid: released (6.0.7-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.158-1)
+4.19-buster-security: ignored "Too difficult and risky to backport"
diff --git a/retired/CVE-2023-30456 b/retired/CVE-2023-30456
new file mode 100644
index 00000000..21f19bcd
--- /dev/null
+++ b/retired/CVE-2023-30456
@@ -0,0 +1,11 @@
+Description: KVM: nVMX: add missing consistency checks for CR0 and CR4
+References:
+Notes:
+Bugs:
+upstream: released (6.3-rc3) [112e66017bff7f2837030f34c2bc19501e9212d5]
+6.1-upstream-stable: released (6.1.21) [4bba9c8adec804f03d12dc762e50d083ee88b6b0]
+5.10-upstream-stable: released (5.10.176) [c54974ccaff73525462e278602dfe4069877cfaa]
+4.19-upstream-stable: released (4.19.281) [495adb06518bb10f50e1aa1a1dbd5daa47d118f2]
+sid: released (6.1.25-1)
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2023-30772 b/retired/CVE-2023-30772
new file mode 100644
index 00000000..19cc8620
--- /dev/null
+++ b/retired/CVE-2023-30772
@@ -0,0 +1,12 @@
+Description: power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition
+References:
+Notes:
+ carnil> CONFIG_CHARGER_DA9150 not enabled in Debian.
+Bugs:
+upstream: released (6.3-rc4) [06615d11cc78162dfd5116efb71f29eb29502d37]
+6.1-upstream-stable: released (6.1.22) [47b2e1a67e6da172bb4cf69ef9dafde4458bde5f]
+5.10-upstream-stable: released (5.10.177) [75e2144291e847009fbc0350e10ec588ff96e05a]
+4.19-upstream-stable: released (4.19.280) [533d915899b4a5a7b5b5a99eec24b2920ccd1f11]
+sid: released (6.1.25-1)
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2023-3090 b/retired/CVE-2023-3090
new file mode 100644
index 00000000..b989aae0
--- /dev/null
+++ b/retired/CVE-2023-3090
@@ -0,0 +1,13 @@
+Description: ipvlan:Fix out-of-bounds caused by unclear skb->cb
+References:
+ https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e
+Notes:
+Bugs:
+upstream: released (6.4-rc2) [90cbed5247439a966b645b34eb0a2e037836ea8e]
+6.1-upstream-stable: released (6.1.30) [610a433810b277b3b77389733c07d22e8af68de2]
+5.10-upstream-stable: released (5.10.181) [f4a371d3f5a7a71dff1ab48b3122c5cf23cc7ad5]
+4.19-upstream-stable: released (4.19.284) [b36dcf3ed547c103acef6f52bed000a0ac6c074f]
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.289-1)
diff --git a/retired/CVE-2023-3106 b/retired/CVE-2023-3106
new file mode 100644
index 00000000..42a88e91
--- /dev/null
+++ b/retired/CVE-2023-3106
@@ -0,0 +1,12 @@
+Description: xfrm: fix crash in XFRM_MSG_GETSA netlink handler
+References:
+Notes:
+Bugs:
+upstream: released (4.8-rc7) [1ba5bf993c6a3142e18e68ea6452b347f9cb5635]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Fixed before branching point"
+4.19-upstream-stable: N/A "Fixed before branching point"
+sid: released (4.8.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Fixed before branching point"
diff --git a/retired/CVE-2023-3108 b/retired/CVE-2023-3108
new file mode 100644
index 00000000..458c0165
--- /dev/null
+++ b/retired/CVE-2023-3108
@@ -0,0 +1,17 @@
+Description: rypto: fix af_alg_make_sg() conversion to iov_iter
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2221472
+Notes:
+ carnil> If I understand correctly then this was introduced only anyway
+ carnil> in 1d10eb2f156f ("crypto: switch af_alg_make_sg() to iov_iter")
+ carnil> which is as well in 4.0-rc1. So actually no released version
+ carnil> was ever affected.
+Bugs:
+upstream: released (4.0-rc1) [9399f0c51489ae8c16d6559b82a452fdc1895e91]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Fixed before branching point"
+4.19-upstream-stable: N/A "Fixed before branching point"
+sid: released (4.0.2-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Fixed before branching point"
diff --git a/retired/CVE-2023-31084 b/retired/CVE-2023-31084
new file mode 100644
index 00000000..1e969719
--- /dev/null
+++ b/retired/CVE-2023-31084
@@ -0,0 +1,15 @@
+Description: media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*()
+References:
+ https://lore.kernel.org/all/CA+UBctCu7fXn4q41O_3=id1+OdyQ85tZY1x+TkT-6OVBL6KAUw@mail.gmail.com/
+Notes:
+ bwh> Introduced in 4.18 by commit 76d81243a487 "media: dvb_frontend:
+ bwh> fix locking issues at dvb_frontend_get_event()".
+Bugs:
+upstream: released (6.4-rc3) [b8c75e4a1b325ea0a9433fa8834be97b5836b946]
+6.1-upstream-stable: released (6.1.33) [d0088ea444e676a0c75551efe183bee4a3d2cfc8]
+5.10-upstream-stable: released (5.10.183) [ca2d171fd1f3ea03198b8775443d2767301dce9b]
+4.19-upstream-stable: released (4.19.285) [f3b5442184a0dab5cee9b2682f947393569e24b2]
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.289-1)
diff --git a/retired/CVE-2023-31085 b/retired/CVE-2023-31085
new file mode 100644
index 00000000..8251312e
--- /dev/null
+++ b/retired/CVE-2023-31085
@@ -0,0 +1,17 @@
+Description: divide error in ubi_attach_mtd_dev
+References:
+ https://lore.kernel.org/all/CA+UBctD_w=75wChmePZHp7KsBSNPWYGDBtzHPRPPtaFoqhGvXA@mail.gmail.com/
+Notes:
+ bwh> I don't think this has security impact, as it requires creating
+ bwh> an MTD with a specific erasesize. Several drivers support that
+ bwh> but they all have to be configured through module parameters
+ bwh> or the kernel command line.
+Bugs:
+upstream: ignored "Not a security issue"
+6.1-upstream-stable: ignored "Not a security issue"
+5.10-upstream-stable: ignored "Not a security issue"
+4.19-upstream-stable: ignored "Not a security issue"
+sid: ignored "Not a security issue"
+6.1-bookworm-security: ignored "Not a security issue"
+5.10-bullseye-security: ignored "Not a security issue"
+4.19-buster-security: ignored "Not a security issue"
diff --git a/retired/CVE-2023-3111 b/retired/CVE-2023-3111
new file mode 100644
index 00000000..03b237f0
--- /dev/null
+++ b/retired/CVE-2023-3111
@@ -0,0 +1,14 @@
+Description: btrfs: unset reloc control if transaction commit fails in prepare_to_relocate()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2212513
+ https://patchwork.kernel.org/project/linux-btrfs/patch/20220721074829.2905233-1-r33s3n6@gmail.com/
+Notes:
+Bugs:
+upstream: released (6.0-rc2) [85f02d6c856b9f3a0acf5219de6e32f58b9778eb]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.184) [b60e862e133f646f19023ece1d476d630a660de1]
+4.19-upstream-stable: released (4.19.286) [dcb11fe0a0a9cca2b7425191b9bf30dc29f2ad0f]
+sid: released (5.19.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.289-1)
diff --git a/retired/CVE-2023-31248 b/retired/CVE-2023-31248
new file mode 100644
index 00000000..f4e2ab82
--- /dev/null
+++ b/retired/CVE-2023-31248
@@ -0,0 +1,19 @@
+Description: nf_tables UAF when using nft_chain_lookup_byid
+References:
+ https://www.openwall.com/lists/oss-security/2023/07/05/2
+ https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/
+ https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git/commit/?id=515ad530795c118f012539ed76d02bacfd426d89
+ https://www.zerodayinitiative.com/advisories/ZDI-23-899/
+Notes:
+ carnil> Issue introduced with 837830a4b439 ("netfilter: nf_tables: add
+ carnil> NFTA_RULE_CHAIN_ID attribute") in 5.9-rc1.
+ carnil> For 6.4.y fixed as well in 6.4.4.
+Bugs:
+upstream: released (6.5-rc2) [515ad530795c118f012539ed76d02bacfd426d89]
+6.1-upstream-stable: released (6.1.39) [fc95c8b02c6160936f1f3d8d9d7f4f66f3c84b49]
+5.10-upstream-stable: released (5.10.188) [4ae2e501331aaa506eaf760339bb2f43e5769395]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.4.4-1)
+6.1-bookworm-security: released (6.1.38-1) [bugfix/all/netfilter-nf_tables-do-not-ignore-genmask-when-looki.patch]
+5.10-bullseye-security: released (5.10.179-2) [bugfix/all/netfilter-nf_tables-do-not-ignore-genmask-when-looki.patch]
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-3141 b/retired/CVE-2023-3141
new file mode 100644
index 00000000..826faf61
--- /dev/null
+++ b/retired/CVE-2023-3141
@@ -0,0 +1,13 @@
+Description: memstick: r592: Fix UAF bug in r592_remove due to race condition
+References:
+ https://lore.kernel.org/lkml/CAPDyKFoV9aZObZ5GBm0U_-UVeVkBN_rAG-kH3BKoP4EXdYM4bw@mail.gmail.com/t/
+Notes:
+Bugs:
+upstream: released (6.4-rc1) [63264422785021704c39b38f65a78ab9e4a186d7]
+6.1-upstream-stable: released (6.1.30) [9a342d4eb9fb8e52f7d1afe088a79513f3f9a9a5]
+5.10-upstream-stable: released (5.10.181) [5c23f6da62f71ebfeda6ea3960982ccd926ebb09]
+4.19-upstream-stable: released (4.19.284) [dce890c3dfaf631d0a8ac79c2792911f9fc551fa]
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.289-1)
diff --git a/retired/CVE-2023-31436 b/retired/CVE-2023-31436
new file mode 100644
index 00000000..e1e6ff50
--- /dev/null
+++ b/retired/CVE-2023-31436
@@ -0,0 +1,12 @@
+Description: net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg
+References:
+ https://kernel.dance/#3037933448f60f9acb705997eae62013ecb81e0d
+Notes:
+Bugs:
+upstream: released (6.3) [3037933448f60f9acb705997eae62013ecb81e0d]
+6.1-upstream-stable: released (6.1.26) [ce729b06dc33b01f8a6ac84da5ef54154326bf7e]
+5.10-upstream-stable: released (5.10.179) [ddcf35deb8f2a1d9addc74b586cf4c5a1f5d6020]
+4.19-upstream-stable: released (4.19.282) [6ef8120262dfa63d9ec517d724e6f15591473a78]
+sid: released (6.1.27-1)
+5.10-bullseye-security: released (5.10.179-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2023-3159 b/retired/CVE-2023-3159
new file mode 100644
index 00000000..3a60b29d
--- /dev/null
+++ b/retired/CVE-2023-3159
@@ -0,0 +1,12 @@
+Description: firewire: fix potential uaf in outbound_phy_packet_callback()
+References:
+Notes:
+Bugs:
+upstream: released (5.18-rc6) [b7c81f80246fac44077166f3e07103affe6db8ff]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.115) [e757ff4bbc893bc030c2d10143091094da73b9ff]
+4.19-upstream-stable: released (4.19.242) [34380b5647f13fecb458fea9a3eb3d8b3a454709]
+sid: released (5.17.11-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.120-1)
+4.19-buster-security: released (4.19.249-1)
diff --git a/retired/CVE-2023-3161 b/retired/CVE-2023-3161
new file mode 100644
index 00000000..0165be05
--- /dev/null
+++ b/retired/CVE-2023-3161
@@ -0,0 +1,12 @@
+Description: fbcon: Check font dimension limits
+References:
+Notes:
+Bugs:
+upstream: released (6.2-rc7) [2b09d5d364986f724f17001ccfe4126b9b43a0be]
+6.1-upstream-stable: released (6.1.11) [5e7f6e2ade57dfd6d133ff7c643abd2079248943]
+5.10-upstream-stable: released (5.10.168) [28d190882ba55cbcee1db8e4ae90c149178dcf64]
+4.19-upstream-stable: released (4.19.273) [1c3d4901fad1db6a4e2dcdd6b13ed0ea22f227a1]
+sid: released (6.1.11-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2023-3212 b/retired/CVE-2023-3212
new file mode 100644
index 00000000..60381624
--- /dev/null
+++ b/retired/CVE-2023-3212
@@ -0,0 +1,16 @@
+Description: gfs2: Don't deref jdesc in evict
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2214348
+Notes:
+ bwh> This affects 4.19 and it's actually worse - a UAF rather than NPE.
+ bwh> It needs at least part of commit 601ef0d52e96 "gfs2: Force
+ bwh> withdraw to replay journals and wait for it to finish" as well.
+Bugs:
+upstream: released (6.4-rc2) [504a10d9e46bc37b23d0a1ae2f28973c8516e636]
+6.1-upstream-stable: released (6.1.33) [5ae4a618a1558d2b536fdd5d42e53d3e2d73870c]
+5.10-upstream-stable: released (5.10.183) [d03d31d3a206093b9b8759dddf0ba9bd843606ba]
+4.19-upstream-stable: released (4.19.291) [d3af9cea9a1ce56f427e41e5ffcdafe9280f099f]
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-3220 b/retired/CVE-2023-3220
new file mode 100644
index 00000000..9352dc49
--- /dev/null
+++ b/retired/CVE-2023-3220
@@ -0,0 +1,12 @@
+Description: drm/msm/dpu: Add check for pstates
+References:
+Notes:
+Bugs:
+upstream: released (6.3-rc1) [93340e10b9c5fc86730d149636e0aa8b47bb5a34]
+6.1-upstream-stable: released (6.1.16) dd49cef313e6a62541b55e739261c5943cb06c47]
+5.10-upstream-stable: released (5.10.173) [e9743b3052e125c44b555f07f2876a4bdccfd983]
+4.19-upstream-stable: released (4.19.276) [c746a0b9210cebb29511f01d2becf240408327bf]
+sid: released (6.1.20-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2023-32233 b/retired/CVE-2023-32233
new file mode 100644
index 00000000..90e2de8e
--- /dev/null
+++ b/retired/CVE-2023-32233
@@ -0,0 +1,14 @@
+Description: netfilter: nf_tables: deactivate anonymous set from preparation phase
+References:
+ https://www.openwall.com/lists/oss-security/2023/05/08/4
+ https://www.openwall.com/lists/oss-security/2023/05/15/5
+Notes:
+Bugs:
+upstream: released (6.4-rc1) [c1592a89942e9678f7d9c8030efa777c0d57edab]
+6.1-upstream-stable: released (6.1.28) [4507918cd1f8b80f21a396fa0531d53e372bed66]
+5.10-upstream-stable: released (5.10.180) [e044a24447189419c3a7ccc5fa6da7516036dc55]
+4.19-upstream-stable: released (4.19.283) [c6989314fd809c5eaf4980d6fa474f19fc653d6c]
+sid: released (6.1.27-1) [bugfix/all/netfilter-nf_tables-deactivate-anonymous-set-from-pr.patch]
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.179-1) [bugfix/all/netfilter-nf_tables-deactivate-anonymous-set-from-pr.patch]
+4.19-buster-security: released (4.19.289-1)
diff --git a/retired/CVE-2023-32247 b/retired/CVE-2023-32247
new file mode 100644
index 00000000..fc4fb334
--- /dev/null
+++ b/retired/CVE-2023-32247
@@ -0,0 +1,14 @@
+Description: ksmbd: destroy expired sessions
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2219803
+ https://www.zerodayinitiative.com/advisories/ZDI-CAN-20478/
+Notes:
+Bugs:
+upstream: released (6.4-rc1) [ea174a91893956450510945a0c5d1a10b5323656]
+6.1-upstream-stable: released (6.1.29) [1fc8a2b14ef5223f8e0b95faba2ee0a6e4d0f99d]
+5.10-upstream-stable: N/A "Vunerable code not present"
+4.19-upstream-stable: N/A "Vunerable code not present"
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: N/A "Vunerable code not present"
+4.19-buster-security: N/A "Vunerable code not present"
diff --git a/retired/CVE-2023-32248 b/retired/CVE-2023-32248
new file mode 100644
index 00000000..915f6fcd
--- /dev/null
+++ b/retired/CVE-2023-32248
@@ -0,0 +1,14 @@
+Description: ksmbd: fix NULL pointer dereference in smb2_get_info_filesystem()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2219818
+ https://www.zerodayinitiative.com/advisories/ZDI-CAN-20479/
+Notes:
+Bugs:
+upstream: released (6.4-rc1) [3ac00a2ab69b34189942afa9e862d5170cdcb018]
+6.1-upstream-stable: released (6.1.28) [a70751dd7b60eab025e97e19b6b2477c6eaf2bbb]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-32250 b/retired/CVE-2023-32250
new file mode 100644
index 00000000..71bd9c9c
--- /dev/null
+++ b/retired/CVE-2023-32250
@@ -0,0 +1,14 @@
+Description: ksmbd: fix racy issue from session setup and logoff
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2208849
+ https://www.zerodayinitiative.com/advisories/ZDI-23-698/
+Notes:
+Bugs:
+upstream: released (6.4-rc1) [f5c779b7ddbda30866cf2a27c63e34158f858c73]
+6.1-upstream-stable: released (6.1.29) [f623f627ad2b1dc215ab3b0df53fb05cfd3a1c3b]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-32252 b/retired/CVE-2023-32252
new file mode 100644
index 00000000..a6a7aab4
--- /dev/null
+++ b/retired/CVE-2023-32252
@@ -0,0 +1,16 @@
+Description: ksmbd: fix racy issue from session setup and logoff
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2219815
+ https://www.zerodayinitiative.com/advisories/ZDI-CAN-20590/
+Notes:
+ carnil> Not a duplicate CVE-2023-32250, different issue fixed in same
+ carnil> commit as CVE-2023-32250.
+Bugs:
+upstream: released (6.4-rc1) [f5c779b7ddbda30866cf2a27c63e34158f858c73]
+6.1-upstream-stable: released (6.1.29) [f623f627ad2b1dc215ab3b0df53fb05cfd3a1c3b]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-32254 b/retired/CVE-2023-32254
new file mode 100644
index 00000000..97bc76d5
--- /dev/null
+++ b/retired/CVE-2023-32254
@@ -0,0 +1,14 @@
+Description: ksmbd: fix racy issue under cocurrent smb2 tree disconnect
+References:
+ https://www.zerodayinitiative.com/advisories/ZDI-CAN-20592/
+ https://bugzilla.redhat.com/show_bug.cgi?id=2191658
+Notes:
+Bugs:
+upstream: released (6.4-rc1) [30210947a343b6b3ca13adc9bfc88e1543e16dd5]
+6.1-upstream-stable: released (6.1.28) [bd80d35725a0cf4df9307bfe2f1a3b2cb983d8e6]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-32257 b/retired/CVE-2023-32257
new file mode 100644
index 00000000..92244569
--- /dev/null
+++ b/retired/CVE-2023-32257
@@ -0,0 +1,16 @@
+Description: ksmbd: fix racy issue from session setup and logoff
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2219806
+ https://www.zerodayinitiative.com/advisories/ZDI-CAN-20596/
+Notes:
+ carnil> Not a duplicate CVE-2023-32250, different issue fixed in same
+ carnil> commit as CVE-2023-32250.
+Bugs:
+upstream: released (6.4-rc1) [f5c779b7ddbda30866cf2a27c63e34158f858c73]
+6.1-upstream-stable: released (6.1.29) [f623f627ad2b1dc215ab3b0df53fb05cfd3a1c3b]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-32258 b/retired/CVE-2023-32258
new file mode 100644
index 00000000..1f0c6e7b
--- /dev/null
+++ b/retired/CVE-2023-32258
@@ -0,0 +1,14 @@
+Description: ksmbd: fix racy issue from smb2 close and logoff with multichannel
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2219809
+ https://www.zerodayinitiative.com/advisories/ZDI-CAN-20796/
+Notes:
+Bugs:
+upstream: released (6.4-rc1) [abcc506a9a71976a8b4c9bf3ee6efd13229c1e19]
+6.1-upstream-stable: released (6.1.29) [4aba9ab6a007e41182454f84f95c0bddf7d6d7e1]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-32269 b/retired/CVE-2023-32269
new file mode 100644
index 00000000..8c614bb9
--- /dev/null
+++ b/retired/CVE-2023-32269
@@ -0,0 +1,11 @@
+Description: netrom: Fix use-after-free caused by accept on already connected socket
+References:
+Notes:
+Bugs:
+upstream: released (6.2-rc7) [611792920925fb088ddccbe2783c7f92fdfb6b64]
+6.1-upstream-stable: released (6.1.11) [5c2227f3f17782d5262ee0979ad30609b3e01f6e]
+5.10-upstream-stable: released (5.10.168) [dd6991251a1382a9b4984962a0c7a467e9d71812]
+4.19-upstream-stable: released (4.19.273) [2c1984d101978e979783bdb2376eb6eca9f8f627]
+sid: released (6.1.11-1)
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2023-3268 b/retired/CVE-2023-3268
new file mode 100644
index 00000000..ea31dd4d
--- /dev/null
+++ b/retired/CVE-2023-3268
@@ -0,0 +1,14 @@
+Description: relayfs: fix out-of-bounds access in relay_file_read
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2215502
+ https://lore.kernel.org/lkml/1682238502-1892-1-git-send-email-yangpc%40wangsu.com/T/
+Notes:
+Bugs:
+upstream: released (6.4-rc1) [43ec16f1450f4936025a9bdf1a273affdb9732c1]
+6.1-upstream-stable: released (6.1.28) [f6ee841ff2169d7a7d045340ee72b2b9de9f06c5]
+5.10-upstream-stable: released (5.10.180) [1b0df44753bf9e45eaf5cee34f87597193f862e8]
+4.19-upstream-stable: released (4.19.283) [ed32488417669568308b65ba5d45799418f9ed49]
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.289-1)
diff --git a/retired/CVE-2023-3269 b/retired/CVE-2023-3269
new file mode 100644
index 00000000..98139b98
--- /dev/null
+++ b/retired/CVE-2023-3269
@@ -0,0 +1,15 @@
+Description: StackRot
+References:
+ https://www.openwall.com/lists/oss-security/2023/07/05/1
+ https://github.com/lrh2000/StackRot
+ https://www.openwall.com/lists/oss-security/2023/07/28/1
+Notes:
+Bugs:
+upstream: released (6.5-rc1) [c2508ec5a58db67093f4fb8bf89a9a7c53a109e9, eda0047296a16d65a7f2bc60a408f70d178b2014, ae870a68b5d13d67cf4f18d47bb01ee3fee40acb, e6fe228c4ffafdfc970cf6d46883a1f481baf7ea, 4bce37a68ff884e821a02a731897a8119e0c37b7, 7267ef7b0b77f4ed23b7b3c87d8eca7bd9c2d007, 8b35ca3e45e35a26a21427f35d4093606e93ad0a, a050ba1e7422f2cc60ff8bfde3f96d34d00cb585, 2cd76c50d0b41cec5c87abfcdf25b236a2793fb6, f440fa1ac955e2898893f9301568435eb5cdfc4b, f313c51d26aa87e69633c9b46efb37a930faca71, 8d7071af890768438c14db6172cc8f9f4d04e184, a425ac5365f6cb3cc47bf83e6bff0213c10445f7]
+6.1-upstream-stable: released (6.1.37) [d6a5c7a1a6e52d4c46fe181237ca96cd46a42386, 755aa1bc6aaf9961aa4bdb54f32faaba06c08792, b92cd80e5f0b14760a49ff68da23959a38452cda, 82972ea17b47e2f9b08a91d62e92731367475f11, 7227d70acc7813c77e797be00503177ce484228a, ac764deea709b4d13fa78265cb2ec463da05a5d6, 1f4197f050dec016783663682b9eccbb603befa7, 21ee33d51bf9f9489c7e0eb8cb17c803e2d03bd0, 48c232819e77dcd7ff476e964bc671e0589daae6, 6a6b5616c3d04eba12dd0abc0522e5bae5f1ee5a, c4b31d1b694e101cae7469a20762647185e11721, e6bbad75712a97b9b16433563c1358652a33003e]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.3.11-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-3312 b/retired/CVE-2023-3312
new file mode 100644
index 00000000..8979ce40
--- /dev/null
+++ b/retired/CVE-2023-3312
@@ -0,0 +1,18 @@
+Description: cpufreq: qcom-cpufreq-hw: fix double IO unmap and resource release on exit
+References:
+ https://patchwork.kernel.org/project/linux-pm/patch/20230323174026.950622-1-krzysztof.kozlowski%40linaro.org/
+Notes:
+ carnil> Commit fixes 054a3ef683a1 ("cpufreq: qcom-hw: Allocate
+ carnil> qcom_cpufreq_data during probe") in 6.2-rc1. As such no
+ carnil> released Debian version was ever affected apart experimental
+ carnil> suite as the fix was backported as well to 6.3.2 included in
+ carnil> the first upload to unstable of the 6.3.y series as 6.3.7-1.
+Bugs:
+upstream: released (6.4-rc1) [ba5e770c9698782bc203bbf5cf3b36a77720bdbe]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code never present in released version"
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-3317 b/retired/CVE-2023-3317
new file mode 100644
index 00000000..8c3b2b19
--- /dev/null
+++ b/retired/CVE-2023-3317
@@ -0,0 +1,16 @@
+Description: wifi: mt76: mt7921: Fix use-after-free in fw features query.
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2215892
+ https://patchwork.kernel.org/project/linux-wireless/patch/51fd8f76494348aa9ecbf0abc471ebe47a983dfd.1679502607.git.lorenzo@kernel.org/
+Notes:
+ bwh> Introduced in 6.2 by commit 034ae28b56f1 "wifi: mt76: mt7921:
+ bwh> introduce remain_on_channel support".
+Bugs:
+upstream: released (6.3-rc6) [2ceb76f734e37833824b7fab6af17c999eb48d2b]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code never in released version in unstable"
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-33203 b/retired/CVE-2023-33203
new file mode 100644
index 00000000..34b68b8c
--- /dev/null
+++ b/retired/CVE-2023-33203
@@ -0,0 +1,14 @@
+Description: net: qcom/emac: Fix use after free bug in emac_remove due to race condition
+References:
+ https://bugzilla.suse.com/show_bug.cgi?id=1210685
+Notes:
+ carnil> Commit fixes b9b17debc69d ("net: emac: emac gigabit ethernet
+ carnil> controller driver") in 4.9-rc1.
+Bugs:
+upstream: released (6.3-rc4) [6b6bc5b8bd2d4ca9e1efa9ae0f98a0b0687ace75]
+6.1-upstream-stable: released (6.1.22) [5fc2c4e311a9341a2b0e044ab5f33afa37b56226]
+5.10-upstream-stable: released (5.10.177) [cb5879efde4f9b4de4248b835890df7b6c49ffbc]
+4.19-upstream-stable: released (4.19.280) [4bbc59ec4feb1ea8d5cb3d9d38d4cb1317943ea4]
+sid: released (6.1.25-1)
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2023-33250 b/retired/CVE-2023-33250
new file mode 100644
index 00000000..52cf845a
--- /dev/null
+++ b/retired/CVE-2023-33250
@@ -0,0 +1,18 @@
+Description: KASAN: slab-use-after-free in iopt_unmap_iova_range
+References:
+ https://groups.google.com/g/syzkaller/c/G6P9yecsTZ8/m/iiqFVOM9BwAJ
+ https://lore.kernel.org/linux-iommu/ZDabT%2FuRl%2FjxFhm0%40ip-172-31-85-199.ec2.internal/T/
+Notes:
+ bwh> The use-after-free is the unlocked read of area->num_accesses,
+ bwh> introduced in 6.2 by commit 8d40205f6093 "iommufd: Add kAPI
+ bwh> toward external drivers for kernel access".
+ carnil> Fixed as well in 6.4.4 for 6.4.y.
+Bugs:
+upstream: released (6.5-rc1) [dbe245cdf5189e88d680379ed13901356628b650, 804ca14d04df09bf7924bacc5ad22a4bed80c94f]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.4.4-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-3338 b/retired/CVE-2023-3338
new file mode 100644
index 00000000..2174189f
--- /dev/null
+++ b/retired/CVE-2023-3338
@@ -0,0 +1,15 @@
+Description: NULL Pointer Dereference in DECnet
+References:
+ https://www.openwall.com/lists/oss-security/2023/06/24/3
+Notes:
+ carnil> Fixed upstream by removing DECnet support in stable series as
+ carnil> well.
+Bugs:
+upstream: released (6.1-rc1) [1202cdd665315c525b5237e96e0bedc76d7e754f]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.185) [1c004b379b0327992c1713334198cf5eba29a4ba]
+4.19-upstream-stable: released (4.19.287) [3e77bbc87342841db66c18a3afca0441c8c555e4]
+sid: released (6.1.4-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.289-1)
diff --git a/retired/CVE-2023-3355 b/retired/CVE-2023-3355
new file mode 100644
index 00000000..a95e20fd
--- /dev/null
+++ b/retired/CVE-2023-3355
@@ -0,0 +1,14 @@
+Description: drm/msm/gem: Add check for kmalloc
+References:
+Notes:
+ carnil> Commit fixes 20224d715a88 ("drm/msm/submit: Move copy_from_user
+ carnil> ahead of locking bos") in 5.11-rc1.
+Bugs:
+upstream: released (6.3-rc1) [d839f0811a31322c087a859c2b181e2383daa7be]
+6.1-upstream-stable: released (6.1.16) [31c4251a20fd7addc1bf4fe801f95f9ba1b38990]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.1.20-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-3357 b/retired/CVE-2023-3357
new file mode 100644
index 00000000..d45859a2
--- /dev/null
+++ b/retired/CVE-2023-3357
@@ -0,0 +1,15 @@
+Description: HID: amd_sfh: Add missing check for dma_alloc_coherent
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2169482
+Notes:
+ carnil> Commit fixes 4b2c53d93a4b ("SFH:Transport Driver to add support
+ carnil> of AMD Sensor Fusion Hub (SFH)") in 5.11-rc1.
+Bugs:
+upstream: released (6.2-rc1) [53ffa6a9f83b2170c60591da1ead8791d5a42e81]
+6.1-upstream-stable: released (6.1.2) [8a37cf11dc78b71a5e0ef18aa33af41415b5ca38]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.1.4-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-3358 b/retired/CVE-2023-3358
new file mode 100644
index 00000000..7efe6062
--- /dev/null
+++ b/retired/CVE-2023-3358
@@ -0,0 +1,13 @@
+Description: HID: intel_ish-hid: Add check for ishtp_dma_tx_map
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2169343
+Notes:
+Bugs:
+upstream: released (6.2-rc5) [b3d40c3ec3dc4ad78017de6c3a38979f57aaaab8]
+6.1-upstream-stable: released (6.1.9) [9a65e90179ba06eb299badc3e4dc4aa2b1e35af3]
+5.10-upstream-stable: released (5.10.166) [7b4516ba56f1fcb13ffc91912f3074e28362228d]
+4.19-upstream-stable: released (4.19.272) [cc906a3a4432da143ab3d2e894f99ddeff500cd3]
+sid: released (6.1.11-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2023-3359 b/retired/CVE-2023-3359
new file mode 100644
index 00000000..5e229f1e
--- /dev/null
+++ b/retired/CVE-2023-3359
@@ -0,0 +1,15 @@
+Description: nvmem: brcm_nvram: Add check for kzalloc
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2168251
+Notes:
+ carnil> Commit fixes 6e977eaa8280 ("nvmem: brcm_nvram: parse NVRAM
+ carnil> content into NVMEM cells") in 5.18-rc1
+Bugs:
+upstream: released (6.2-rc7) [b0576ade3aaf24b376ea1a4406ae138e2a22b0c0]
+6.1-upstream-stable: released (6.1.11) [f5249bbae0e736d612d2095ad79dc1389b3e89b5]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.1.11-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-3389 b/retired/CVE-2023-3389
new file mode 100644
index 00000000..f3cb1685
--- /dev/null
+++ b/retired/CVE-2023-3389
@@ -0,0 +1,14 @@
+Description: io_uring: hold uring mutex around poll removal
+References:
+ https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663
+ https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04
+Notes:
+Bugs:
+upstream: released (6.0-rc1) [9ca9fb24d5febccea354089c41f96a8ad0d853f8]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.185) [4716c73b188566865bdd79c3a6709696a224ac04]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.2-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-3390 b/retired/CVE-2023-3390
new file mode 100644
index 00000000..3d7ebdb1
--- /dev/null
+++ b/retired/CVE-2023-3390
@@ -0,0 +1,15 @@
+Description: netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
+References:
+ https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97
+Notes:
+ carnil> Commit fixes 958bee14d071 ("netfilter: nf_tables: use new
+ carnil> transaction infrastructure to handle sets") 3.16-rc1.
+Bugs:
+upstream: released (6.4-rc7) [1240eb93f0616b21c675416516ff3d74798fdc97]
+6.1-upstream-stable: released (6.1.35) [ 4aaa3b730d16c13cc3feaa127bfca1af201d969d]
+5.10-upstream-stable: released (5.10.188) [8180fc2fadd48dde4966f2db2c716c2ce7510d0b]
+4.19-upstream-stable: released (4.19.291) [798aa8da13782fe472aa48841c5570d7439339b8]
+sid: released (6.3.11-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: released (5.10.179-3) [bugfix/all/netfilter-nf_tables-incorrect-error-path-handling-wi.patch]
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-33951 b/retired/CVE-2023-33951
new file mode 100644
index 00000000..ddc391ba
--- /dev/null
+++ b/retired/CVE-2023-33951
@@ -0,0 +1,15 @@
+Description: drm/vmwgfx: Do not drop the reference to the handle too soon
+References:
+ https://www.zerodayinitiative.com/advisories/ZDI-CAN-20110/
+Notes:
+ carnil> Commit fixes 8afa13a0583f ("drm/vmwgfx: Implement DRIVER_GEM")
+ carnil> in 5.17-rc1.
+Bugs:
+upstream: released (6.4-rc1) [9ef8d83e8e25d5f1811b3a38eb1484f85f64296c]
+6.1-upstream-stable: released (6.1.13) [0a127ac972404600c99eb141c8d5b5348e53ee4f]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.1.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-33952 b/retired/CVE-2023-33952
new file mode 100644
index 00000000..f685a46c
--- /dev/null
+++ b/retired/CVE-2023-33952
@@ -0,0 +1,15 @@
+Description: drm/vmwgfx: Do not drop the reference to the handle too soon
+References:
+ https://www.zerodayinitiative.com/advisories/ZDI-CAN-20292/
+Notes:
+ carnil> Commit fixes 8afa13a0583f ("drm/vmwgfx: Implement DRIVER_GEM")
+ carnil> in 5.17-rc1.
+Bugs:
+upstream: released (6.4-rc1) [9ef8d83e8e25d5f1811b3a38eb1484f85f64296c]
+6.1-upstream-stable: released (6.1.13) [0a127ac972404600c99eb141c8d5b5348e53ee4f]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.1.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-34256 b/retired/CVE-2023-34256
new file mode 100644
index 00000000..be1f7474
--- /dev/null
+++ b/retired/CVE-2023-34256
@@ -0,0 +1,14 @@
+Description: ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum
+References:
+ https://syzkaller.appspot.com/bug?extid=8785e41224a3afd04321
+Notes:
+ carnil> Fixed as well in 6.3.3 for 6.3.y.
+Bugs:
+upstream: released (6.4-rc2) [4f04351888a83e595571de672e0a4a8b74f4fb31]
+6.1-upstream-stable: released (6.1.29) [1fffe4750500148f3e744ed77cf233db8342603f]
+5.10-upstream-stable: released (5.10.180) [0dde3141c527b09b96bef1e7eeb18b8127810ce9]
+4.19-upstream-stable: released (4.19.283) [a733c466cedd1013a41fd8908d5810f2c161072f]
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.289-1)
diff --git a/retired/CVE-2023-34319 b/retired/CVE-2023-34319
new file mode 100644
index 00000000..7955e61b
--- /dev/null
+++ b/retired/CVE-2023-34319
@@ -0,0 +1,14 @@
+Description: xen/netback: Fix buffer overrun triggered by unusual packet
+References:
+ https://xenbits.xen.org/xsa/advisory-432.html
+Notes:
+ carnil> Fixed as well in 6.4.9 for 4.9.y.
+Bugs:
+upstream: released (6.5-rc6) [534fc31d09b706a16d83533e16b5dc855caf7576]
+6.1-upstream-stable: released (6.1.44) [fa5b932b77c815d0e416612859d5899424bb4212]
+5.10-upstream-stable: released (5.10.189) [f9167a2d6b943f30743de6ff8163d1981c34f9a9]
+4.19-upstream-stable: released (4.19.290) [11e6919ae028b5de1fc48007354ea07069561b31]
+sid: released (6.4.11-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-34324 b/retired/CVE-2023-34324
new file mode 100644
index 00000000..6a52cbe0
--- /dev/null
+++ b/retired/CVE-2023-34324
@@ -0,0 +1,14 @@
+Description: xen/events: replace evtchn_rwlock with RCU
+References:
+ https://xenbits.xen.org/xsa/advisory-441.html
+Notes:
+ carnil> For 6.5.y fixed as well in 6.5.7.
+Bugs:
+upstream: released (6.6-rc6) [87797fad6cce28ec9be3c13f031776ff4f104cfc]
+6.1-upstream-stable: released (6.1.57) [a4cc925e2e12c3bbffb0860acdb9f9c1abde47dd]
+5.10-upstream-stable: released (5.10.198) [660627c71bc1098aa94e5f208f14748b105b73bc]
+4.19-upstream-stable: released (4.19.296) [3fdf2be9089b5096a28e76376656c60ce410ac4a]
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-3439 b/retired/CVE-2023-3439
new file mode 100644
index 00000000..f12b84c5
--- /dev/null
+++ b/retired/CVE-2023-3439
@@ -0,0 +1,16 @@
+Description: mctp: defer the kfree of object mdev->addr
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2217915
+ https://www.openwall.com/lists/oss-security/2023/07/02/1
+Notes:
+ carnil> Commit fixes 583be982d934 (mctp: Add device handling and
+ carnil> netlink interface) in 5.15-rc1.
+Bugs:
+upstream: released (5.18-rc5) [b561275d633bcd8e0e8055ab86f1a13df75a0269]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.17.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-35001 b/retired/CVE-2023-35001
new file mode 100644
index 00000000..2e32a1e7
--- /dev/null
+++ b/retired/CVE-2023-35001
@@ -0,0 +1,19 @@
+Description: nf_tables nft_byteorder_eval OOB read/write
+References:
+ https://www.openwall.com/lists/oss-security/2023/07/05/3
+ https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/
+ https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git/commit/?id=caf3ef7468f7534771b5c44cd8dbd6f7f87c2cbd
+ https://www.zerodayinitiative.com/advisories/ZDI-23-900/
+Notes:
+ carnil> Introduced with 96518518cc41 ("netfilter: add nftables") in
+ carnil> 3.13-rc1.
+ carnil> For 6.4.y fixed as well in 6.4.4.
+Bugs:
+upstream: released (6.5-rc2) [caf3ef7468f7534771b5c44cd8dbd6f7f87c2cbd]
+6.1-upstream-stable: released (6.1.39) [40f83dd66a823400d8592e3b71e190e3ad978eb5]
+5.10-upstream-stable: released (5.10.188) [ea213922249c7e448d217a0a0441c6f86a8155fd]
+4.19-upstream-stable: released (4.19.291) [025fd7efe2639773540a5e425b7bc0dc10b6b023]
+sid: released (6.4.4-1)
+6.1-bookworm-security: released (6.1.38-1) [bugfix/all/netfilter-nf_tables-prevent-OOB-access-in-nft_byteor.patch]
+5.10-bullseye-security: released (5.10.179-2) [bugfix/all/netfilter-nf_tables-prevent-OOB-access-in-nft_byteor.patch]
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-3567 b/retired/CVE-2023-3567
new file mode 100644
index 00000000..0516788e
--- /dev/null
+++ b/retired/CVE-2023-3567
@@ -0,0 +1,14 @@
+Description: use after free in vcs_read in drivers/tty/vt/vc_screen.c due to race
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2221463
+ https://www.spinics.net/lists/stable-commits/msg285184.html
+Notes:
+Bugs:
+upstream: released (6.2-rc7) [226fae124b2dac217ea5436060d623ff3385bc34]
+6.1-upstream-stable: released (6.1.11) [8506f16aae9daf354e3732bcfd447e2a97f023df]
+5.10-upstream-stable: released (5.10.168) [55515d7d8743b71b80bfe68e89eb9d92630626ab]
+4.19-upstream-stable: released (4.19.273) [6332f52f44b9776568bf3c0b714ddfb0bb175e78]
+sid: released (6.1.11-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2023-35788 b/retired/CVE-2023-35788
new file mode 100644
index 00000000..96cb30c1
--- /dev/null
+++ b/retired/CVE-2023-35788
@@ -0,0 +1,13 @@
+Description: net/sched: flower: fix possible OOB write in fl_set_geneve_opt()
+References:
+ https://www.openwall.com/lists/oss-security/2023/06/07/1
+Notes:
+Bugs:
+upstream: released (6.4-rc5) [4d56304e5827c8cc8cc18c75343d283af7c4825c]
+6.1-upstream-stable: released (6.1.33) [eac615ed3c6d91f1196f16f0a0599fff479cb220]
+5.10-upstream-stable: released (5.10.183) [7c5c67aa294444b53f697dc3ddce61b33ff8badd]
+4.19-upstream-stable: released (4.19.285) [59a27414bb00e48c4153a8b794fb4e69910a6a1b]
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.289-1)
diff --git a/retired/CVE-2023-35823 b/retired/CVE-2023-35823
new file mode 100644
index 00000000..ce216fc8
--- /dev/null
+++ b/retired/CVE-2023-35823
@@ -0,0 +1,14 @@
+Description: media: saa7134: fix use after free bug in saa7134_finidev due to race condition
+References:
+ https://lore.kernel.org/all/49bb0b6a-e669-d4e7-d742-a19d2763e947%40xs4all.nl/
+ https://lore.kernel.org/lkml/20230318085023.832510-1-zyytlz.wz%40163.com/t/
+Notes:
+Bugs:
+upstream: released (6.4-rc1) [30cf57da176cca80f11df0d9b7f71581fe601389]
+6.1-upstream-stable: released (6.1.28) [5a72aea9acfe945353fb3a2f141f4e526a5f3684]
+5.10-upstream-stable: released (5.10.180) [7dac96e9cc985328ec1fae92f0c245f559dc0e11]
+4.19-upstream-stable: released (4.19.283) [95e684340470a95ff4957cb9a536ec7a0461c75b]
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.289-1)
diff --git a/retired/CVE-2023-35824 b/retired/CVE-2023-35824
new file mode 100644
index 00000000..b8987007
--- /dev/null
+++ b/retired/CVE-2023-35824
@@ -0,0 +1,14 @@
+Description: media: dm1105: Fix use after free bug in dm1105_remove due to race condition
+References:
+ https://lore.kernel.org/all/49bb0b6a-e669-d4e7-d742-a19d2763e947%40xs4all.nl/
+ https://lore.kernel.org/lkml/20230318081506.795147-1-zyytlz.wz%40163.com/
+Notes:
+Bugs:
+upstream: released (6.4-rc1) [5abda7a16698d4d1f47af1168d8fa2c640116b4a]
+6.1-upstream-stable: released (6.1.28) [305262a23c949010a056bd81b6e84051fd72a567]
+5.10-upstream-stable: released (5.10.180) [e9d64e90a0ada4d00ac6562e351ef10ae7d9b911]
+4.19-upstream-stable: released (4.19.283) [722c156c6eab40a6e7dda98dfa66724f9d5aeceb]
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.289-1)
diff --git a/retired/CVE-2023-35826 b/retired/CVE-2023-35826
new file mode 100644
index 00000000..0c7aa98b
--- /dev/null
+++ b/retired/CVE-2023-35826
@@ -0,0 +1,16 @@
+Description: media: cedrus: fix use after free bug in cedrus_remove due to race condition
+References:
+ https://lore.kernel.org/all/a4dafa22-3ee3-dbe1-fd50-fee07883ce1a%40xs4all.nl/
+ https://lore.kernel.org/linux-arm-kernel/20230308032333.1893394-1-zyytlz.wz%40163.com/T/
+Notes:
+ carnil> Commit fixes 7c38a551bda1 ("media: cedrus: Add watchdog for job
+ carnil> completion") in 5.18-rc1.
+Bugs:
+upstream: released (6.4-rc1) [50d0a7aea4809cef87979d4669911276aa23b71f]
+6.1-upstream-stable: released (6.1.28) [2cdc8f729d953143b3bbdc56841bb6800752de7f]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-35828 b/retired/CVE-2023-35828
new file mode 100644
index 00000000..20edc7f6
--- /dev/null
+++ b/retired/CVE-2023-35828
@@ -0,0 +1,14 @@
+Description: usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition
+References:
+ https://lore.kernel.org/lkml/CAJedcCwkuznS1kSTvJXhzPoavcZDWNhNMshi-Ux0spSVRwU=RA%40mail.gmail.com/T/
+Notes:
+ carnil> USB_RENESAS_USB3 not enabled in Debian.
+Bugs:
+upstream: released (6.4-rc1) [2b947f8769be8b8181dc795fd292d3e7120f5204]
+6.1-upstream-stable: released (6.1.28) [df2380520926bdbc264cffab0f45da9a21f304c8]
+5.10-upstream-stable: released (5.10.180) [36c237b202a406ba441892eabcf44e60dae7ad73]
+4.19-upstream-stable: released (4.19.283) [ad03fe033a71ed1fd2cb68a067198ae0e342f991]
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.289-1)
diff --git a/retired/CVE-2023-35829 b/retired/CVE-2023-35829
new file mode 100644
index 00000000..6b75d6ba
--- /dev/null
+++ b/retired/CVE-2023-35829
@@ -0,0 +1,16 @@
+Description: media: rkvdec: fix use after free bug in rkvdec_remove
+References:
+ https://lore.kernel.org/lkml/20230307173900.1299387-1-zyytlz.wz%40163.com/T/
+Notes:
+ carnil> Commit fixes cd33c830448b ("media: rkvdec: Add the rkvdec
+ carnil> driver") in 5.8-rc1. VIDEO_ROCKCHIP_VDEC not enabled in 5.10.y
+ carnil> Debian kernel in bullseye.
+Bugs:
+upstream: released (6.4-rc1) [3228cec23b8b29215e18090c6ba635840190993d]
+6.1-upstream-stable: released (6.1.28) [6a17add9c61030683b9c1fc86878f00a2d318a95]
+5.10-upstream-stable: released (5.10.180) [de19d02d734ef29f5dbd2c12fe810fa960ecd83f]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-3609 b/retired/CVE-2023-3609
new file mode 100644
index 00000000..81b66497
--- /dev/null
+++ b/retired/CVE-2023-3609
@@ -0,0 +1,13 @@
+Description: net/sched: cls_u32: Fix reference counter leak leading to overflow
+References:
+ https://github.com/google/security-research/pull/48
+Notes:
+Bugs:
+upstream: released (6.4-rc7) [04c55383fa5689357bcdd2c8036725a55ed632bc]
+6.1-upstream-stable: released (6.1.35) [07f9cc229b44cbcee6385802d390091d915f38c3]
+5.10-upstream-stable: released (5.10.185) [af6eaa57986e82d7efd81984ee607927c6de61e4]
+4.19-upstream-stable: released (4.19.291) [8ffaf24a377519e4396f03da5ccda082edae1ac9]
+sid: released (6.3.11-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-3610 b/retired/CVE-2023-3610
new file mode 100644
index 00000000..39e348ba
--- /dev/null
+++ b/retired/CVE-2023-3610
@@ -0,0 +1,14 @@
+Description: netfilter: nf_tables: fix chain binding transaction logic
+References:
+Notes:
+ carnil> Commit fixes d0e2c7de92c7 ("netfilter: nf_tables: add
+ carnil> NFT_CHAIN_BINDING") in 5.9-rc1.
+Bugs:
+upstream: released (6.4) [4bedf9eee016286c835e3d8fa981ddece5338795]
+6.1-upstream-stable: released (6.1.36) [891cd2edddc76c58e842706ad27e2ff96000bd5d]
+5.10-upstream-stable: released (5.10.188) [d53c295c1f43b7460d28ba0f0f98a602084fdcb6]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.3.11-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: released (5.10.179-3) [bugfix/all/netfilter-nf_tables-fix-chain-binding-transaction-lo.patch]
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-3611 b/retired/CVE-2023-3611
new file mode 100644
index 00000000..5523a710
--- /dev/null
+++ b/retired/CVE-2023-3611
@@ -0,0 +1,14 @@
+Description: net/sched: sch_qfq: account for stab overhead in qfq_enqueue
+References:
+ https://kernel.dance/3e337087c3b5805fe0b8a46ba622a962880b5d64
+Notes:
+ carnil> For 6.4.y fixed as well in 6.4.5.
+Bugs:
+upstream: released (6.5-rc2) [3e337087c3b5805fe0b8a46ba622a962880b5d64]
+6.1-upstream-stable: released (6.1.40) [70feebdbfad85772ab3ef152812729cab5c6c426]
+5.10-upstream-stable: released (5.10.188) [8359ee85fd6dabc5c134ed69fb22faadd8a44071]
+4.19-upstream-stable: released (4.19.291) [ee3bc829f9b4df96d208d58b654e400fa1f3b46c]
+sid: released (6.4.4-2) [bugfix/all/net-sched-sch_qfq-account-for-stab-overhead-in-qfq_e.patch]
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-3772 b/retired/CVE-2023-3772
new file mode 100644
index 00000000..6ff9446a
--- /dev/null
+++ b/retired/CVE-2023-3772
@@ -0,0 +1,19 @@
+Description: xfrm: add NULL check in xfrm_update_ae_params
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2218943
+ https://lore.kernel.org/netdev/20230721145103.2714073-1-linma@zju.edu.cn/
+ https://www.openwall.com/lists/oss-security/2023/08/10/1
+ https://kernel.googlesource.com/pub/scm/linux/kernel/git/klassert/ipsec/+/00374d9b6d9f932802b55181be9831aa948e5b7c%5E%21/#F0
+Notes:
+ carnil> Commit fixes d8647b79c3b7 ("xfrm: Add user interface for esn
+ carnil> and big anti-replay windows")
+ carnil> For 6.4.y fixed as well in 6.4.12.
+Bugs:
+upstream: released (6.5-rc7) [00374d9b6d9f932802b55181be9831aa948e5b7c]
+6.1-upstream-stable: released (6.1.47) [87b655f4936b6fc01f3658aa88a22c923b379ebd]
+5.10-upstream-stable: released (5.10.192) [614811692e21cef324d897202ad37c17d4390da3]
+4.19-upstream-stable: released (4.19.293) [44f69c96f8a147413c23c68cda4d6fb5e23137cd]
+sid: released (6.4.13-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.197-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-3773 b/retired/CVE-2023-3773
new file mode 100644
index 00000000..2b1b3444
--- /dev/null
+++ b/retired/CVE-2023-3773
@@ -0,0 +1,18 @@
+Description: xfrm: add forgotten nla_policy for XFRMA_MTIMER_THRESH
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2218944
+ https://lore.kernel.org/all/20230723074110.3705047-1-linma@zju.edu.cn/T/#u
+Notes:
+ carnil> Commit fixes 4e484b3e969b ("xfrm: rate limit SA mapping change
+ carnil> message to user space") in 5.17-rc1. But it was backported to
+ carnil> 5.10.94, 5.15.17 and 5.16.3 as well.
+ carnil> For 6.4.y fixed as well in 6.4.12.
+Bugs:
+upstream: released (6.5-rc7) [5e2424708da7207087934c5c75211e8584d553a0]
+6.1-upstream-stable: released (6.1.47) [a442cd17019385c53bbddf3bb92d91474081916b]
+5.10-upstream-stable: released (5.10.192) [614811692e21cef324d897202ad37c17d4390da3]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.4.13-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.197-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-3776 b/retired/CVE-2023-3776
new file mode 100644
index 00000000..c82fab67
--- /dev/null
+++ b/retired/CVE-2023-3776
@@ -0,0 +1,15 @@
+Description: net/sched: cls_fw: Fix improper refcount update leads to use-after-free
+References:
+ https://github.com/google/security-research/pull/49
+ https://github.com/google/security-research/pull/50
+Notes:
+ carnil> For 6.4.y fixed in 6.4.5.
+Bugs:
+upstream: released (6.5-rc2) [0323bce598eea038714f941ce2b22541c46d488f]
+6.1-upstream-stable: released (6.1.40) [c91fb29bb07ee4dd40aabd1e41f19c0f92ac3199]
+5.10-upstream-stable: released (5.10.188) [80e0e8d5f54397c5048fa2274144134dd9dc91b5]
+4.19-upstream-stable: released (4.19.291) [612f468cfc3df83777ae21058419b1fc8e9037eb]
+sid: released (6.4.4-2) [bugfix/all/net-sched-cls_fw-Fix-improper-refcount-update-leads-.patch]
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-3777 b/retired/CVE-2023-3777
new file mode 100644
index 00000000..15526967
--- /dev/null
+++ b/retired/CVE-2023-3777
@@ -0,0 +1,15 @@
+Description: netfilter: nf_tables: skip bound chain on rule flush
+References:
+ https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230720071721.14777-1-pablo@netfilter.org/
+Notes:
+ carnil> Commit fixes d0e2c7de92c7 ("netfilter: nf_tables: add
+ carnil> NFT_CHAIN_BINDING") 5.9-rc1.
+Bugs:
+upstream: released (6.5-rc3) [6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8]
+6.1-upstream-stable: released (6.1.42) [e18922ce3e3169eb97838d1dcba2d679bcca446c]
+5.10-upstream-stable: released (5.10.188) [30e5460d69e631c0e84db37dba2d8f98648778d4]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.4.11-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-3812 b/retired/CVE-2023-3812
new file mode 100644
index 00000000..50fc7e03
--- /dev/null
+++ b/retired/CVE-2023-3812
@@ -0,0 +1,13 @@
+Description: net: tun: fix bugs for oversize packet when napi frags enabled
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2224048
+Notes:
+Bugs:
+upstream: released (6.1-rc4) [363a5328f4b0517e59572118ccfb7c626d81dca9]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.154) [3583826b443a63681deaa855048d3f2b742af47e]
+4.19-upstream-stable: released (4.19.265) [aa815bf32acf560dad63c3dc46bc7b98ca9a9672]
+sid: released (6.0.8-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.158-1)
+4.19-buster-security: released (4.19.269-1)
diff --git a/retired/CVE-2023-38409 b/retired/CVE-2023-38409
new file mode 100644
index 00000000..fa70aaf8
--- /dev/null
+++ b/retired/CVE-2023-38409
@@ -0,0 +1,14 @@
+Description: fbcon: set_con2fb_map needs to set con2fb_map!
+References:
+Notes:
+ carnil> Commit fixes d443d9386472 ("fbcon: move more common code into
+ carnil> fb_open()") in 5.19-rc1.
+Bugs:
+upstream: released (6.3-rc7) [fffb0b52d5258554c645c966c6cbef7de50b851d]
+6.1-upstream-stable: released (6.1.25) [b15df140fe092c3ac28dab32c6b3acdda1a93c63]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.1.25-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-38426 b/retired/CVE-2023-38426
new file mode 100644
index 00000000..7e3778a5
--- /dev/null
+++ b/retired/CVE-2023-38426
@@ -0,0 +1,12 @@
+Description: ksmbd: fix global-out-of-bounds in smb2_find_context_vals
+References:
+Notes:
+Bugs:
+upstream: released (6.4-rc3) [02f76c401d17e409ed45bf7887148fcc22c93c85]
+6.1-upstream-stable: released (6.1.30) [75378b03a90d75b1349bb03577ac8465194c883e]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-38427 b/retired/CVE-2023-38427
new file mode 100644
index 00000000..98be5fb5
--- /dev/null
+++ b/retired/CVE-2023-38427
@@ -0,0 +1,12 @@
+Description: ksmbd: fix out-of-bound read in deassemble_neg_contexts()
+References:
+Notes:
+Bugs:
+upstream: released (6.4-rc6) [f1a411873c85b642f13b01f21b534c2bab81fc1b]
+6.1-upstream-stable: released (6.1.34) [bf12d7fb63b365fb766655cedcb5d5f292b0c35e]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.3.11-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-38428 b/retired/CVE-2023-38428
new file mode 100644
index 00000000..c7a537a9
--- /dev/null
+++ b/retired/CVE-2023-38428
@@ -0,0 +1,12 @@
+Description: ksmbd: fix wrong UserName check in session_user
+References:
+Notes:
+Bugs:
+upstream: released (6.4-rc3) [f0a96d1aafd8964e1f9955c830a3e5cb3c60a90f]
+6.1-upstream-stable: released (6.1.30) [40d90ee0275a1bfcd26fa7690adc4330b4227a69]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-38429 b/retired/CVE-2023-38429
new file mode 100644
index 00000000..c5b964ca
--- /dev/null
+++ b/retired/CVE-2023-38429
@@ -0,0 +1,12 @@
+Description: ksmbd: allocate one more byte for implied bcc[0]
+References:
+Notes:
+Bugs:
+upstream: released (6.4-rc3) [443d61d1fa9faa60ef925513d83742902390100f]
+6.1-upstream-stable: released (6.1.30) [af7335a4b946f9f6f9d98398cbcea15cd9850409]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-38430 b/retired/CVE-2023-38430
new file mode 100644
index 00000000..1d7444e2
--- /dev/null
+++ b/retired/CVE-2023-38430
@@ -0,0 +1,12 @@
+Description: ksmbd: validate smb request protocol id
+References:
+Notes:
+Bugs:
+upstream: released (6.4-rc6) [1c1bcf2d3ea061613119b534f57507c377df20f9]
+6.1-upstream-stable: released (6.1.35) [e01fc7caac9ce9ad76df9f42f7f61ef4bf1d27c9]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.3.11-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-38431 b/retired/CVE-2023-38431
new file mode 100644
index 00000000..1b9df7e4
--- /dev/null
+++ b/retired/CVE-2023-38431
@@ -0,0 +1,12 @@
+Description: ksmbd: check the validation of pdu_size in ksmbd_conn_handler_loop
+References:
+Notes:
+Bugs:
+upstream: released (6.4-rc6) [368ba06881c395f1c9a7ba22203cf8d78b4addc0]
+6.1-upstream-stable: released (6.1.34) [543c12c2644e772caa6880662c2a852cfdc5a10c]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.3.11-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-38432 b/retired/CVE-2023-38432
new file mode 100644
index 00000000..9773c2a0
--- /dev/null
+++ b/retired/CVE-2023-38432
@@ -0,0 +1,12 @@
+Description: ksmbd: validate command payload size
+References:
+Notes:
+Bugs:
+upstream: released (6.4) [2b9b8f3b68edb3d67d79962f02e26dbb5ae3808d]
+6.1-upstream-stable: released (6.1.36) [9650cf70ec9d94ff34daa088b643229231723c26]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.3.11-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-3865 b/retired/CVE-2023-3865
new file mode 100644
index 00000000..bb449ddf
--- /dev/null
+++ b/retired/CVE-2023-3865
@@ -0,0 +1,14 @@
+Description: ksmbd: fix out-of-bound read in smb2_write
+References:
+ https://www.zerodayinitiative.com/advisories/ZDI-23-980/
+ https://lore.kernel.org/all/20230626180806.056931954@linuxfoundation.org/
+Notes:
+Bugs:
+upstream: released (6.4) [5fe7f7b78290638806211046a99f031ff26164e1]
+6.1-upstream-stable: released (6.1.36) [c86211159bc3178b891e0d60e586a32c7b6a231b]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.3.11-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-3866 b/retired/CVE-2023-3866
new file mode 100644
index 00000000..2f180735
--- /dev/null
+++ b/retired/CVE-2023-3866
@@ -0,0 +1,14 @@
+Description: ksmbd: validate session id and tree id in the compound request
+References:
+ https://www.zerodayinitiative.com/advisories/ZDI-23-979/
+ https://lore.kernel.org/all/20230626180806.105257976@linuxfoundation.org/
+Notes:
+Bugs:
+upstream: released (6.4) [5005bcb4219156f1bf7587b185080ec1da08518e]
+6.1-upstream-stable: released (6.1.36) [854156d12caa9d36de1cf5f084591c7686cc8a9d]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.3.11-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-3867 b/retired/CVE-2023-3867
new file mode 100644
index 00000000..091e1d28
--- /dev/null
+++ b/retired/CVE-2023-3867
@@ -0,0 +1,14 @@
+Description: ksmbd: add missing compound request handing in some commands
+References:
+ https://www.zerodayinitiative.com/advisories/ZDI-23-981/
+ https://lore.kernel.org/all/20230624040141.16088-1-linkinjeon@kernel.org/
+Notes:
+Bugs:
+upstream: released (6.5-rc1) [7b7d709ef7cf285309157fb94c33f625dd22c5e1]
+6.1-upstream-stable: released (6.1.40) [869ef4f2965bbb91157dad220133f76c16faba9b]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.4.11-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-39189 b/retired/CVE-2023-39189
new file mode 100644
index 00000000..3689d4de
--- /dev/null
+++ b/retired/CVE-2023-39189
@@ -0,0 +1,14 @@
+Description: netfilter: nfnetlink_osf: avoid OOB read
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2226777
+Notes:
+ carnil> For 6.5.y fixed as well in 6.5.4.
+Bugs:
+upstream: released (6.6-rc1) [f4f8a7803119005e87b716874bec07c751efafec]
+6.1-upstream-stable: released (6.1.54) [7bb8d52b4271be7527b6e3120ae6ce4c6cdf6e34]
+5.10-upstream-stable: released (5.10.195) [780f60dde29692c42091602fee9c25e9e391f3dc]
+4.19-upstream-stable: released (4.19.295) [40d427ffccf9e60bd7288ea3748c066404a35622]
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.55-1)
+5.10-bullseye-security: released (5.10.197-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-39192 b/retired/CVE-2023-39192
new file mode 100644
index 00000000..71da193b
--- /dev/null
+++ b/retired/CVE-2023-39192
@@ -0,0 +1,16 @@
+Description: netfilter: xt_u32: validate user space input
+References:
+ https://www.zerodayinitiative.com/advisories/ZDI-23-1490/
+ https://lore.kernel.org/all/20230828132107.18376-1-wander@redhat.com/
+Notes:
+ carnil> Commit fixes 1b50b8a371e9 ("[NETFILTER]: Add u32 match").
+ carnil> Fixed as well in 6.5.3 fir 6.5.y.
+Bugs:
+upstream: released (6.6-rc1) [69c5d284f67089b4750d28ff6ac6f52ec224b330]
+6.1-upstream-stable: released (6.1.53) [1c164c1e9e93b0a72a03a7edb754e3857d4e4302]
+5.10-upstream-stable: released (5.10.195) [a1b711c370f5269f4e81a07e7542e351c0c4682e]
+4.19-upstream-stable: released (4.19.295) [ddf190be80ef0677629416a128f9da91e5800d21]
+sid: released (6.5.3-1)
+6.1-bookworm-security: released (6.1.55-1)
+5.10-bullseye-security: released (5.10.197-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-39193 b/retired/CVE-2023-39193
new file mode 100644
index 00000000..b84a7f0d
--- /dev/null
+++ b/retired/CVE-2023-39193
@@ -0,0 +1,14 @@
+Description: netfilter: xt_sctp: validate the flag_info count
+References:
+ https://www.zerodayinitiative.com/advisories/ZDI-23-1491/
+ https://lore.kernel.org/all/20230828221255.124812-1-wander@redhat.com/
+Notes:
+Bugs:
+upstream: released (6.6-rc1) [e99476497687ef9e850748fe6d232264f30bc8f9]
+6.1-upstream-stable: released (6.1.53) [4921f9349b66da7c5a2b6418fe45e9ae0ae72924]
+5.10-upstream-stable: released (5.10.195) [5541827d13cf19b905594eaee586527476efaa61]
+4.19-upstream-stable: released (4.19.295) [f25dbfadaf525d854597c16420dd753ca47b9396]
+sid: released (6.5.3-1)
+6.1-bookworm-security: released (6.1.55-1)
+5.10-bullseye-security: released (5.10.197-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-39194 b/retired/CVE-2023-39194
new file mode 100644
index 00000000..d280004f
--- /dev/null
+++ b/retired/CVE-2023-39194
@@ -0,0 +1,13 @@
+Description: net: xfrm: Fix xfrm_address_filter OOB read
+References:
+ https://www.zerodayinitiative.com/advisories/ZDI-23-1492/
+Notes:
+Bugs:
+upstream: released (6.5-rc7) [dfa73c17d55b921e1d4e154976de35317e43a93a]
+6.1-upstream-stable: released (6.1.47) [9a0056276f5f38e188732bd7b6949edca6a80ea1]
+5.10-upstream-stable: released (5.10.192) [7e50815d29037e08d3d26f3ebc41bcec729847b7]
+4.19-upstream-stable: released (4.19.293) [a695f0e724330773283a6d67e149363b89087f76]
+sid: released (6.4.13-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.197-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-4004 b/retired/CVE-2023-4004
new file mode 100644
index 00000000..5f1c2b67
--- /dev/null
+++ b/retired/CVE-2023-4004
@@ -0,0 +1,17 @@
+Description: [nf] netfilter: nft_set_pipapo: fix improper element removal
+References:
+ https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230719190824.21196-1-fw@strlen.de/
+ https://bugzilla.redhat.com/show_bug.cgi?id=2225275
+Notes:
+ carnil> For 6.4.y fixed as well in 6.4.7.
+ carnil> Commit fixes 3c4287f62044 ("nf_tables: Add set type for
+ carnil> arbitrary concatenation of ranges") in 5.6.-rc1.
+Bugs:
+upstream: released (6.5-rc3) [87b5a5c209405cb6b57424cdfa226a6dbd349232]
+6.1-upstream-stable: released (6.1.42) [90c3955beb858bb52a9e5c4380ed0e520e3730d1]
+5.10-upstream-stable: released (5.10.188) [3a91099ecd59a42d1632fcb152bf7222f268ea2b]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.4.11-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-4015 b/retired/CVE-2023-4015
new file mode 100644
index 00000000..d7ba6ac6
--- /dev/null
+++ b/retired/CVE-2023-4015
@@ -0,0 +1,17 @@
+Description: netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR
+References:
+ https://ubuntu.com/security/CVE-2023-4015
+ https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230723142446.13809-1-pablo@netfilter.org/
+Notes:
+ carnil> Commit fixes 4bedf9eee016 ("netfilter: nf_tables: fix chain
+ carnil> binding transaction logic") in 6.4 (but backported to 5.10.188,
+ carnil> 6.1.36, 6.3.10).
+Bugs:
+upstream: released (6.5-rc4) [0a771f7b266b02d262900c75f1e175c7fe76fec2]
+6.1-upstream-stable: released (6.1.43) [4237462a073e24f71c700f3e5929f07b6ee1bcaa]
+5.10-upstream-stable: released (5.10.190) [ab5a97a94b57324df76d659686ac2d30494170e6]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.4.11-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: N/A "Vulnerable code not in a Debian released version"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-40283 b/retired/CVE-2023-40283
new file mode 100644
index 00000000..1c00e7eb
--- /dev/null
+++ b/retired/CVE-2023-40283
@@ -0,0 +1,13 @@
+Description: Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
+References:
+Notes:
+ carnil> For 6.4.y fixed as well in 6.4.10.
+Bugs:
+upstream: released (6.5-rc1) [1728137b33c00d5a2b5110ed7aafb42e7c32e4a1]
+6.1-upstream-stable: released (6.1.45) [29fac18499332211b2615ade356e2bd8b3269f98]
+5.10-upstream-stable: released (5.10.190) [06f87c96216bc5cd1094c23492274f77f1d5dd3b]
+4.19-upstream-stable: released (4.19.291) [82cdb2ccbe43337798393369f0ceb98699fe6037]
+sid: released (6.4.11-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-40791 b/retired/CVE-2023-40791
new file mode 100644
index 00000000..140827c1
--- /dev/null
+++ b/retired/CVE-2023-40791
@@ -0,0 +1,14 @@
+Description: crypto, cifs: fix error handling in extract_iter_to_sg()
+References:
+Notes:
+ carnil> Commit fixes 018584697533 ("netfs: Add a function to extract an
+ carnil> iterator into a scatterlist") in 6.3-rc1.
+Bugs:
+upstream: released (6.5-rc6) [f443fd5af5dbd531f880d3645d5dd36976cf087f]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.4.13-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-4132 b/retired/CVE-2023-4132
new file mode 100644
index 00000000..5d10d96d
--- /dev/null
+++ b/retired/CVE-2023-4132
@@ -0,0 +1,13 @@
+Description: smsusb: use-after-free caused by do_submit_urb()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2221707
+Notes:
+Bugs:
+upstream: released (6.3-rc1) [ebad8e731c1c06adf04621d6fd327b860c0861b5], released (6.5-rc1) [6f489a966fbeb0da63d45c2c66a8957eab604bf6]
+6.1-upstream-stable: released (6.1.16) [479796534a450fd44189080d51bebefa3b42c6fc], released (6.1.39) [8abb53c5167cfb5bb275512a3da4ec2468478626]
+5.10-upstream-stable: released (5.10.173) [42f8ba8355682f6c4125b75503cac0cef4ac91d3], released (5.10.188) [d87ef4e857b790f1616809eccda6b4d0c9c3da11]
+4.19-upstream-stable: released (4.19.276) [1477b00ff582970df110fc9e15a5e2021acb9222], released (4.19.291) [54073c46cbbd2c0c03d6f7d481540cb95cf181a1]
+sid: released (6.4.4-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.178-1), released (5.10.191-1)
+4.19-buster-security: released (4.19.282-1), released (4.19.304-1)
diff --git a/retired/CVE-2023-4147 b/retired/CVE-2023-4147
new file mode 100644
index 00000000..40dc802a
--- /dev/null
+++ b/retired/CVE-2023-4147
@@ -0,0 +1,16 @@
+Description: netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2225239
+Notes:
+ carnil> Commit fixes d0e2c7de92c7 ("netfilter: nf_tables: add
+ carnil> NFT_CHAIN_BINDING") 5.9-rc1.
+ carnil> For 6.4.y fixed as well in 6.4.8.
+Bugs:
+upstream: released (6.5-rc4) [0ebc1064e4874d5987722a2ddbc18f94aa53b211]
+6.1-upstream-stable: released (6.1.43) [268cb07ef3ee17b5454a7c4b23376802c5b00c79]
+5.10-upstream-stable: released (5.10.190) [308a43f1521d5b7220693d0865b23e8dad3ed137]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.4.11-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-4155 b/retired/CVE-2023-4155
new file mode 100644
index 00000000..4f0ddc9c
--- /dev/null
+++ b/retired/CVE-2023-4155
@@ -0,0 +1,18 @@
+Description: KVM: SEV: only access GHCB fields once
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2213802
+ https://patchew.org/linux/20230804173355.51753-1-pbonzini@redhat.com/
+ https://patchew.org/linux/20230804173355.51753-1-pbonzini@redhat.com/20230804173355.51753-3-pbonzini@redhat.com/
+Notes:
+ carnil> Commit fixes 291bd20d5d88 ("KVM: SVM: Add initial support for a
+ carnil> VMGEXIT VMEXIT") in 5.11-rc1.
+ carnil> Fixed in 6.4.11 for 6.4.y.
+Bugs:
+upstream: released (6.5-rc6) [7588dbcebcbf0193ab5b76987396d0254270b04a]
+6.1-upstream-stable: released (6.1.46) [5bdf1c1f346c81996b6e36b5efd5c92aeda4fbe4]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.4.11-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-4206 b/retired/CVE-2023-4206
new file mode 100644
index 00000000..89fb0b4d
--- /dev/null
+++ b/retired/CVE-2023-4206
@@ -0,0 +1,16 @@
+Description: net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free
+References:
+ https://kernel.dance/b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8
+Notes:
+ carnil> CVE-2023-4206 is from Google CNA a subset of CVE-2023-4128
+ carnil> assigned by RedHat CNA.
+ carnil> For 6.4.y fixed in 6.4.10.
+Bugs:
+upstream: released (6.5-rc5) [b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8]
+6.1-upstream-stable: released (6.1.45) [d4d3b53a4c66004e8e864fea744b3a2b86a73b62]
+5.10-upstream-stable: released (5.10.190) [aaa71c4e8ad98828ed50dde3eec8e0d545a117f7]
+4.19-upstream-stable: released (4.19.291) [ad8f36f96696a7f1d191da66637c415959bab6d8]
+sid: released (6.4.11-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-4207 b/retired/CVE-2023-4207
new file mode 100644
index 00000000..8ad74e3e
--- /dev/null
+++ b/retired/CVE-2023-4207
@@ -0,0 +1,16 @@
+Description: net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free
+References:
+ https://kernel.dance/76e42ae831991c828cffa8c37736ebfb831ad5ec
+Notes:
+ carnil> CVE-2023-4207 is from Google CNA a subset of CVE-2023-4128
+ carnil> assigned by RedHat CNA.
+ carnil> For 6.4.y fixed in 6.4.10.
+Bugs:
+upstream: released (6.5-rc5) [76e42ae831991c828cffa8c37736ebfb831ad5ec]
+6.1-upstream-stable: released (6.1.45) [7f691439b29be0aae68f83ad5eecfddc11007724]
+5.10-upstream-stable: released (5.10.190) [a8d478200b104ff356f51e1f63499fe46ba8c9b8]
+4.19-upstream-stable: released (4.19.295) [4f38dc8496d1991e2c055a0068dd98fb48affcc6]
+sid: released (6.4.11-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-4208 b/retired/CVE-2023-4208
new file mode 100644
index 00000000..a49073df
--- /dev/null
+++ b/retired/CVE-2023-4208
@@ -0,0 +1,16 @@
+Description: net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free
+References:
+ https://kernel.dance/3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81
+Notes:
+ carnil> CVE-2023-4208 is from Google CNA a subset of CVE-2023-4128
+ carnil> assigned by RedHat CNA.
+ carnil> For 6.4.y fixed in 6.4.10.
+Bugs:
+upstream: released (6.5-rc5) [3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81]
+6.1-upstream-stable: released (6.1.45) [aab2d095ce4dd8d01ca484c0cc641fb497bf74db]
+5.10-upstream-stable: released (5.10.190) [b4256c99a7116c9514224847e8aaee2ecf110a0a]
+4.19-upstream-stable: released (4.19.291) [4aae24015ecd70d824a953e2dc5b0ca2c4769243]
+sid: released (6.4.11-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-4273 b/retired/CVE-2023-4273
new file mode 100644
index 00000000..e5ce8c22
--- /dev/null
+++ b/retired/CVE-2023-4273
@@ -0,0 +1,15 @@
+Description: exfat: check if filename entries exceeds max filename length
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2221609
+ https://dfir.ru/2023/08/23/cve-2023-4273-a-vulnerability-in-the-linux-exfat-driver/
+Notes:
+ carnil> For 6.4.y fixed as well in 6.4.10.
+Bugs:
+upstream: released (6.5-rc5) [d42334578eba1390859012ebb91e1e556d51db49]
+6.1-upstream-stable: released (6.1.45) [c2fdf827f8fc6a571e1b7cc38a61041f0321adf5]
+5.10-upstream-stable: released (5.10.190) [381f7df0f3c3bd7dceb3e2b2b64c2f6247e2ac19]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.4.11-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-42752 b/retired/CVE-2023-42752
new file mode 100644
index 00000000..42ade086
--- /dev/null
+++ b/retired/CVE-2023-42752
@@ -0,0 +1,15 @@
+Description: integer overflows in kmalloc_reserve()
+References:
+ https://www.openwall.com/lists/oss-security/2023/09/18/3
+Notes:
+ carnil> Introduced with 12d6c1d3a2ad ("skbuff: Proactively round up to
+ carnil> kmalloc bucket size") in 6.2-rc1 (and backported to 6.1.31)
+Bugs:
+upstream: released (6.6-rc1) [915d975b2ffa58a14bfcf16fafe00c41315949ff, c3b704d4a4a265660e665df51b129e8425216ed1]
+6.1-upstream-stable: released (6.1.53) [6678912b4df1bfac6f7c80642d56dc22e23419e4], released (6.1.54) [31cf7853a940181593e4472fc56f46574123f9f6]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.3-1)
+6.1-bookworm-security: released (6.1.55-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-42753 b/retired/CVE-2023-42753
new file mode 100644
index 00000000..4ff833d0
--- /dev/null
+++ b/retired/CVE-2023-42753
@@ -0,0 +1,17 @@
+Description: netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c
+References:
+ https://www.openwall.com/lists/oss-security/2023/09/22/10
+Notes:
+ carnil> For 6.5.y fixed as well in 6.5.3.
+ carnil> Commit fixes 886503f34d63 ("netfilter: ipset: actually allow
+ carnil> allowable CIDR 0 in hash:net,port,net") 4.20-rc2 (but got
+ carnil> backported to 4.19.5 as well).
+Bugs:
+upstream: released (6.6-rc1) [050d91c03b28ca479df13dfb02bcd2c60dd6a878]
+6.1-upstream-stable: released (6.1.53) [7ca0706c68adadf86a36b60dca090f5e9481e808]
+5.10-upstream-stable: released (5.10.195) [83091f8ac03f118086596f17c9a52d31d6ca94b3]
+4.19-upstream-stable: released (4.19.295) [e632d09dffc68b9602d6893a99bfe3001d36cefc]
+sid: released (6.5.3-1)
+6.1-bookworm-security: released (6.1.55-1)
+5.10-bullseye-security: released (5.10.197-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-42754 b/retired/CVE-2023-42754
new file mode 100644
index 00000000..7dafa9d7
--- /dev/null
+++ b/retired/CVE-2023-42754
@@ -0,0 +1,17 @@
+Description: ipv4: fix null-deref in ipv4_link_failure
+References:
+ https://www.openwall.com/lists/oss-security/2023/10/02/8
+Notes:
+ carnil> Commit fixes ed0de45a1008 ("ipv4: recompile ip options in
+ carnil> ipv4_link_failure") in 5.1-rc6, but which got backported so
+ carnil> several stable series.
+ carnil> For 6.5.y fixed as well in 6.5.6.
+Bugs:
+upstream: released (6.6-rc3) [0113d9c9d1ccc07f5a3710dac4aa24b6d711278c]
+6.1-upstream-stable: released (6.1.56) [2712545e535d7a2e4c53b9c9658a9c88c6055862]
+5.10-upstream-stable: released (5.10.198) [8689c9ace976d6c078e6dc844b09598796e84099]
+4.19-upstream-stable: released (4.19.296) [a2cf7bd75b3992e8df68dd5fdc6499b67d45f6e0]
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.55-1) [bugfix/all/ipv4-fix-null-deref-in-ipv4_link_failure.patch]
+5.10-bullseye-security: released (5.10.197-1) [bugfix/all/ipv4-fix-null-deref-in-ipv4_link_failure.patch]
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-42755 b/retired/CVE-2023-42755
new file mode 100644
index 00000000..8480703d
--- /dev/null
+++ b/retired/CVE-2023-42755
@@ -0,0 +1,14 @@
+Description: wild pointer access in rsvp classifer in the Linux kernel
+References:
+ https://lore.kernel.org/all/CADW8OBtkAf+nGokhD9zCFcmiebL1SM8bJp_oo=pE02BknG9qnQ@mail.gmail.com/
+Notes:
+ carnil> Fixed by retiring the RSVP classifier.
+Bugs:
+upstream: released (6.3-rc1) [265b4da82dbf5df04bee5a5d46b7474b1aaf326a]
+6.1-upstream-stable: released (6.1.55) [b93aeb6352b0229e3c5ca5ca4ff015b015aff33c]
+5.10-upstream-stable: released (5.10.197) [8db844077ec9912d75952c80d76da71fc2412852]
+4.19-upstream-stable: released (4.19.295) [6ca0ea6a46e7a2d70fb1b1f6a886efe2b2365e16]
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.55-1)
+5.10-bullseye-security: released (5.10.197-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-42756 b/retired/CVE-2023-42756
new file mode 100644
index 00000000..9337c673
--- /dev/null
+++ b/retired/CVE-2023-42756
@@ -0,0 +1,18 @@
+Description: netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP
+References:
+ https://www.openwall.com/lists/oss-security/2023/09/27/2
+Notes:
+ carnil> Commit fixes 24e227896bbf ("netfilter: ipset: Add schedule
+ carnil> point in call_ad().") in 6.4-rc6 (but got backported to
+ carnil> 5.10.184, 6.1.34, 6.3.8) and so affecting stable series
+ carnil> relevant for Debian.
+ carnil> For 6.5.y fixed as well in 6.5.6.
+Bugs:
+upstream: released (6.6-rc3) [7433b6d2afd512d04398c73aa984d1e285be125b]
+6.1-upstream-stable: released (6.1.56) [ea5a61d58886ae875f1b4a371999f2a8b58cf26d]
+5.10-upstream-stable: released (5.10.198) [f1893feb20ea033bcd9c449b55df3dab3802c907]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.55-1) [bugfix/all/netfilter-ipset-fix-race-between-ipset_cmd_create-an.patch]
+5.10-bullseye-security: released (5.10.197-1) [bugfix/all/netfilter-ipset-fix-race-between-ipset_cmd_create-an.patch]
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-4385 b/retired/CVE-2023-4385
new file mode 100644
index 00000000..5903e517
--- /dev/null
+++ b/retired/CVE-2023-4385
@@ -0,0 +1,13 @@
+Description: fs: jfs: fix possible NULL pointer dereference in dbFree()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2219272
+Notes:
+Bugs:
+upstream: released (5.19-rc1) [0d4837fdb796f99369cf7691d33de1b856bcaf1f]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.121) [9dfa8d087bb854f613fcdbf1af4fb02c0b2d1e4f]
+4.19-upstream-stable: released (4.19.247) [c381558c278a540c61dfef1f2b77ab817d5d302d]
+sid: released (5.18.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.127-1)
+4.19-buster-security: released (4.19.249-1)
diff --git a/retired/CVE-2023-4387 b/retired/CVE-2023-4387
new file mode 100644
index 00000000..f313ba5b
--- /dev/null
+++ b/retired/CVE-2023-4387
@@ -0,0 +1,13 @@
+Description: net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2219270
+Notes:
+Bugs:
+upstream: released (5.18) [9e7fef9521e73ca8afd7da9e58c14654b02dfad8]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.118) [a54d86cf418427584e0a3cd1e89f757c92df5e89]
+4.19-upstream-stable: released (4.19.245) [3adaaf3472e8ea410cb1330e5dd8372b0483dc78]
+sid: released (5.17.11-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.120-1)
+4.19-buster-security: released (4.19.249-1)
diff --git a/retired/CVE-2023-4389 b/retired/CVE-2023-4389
new file mode 100644
index 00000000..01d65e63
--- /dev/null
+++ b/retired/CVE-2023-4389
@@ -0,0 +1,16 @@
+Description: btrfs: fix root ref counts in error handling in btrfs_get_root_ref
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2219271
+ https://patchwork.kernel.org/project/linux-btrfs/patch/20220324134454.15192-1-baijiaju1990@gmail.com/
+Notes:
+ carnil> Commit fixes bc44d7c4b2b1 ("btrfs: push btrfs_grab_fs_root into
+ carnil> btrfs_get_fs_root") in 5.7-rc1.
+Bugs:
+upstream: released (5.18-rc3) [168a2f776b9762f4021421008512dd7ab7474df1]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.112) [1d2eda18f6ffbd9902594469c6e1a055014eb2ac]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.17.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.113-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-4394 b/retired/CVE-2023-4394
new file mode 100644
index 00000000..0f20d414
--- /dev/null
+++ b/retired/CVE-2023-4394
@@ -0,0 +1,17 @@
+Description: btrfs: fix possible memory leak in btrfs_get_dev_args_from_path()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2219263
+ https://patchwork.kernel.org/project/linux-btrfs/patch/20220815151606.3479183-1-r33s3n6@gmail.com/
+Notes:
+ carnil> Commit fixes faa775c41d655 ("btrfs: add a
+ carnil> btrfs_get_dev_args_from_path helper") in 5.16-rc1 (and
+ carnil> backported to 5.15.54)
+Bugs:
+upstream: released (6.0-rc3) [9ea0106a7a3d8116860712e3f17cd52ce99f6707]
+6.1-upstream-stable: N/A "Fixed before branch point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.19.6-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-44466 b/retired/CVE-2023-44466
new file mode 100644
index 00000000..783f018e
--- /dev/null
+++ b/retired/CVE-2023-44466
@@ -0,0 +1,16 @@
+Description: libceph: harden msgr2.1 frame segment length checks
+References:
+ https://github.com/google/security-research/security/advisories/GHSA-jg27-jx6w-xwph
+ https://www.spinics.net/lists/ceph-devel/msg57909.html
+Notes:
+ carnil> Commit fixes cd1a677cad99 ("libceph, ceph: implement msgr2.1
+ carnil> protocol (crc and secure modes)") in 5.11-rc1.
+Bugs:
+upstream: released (6.5-rc2) [a282a2f10539dce2aa619e71e1817570d557fc97]
+6.1-upstream-stable: released (6.1.40) [183c0ae4fafcdcb95c06f40c0c35a39d89c1aa2d]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.4.11-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-4459 b/retired/CVE-2023-4459
new file mode 100644
index 00000000..b25d85f3
--- /dev/null
+++ b/retired/CVE-2023-4459
@@ -0,0 +1,13 @@
+Description: net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2219268
+Notes:
+Bugs:
+upstream: released (5.18) [edf410cb74dc612fd47ef5be319c5a0bcd6e6ccd]
+6.1-upstream-stable: N/A "Fixed before branch point"
+5.10-upstream-stable: released (5.10.118) [6e2caee5cddc3d9e0ad0484c9c21b9f10676c044]
+4.19-upstream-stable: released (4.19.245) [248a37ffd81c7121d30702d8caa31db48450680d]
+sid: released (5.17.11-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.120-1)
+4.19-buster-security: released (4.19.249-1)
diff --git a/retired/CVE-2023-4569 b/retired/CVE-2023-4569
new file mode 100644
index 00000000..c46d9a60
--- /dev/null
+++ b/retired/CVE-2023-4569
@@ -0,0 +1,17 @@
+Description: [nf] netfilter: nf_tables: deactivate catchall elements in next generation
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2235470
+ https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230812110526.49808-1-fw@strlen.de/
+Notes:
+ carnil> For 6.4.y fixed as well in 6.4.12.
+ carnil> Commit fixes aaa31047a6d2 ("netfilter: nftables: add catch-all
+ carnil> set element support") 5.13-rc1.
+Bugs:
+upstream: released (6.5-rc7) [90e5b3462efa37b8bba82d7c4e63683856e188af]
+6.1-upstream-stable: released (6.1.47) [00ea7eb1c69eec91cdf9259f0e427c56e7999fcd]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.4.13-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-45862 b/retired/CVE-2023-45862
new file mode 100644
index 00000000..d73a87c4
--- /dev/null
+++ b/retired/CVE-2023-45862
@@ -0,0 +1,12 @@
+Description: USB: ene_usb6250: Allocate enough memory for full object
+References:
+Notes:
+Bugs:
+upstream: released (6.3-rc1) [ce33e64c1788912976b61314b56935abd4bc97ef]
+6.1-upstream-stable: released (6.1.18) [ff542083b105c9c72d83899d3f74eeec354f808e]
+5.10-upstream-stable: released (5.10.173) [961f93d63da72f5fcaa6793fb2dcbc995c119a8e]
+4.19-upstream-stable: released (4.19.276) [cef5e33d8b893891817236db819982f87943e8fd]
+sid: released (6.1.20-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2023-45863 b/retired/CVE-2023-45863
new file mode 100644
index 00000000..73f754d6
--- /dev/null
+++ b/retired/CVE-2023-45863
@@ -0,0 +1,12 @@
+Description: kobject: Fix slab-out-of-bounds in fill_kobj_path()
+References:
+Notes:
+Bugs:
+upstream: released (6.3-rc1) [3bb2a01caa813d3a1845d378bbe4169ef280d394]
+6.1-upstream-stable: released (6.1.16) [fe4dd80d58ec5633daf5d50671d1341f738508bf]
+5.10-upstream-stable: released (5.10.200) [b2e62728b106fe54f8618c21a252df7d4a4cc775]
+4.19-upstream-stable: released (4.19.298) [0af6c6c15681cf80aeb85fcb3a1928c63aa89deb]
+sid: released (6.1.20-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-45871 b/retired/CVE-2023-45871
new file mode 100644
index 00000000..024addee
--- /dev/null
+++ b/retired/CVE-2023-45871
@@ -0,0 +1,12 @@
+Description: igb: set max size RX buffer when store bad packet is enabled
+References:
+Notes:
+Bugs:
+upstream: released (6.6-rc1) [bb5ed01cd2428cd25b1c88a3a9cba87055eb289f]
+6.1-upstream-stable: released (6.1.53) [d2e906c725979c39ebf120a189e521ceae787d26]
+5.10-upstream-stable: released (5.10.195) [3e39008e9e3043663324f0920a5d6ebfa68cc92a]
+4.19-upstream-stable: released (4.19.295) [981d0bc43e8d5482294432677e80a1d15f4b790d]
+sid: released (6.5.3-1)
+6.1-bookworm-security: released (6.1.55-1)
+5.10-bullseye-security: released (5.10.197-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-45898 b/retired/CVE-2023-45898
new file mode 100644
index 00000000..cf319b90
--- /dev/null
+++ b/retired/CVE-2023-45898
@@ -0,0 +1,19 @@
+Description: ext4: fix slab-use-after-free in ext4_es_insert_extent()
+References:
+ https://lore.kernel.org/lkml/aa03f191-445c-0d2e-d6d7-0a3208d7df7a%40huawei.com/T/
+ https://www.spinics.net/lists/stable-commits/msg317086.html
+ https://lkml.org/lkml/2023/8/13/477
+Notes:
+ carnil> Commit fixes 2a69c450083d ("ext4: using nofail preallocation in
+ carnil> ext4_es_insert_extent()") in 6.5-rc1.
+ carnil> The breaking commit was later on backported as well to
+ carnil> 5.10.203, 5.15.141 and 6.1.65 but along with the fix.
+Bugs:
+upstream: released (6.6-rc1) [768d612f79822d30a1e7d132a4d4b05337ce42ec]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.6-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-4611 b/retired/CVE-2023-4611
new file mode 100644
index 00000000..b3e11134
--- /dev/null
+++ b/retired/CVE-2023-4611
@@ -0,0 +1,17 @@
+Description: mm/mempolicy: Take VMA lock before replacing policy
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2227244
+ https://www.spinics.net/lists/stable-commits/msg310136.html
+Notes:
+ carnil> For 6.4.y fixed in 6.4.8.
+ carnil> Commit fixes 5e31275cc997 ("mm: add per-VMA lock and helper
+ carnil> functions to control it") in 6.4-rc1.
+Bugs:
+upstream: released (6.5-rc4) [6c21e066f9256ea1df6f88768f6ae1080b7cf509]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.4.11-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-4622 b/retired/CVE-2023-4622
new file mode 100644
index 00000000..14025afc
--- /dev/null
+++ b/retired/CVE-2023-4622
@@ -0,0 +1,17 @@
+Description: af_unix: Fix null-ptr-deref in unix_stream_sendpage().
+References:
+ https://kernel.dance/790c2f9d15b594350ae9bca7b236f2b1859de02c
+Notes:
+ carnil> Consider the 57d44a354a43 ("unix: Convert
+ carnil> unix_stream_sendpage() to use MSG_SPLICE_PAGES") commit, part
+ carnil> of the sendpage refactoring the fixing commit.
+ carnil> For 6.4.y fixed in 6.4.12.
+Bugs:
+upstream: released (6.5-rc1) [57d44a354a43edba4ef9963327d4657d12edbfbc]
+6.1-upstream-stable: released (6.1.47) [790c2f9d15b594350ae9bca7b236f2b1859de02c]
+5.10-upstream-stable: released (5.10.192) [c080cee930303124624fe64fc504f66c815ee6b9]
+4.19-upstream-stable: released (4.19.293) [bd6303bef49970ac7f9278a94473b587e19d1ee2]
+sid: released (6.4.13-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.197-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-4623 b/retired/CVE-2023-4623
new file mode 100644
index 00000000..fc2e0fff
--- /dev/null
+++ b/retired/CVE-2023-4623
@@ -0,0 +1,14 @@
+Description: net/sched: sch_hfsc: Ensure inner classes have fsc curve
+References:
+ https://kernel.dance/b3d26c5702c7d6c45456326e56d2ccf3f103e60f
+Notes:
+ carnil> Fixed as well in 6.4.16 for 6.4.y and in 6.5.3 for 6.5.y.
+Bugs:
+upstream: released (6.6-rc1) [b3d26c5702c7d6c45456326e56d2ccf3f103e60f]
+6.1-upstream-stable: released (6.1.53) [a1e820fc7808e42b990d224f40e9b4895503ac40]
+5.10-upstream-stable: released (5.10.195) [b08cc6c0396fd5cfaac4ca044f2282367347c062]
+4.19-upstream-stable: released (4.19.295) [7c62e0c3c6e9c9c15ead63339db6a0e158d22a66]
+sid: released (6.5.3-1)
+6.1-bookworm-security: released (6.1.55-1)
+5.10-bullseye-security: released (5.10.197-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-46343 b/retired/CVE-2023-46343
new file mode 100644
index 00000000..652b722e
--- /dev/null
+++ b/retired/CVE-2023-46343
@@ -0,0 +1,13 @@
+Description: nfc: nci: fix possible NULL pointer dereference in send_acknowledge()
+References:
+ https://lore.kernel.org/netdev/20231013184129.18738-1-krzysztof.kozlowski%40linaro.org/T/#r38bdbaf8ae15305b77f6c5bc8e15d38f405623c7
+Notes:
+Bugs:
+upstream: released (6.6-rc7) [7937609cd387246aed994e81aa4fa951358fba41]
+6.1-upstream-stable: released (6.1.60) [d7dbdbe3800a908eecd4975c31be47dd45e2104a]
+5.10-upstream-stable: released (5.10.199) [c95fa5b20fe03609e0894656fa43c18045b5097e]
+4.19-upstream-stable: released (4.19.297) [5622592f8f74ae3e594379af02e64ea84772d0dd]
+sid: released (6.5.10-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-46813 b/retired/CVE-2023-46813
new file mode 100644
index 00000000..44e5f681
--- /dev/null
+++ b/retired/CVE-2023-46813
@@ -0,0 +1,13 @@
+Description: SEV-ES local priv escalation for userspace that have access to MMIO regions
+References:
+ https://bugzilla.suse.com/show_bug.cgi?id=1212649
+Notes:
+Bugs:
+upstream: released (6.6-rc7) [63e44bc52047f182601e7817da969a105aa1f721, b9cb9c45583b911e0db71d09caa6b56469eb2bdf, a37cd2a59d0cb270b1bba568fd3a3b8668b9d3ba]
+6.1-upstream-stable: released (6.1.60) [57d0639f60f1ff04cbe7fd52823b94b894d7f812, def94eb9a804acdcdba5b959ad72cf9119f03f3b, 95ff590b802757f8b6bd32e7e5b21ef9b91e2583]
+5.10-upstream-stable: released (5.10.199) [6550cbe25de182f6c0176909a90b324cb375133f, 5bb9ba7dafbe18e027e335f74372ca65f07f7edd, d78c5d8c23c3f0e24168ea98760016665bf92a79]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.10-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-46862 b/retired/CVE-2023-46862
new file mode 100644
index 00000000..b9b5896c
--- /dev/null
+++ b/retired/CVE-2023-46862
@@ -0,0 +1,16 @@
+Description: io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid
+References:
+ https://bugzilla.kernel.org/show_bug.cgi?id=218032#c4
+Notes:
+ carnil> For 6.5.y fixed as well in 6.5.10.
+ carnil> Introduced with dbbe9c642411 ("io_uring: show sqthread pid and
+ carnil> cpu in fdinfo") in 5.10-rc1.
+Bugs:
+upstream: released (6.6) [7644b1a1c9a7ae8ab99175989bfc8676055edb46]
+6.1-upstream-stable: released (6.1.61) [9236d2ea6465b37c0a73d994c1ad31753d31e5f5]
+5.10-upstream-stable: released (5.10.202) [c6e8af2a8a63e0957284c16003c501e4a058e8d9]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.10-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-4732 b/retired/CVE-2023-4732
new file mode 100644
index 00000000..2033cded
--- /dev/null
+++ b/retired/CVE-2023-4732
@@ -0,0 +1,17 @@
+Description: Race between task migrating pages and another task calling exit_mmap to release those same pages getting invalid opcode BUG in include/linux/swapops.h
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2236982
+Notes:
+ carnil> Commit fixes b569a1760782f ("userfaultfd: wp: drop
+ carnil> _PAGE_UFFD_WP properly when fork") in 5.7-rc1.
+ carnil> The RHBZ#2236982 contains only limited available information so
+ carnil> please review this entry.
+Bugs:
+upstream: released (5.14-rc1) [8f34f1eac3820fc2722e5159acceb22545b30b0d]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.53) [9e1cf2d1ed37c934c9935f2c0b2f8b15d9355654]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.70-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-4921 b/retired/CVE-2023-4921
new file mode 100644
index 00000000..de88de7d
--- /dev/null
+++ b/retired/CVE-2023-4921
@@ -0,0 +1,16 @@
+Description: net: sched: sch_qfq: Fix UAF in qfq_dequeue()
+References:
+ https://kernel.dance/#8fc134fee27f2263988ae38920bc03da416b03d8
+Notes:
+ carnil> Commit fixes 462dbc9101ac ("pkt_sched: QFQ Plus: fair-queueing
+ carnil> service at DRR cost") in 3.8-rc1.
+ carnil> For 6.5.y fixed as well in 6.5.4.
+Bugs:
+upstream: released (6.6-rc1) [8fc134fee27f2263988ae38920bc03da416b03d8]
+6.1-upstream-stable: released (6.1.54) [a18349dc8d916a64d7c93f05da98953e3386d8e9]
+5.10-upstream-stable: released (5.10.195) [746a8df5e4d235059b1adf02e8456e7ec132d2d8]
+4.19-upstream-stable: released (4.19.295) [7ea1faa59c75336d86893378838ed1e6f20c0520]
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.55-1)
+5.10-bullseye-security: released (5.10.197-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-50431 b/retired/CVE-2023-50431
new file mode 100644
index 00000000..fdfb17ca
--- /dev/null
+++ b/retired/CVE-2023-50431
@@ -0,0 +1,16 @@
+Description: habanalabs: fix information leak in sec_attest_info()
+References:
+ https://lists.freedesktop.org/archives/dri-devel/2023-November/431772.html
+Notes:
+ carnil> Commit fixes 0c88760f8f5e ("habanalabs/gaudi2: add secured
+ carnil> attestation info uapi") in 6.1-rc1.
+ carnil> For 6.6.y fixed as well in 6.6.14, for 6.7.y fixed as well in 6.7.2.
+Bugs:
+upstream: released (6.8-rc1) [a9f07790a4b2250f0140e9a61c7f842fd9b618c7]
+6.1-upstream-stable: released (6.1.75) [6d98d249175e568f72ca94cbd6f959bc4476414e]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-5090 b/retired/CVE-2023-5090
new file mode 100644
index 00000000..e073e0a7
--- /dev/null
+++ b/retired/CVE-2023-5090
@@ -0,0 +1,14 @@
+Description: x86: KVM: SVM: always update the x2avic msr interception
+References:
+Notes:
+ carnil> Commit fixes 4d1d7942e36a ("KVM: SVM: Introduce logic to
+ carnil> (de)activate x2AVIC mode") in 6.0-rc1.
+Bugs:
+upstream: released (6.6-rc7) [b65235f6e102354ccafda601eaa1c5bef5284d21]
+6.1-upstream-stable: released (6.1.62) [7ab62e3415fb59289ab6dea31f0cc0237b949200]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.8-1) [bugfix/x86/x86-KVM-SVM-always-update-the-x2avic-msr-interceptio.patch]
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-51042 b/retired/CVE-2023-51042
new file mode 100644
index 00000000..69b4a927
--- /dev/null
+++ b/retired/CVE-2023-51042
@@ -0,0 +1,12 @@
+Description: drm/amdgpu: Fix potential fence use-after-free v2
+References:
+Notes:
+Bugs:
+upstream: released (6.5-rc1) [2e54154b9f27262efd0cb4f903cc7d5ad1fe9628]
+6.1-upstream-stable: released (6.1.47) [dd0b3b367c3839e439f36af908b39c98929a5e54]
+5.10-upstream-stable: released (5.10.192) [b870b9a47fdba29bd6828f690e4817c950fa3430]
+4.19-upstream-stable: released (4.19.293) [f9da11d96bde3db277f061ac5a665c234d505787]
+sid: released (6.4.13-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.197-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-51043 b/retired/CVE-2023-51043
new file mode 100644
index 00000000..3d2a1531
--- /dev/null
+++ b/retired/CVE-2023-51043
@@ -0,0 +1,12 @@
+Description: drm/atomic: Fix potential use-after-free in nonblocking commits
+References:
+Notes:
+Bugs:
+upstream: released (6.5-rc3) [4e076c73e4f6e90816b30fcd4a0d7ab365087255]
+6.1-upstream-stable: released (6.1.40) [e4a0e09b79bd2c0895c508cdc5e0265a083cc05d]
+5.10-upstream-stable: released (5.10.188) [f09c0ac142c59495262dd80545f261b2aeeba538]
+4.19-upstream-stable: released (4.19.291) [73a82b22963defa87204f0f9f44a534adf7f831a]
+sid: released (6.4.11-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-5158 b/retired/CVE-2023-5158
new file mode 100644
index 00000000..4355df09
--- /dev/null
+++ b/retired/CVE-2023-5158
@@ -0,0 +1,16 @@
+Description: vringh: don't use vringh_kiov_advance() in vringh_iov_xfer()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2240561
+ https://lore.kernel.org/virtualization/20230925103057.104541-1-sgarzare@redhat.com/T/#u
+Notes:
+ carnil> Introduced with b8c06ad4d67d ("vringh: implement
+ carnil> vringh_kiov_advance()") in 5.13-rc1.
+Bugs:
+upstream: released (6.6-rc5) [7aed44babc7f97e82b38e9a68515e699692cc100]
+6.1-upstream-stable: released (6.1.57) [3a72decd6b49ff11a894aabd4d9b3025f046fe61]
+5.10-upstream-stable: N/A "Vulnerable code introduced later"
+4.19-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code introduced later"
+4.19-buster-security: N/A "Vulnerable code introduced later"
diff --git a/retired/CVE-2023-5178 b/retired/CVE-2023-5178
new file mode 100644
index 00000000..23b1400d
--- /dev/null
+++ b/retired/CVE-2023-5178
@@ -0,0 +1,14 @@
+Description: nvmet-tcp: Fix a possible UAF in queue intialization setup
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2241924
+ https://www.openwall.com/lists/oss-security/2023/10/15/1
+Notes:
+Bugs:
+upstream: released (6.6-rc7) [d920abd1e7c4884f9ecd0749d1921b7ab19ddfbd]
+6.1-upstream-stable: released (6.1.60) [f691ec5a548257edb3aacd952e2a574e4e57b2c4]
+5.10-upstream-stable: released (5.10.199) [e985d78bdcf37f7ef73666a43b0d2407715f00d3]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.8-1) [bugfix/all/nvmet-tcp-Fix-a-possible-UAF-in-queue-intialization-.patch]
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-51780 b/retired/CVE-2023-51780
new file mode 100644
index 00000000..99ecb64a
--- /dev/null
+++ b/retired/CVE-2023-51780
@@ -0,0 +1,12 @@
+Description: atm: Fix Use-After-Free in do_vcc_ioctl
+References:
+Notes:
+Bugs:
+upstream: released (6.7-rc6) [24e90b9e34f9e039f56b5f25f6e6eb92cdd8f4b3]
+6.1-upstream-stable: released (6.1.69) [2de2a6cbe14f7e949da59bddd5d69baf5dd893c0]
+5.10-upstream-stable: released (5.10.205) [64a032015c336ca1795b3e1b1d1f94085ada3553]
+4.19-upstream-stable: released (4.19.303) [bff7ddb0d9d515170dcf133d239dba87c47c8cdb]
+sid: released (6.6.8-1)
+6.1-bookworm-security: released (6.1.69-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-51781 b/retired/CVE-2023-51781
new file mode 100644
index 00000000..88e57e39
--- /dev/null
+++ b/retired/CVE-2023-51781
@@ -0,0 +1,12 @@
+Description: appletalk: Fix Use-After-Free in atalk_ioctl
+References:
+Notes:
+Bugs:
+upstream: released (6.7-rc6) [189ff16722ee36ced4d2a2469d4ab65a8fee4198]
+6.1-upstream-stable: released (6.1.69) [1646b2929d5efc3861139ba58556b0f149c848f6]
+5.10-upstream-stable: released (5.10.205) [a232eb81c7cb5d4dbd325d4611ed029b7fa07596]
+4.19-upstream-stable: released (4.19.303) [580ff9f59ab6537d8ce1d0d9f012cf970553ef3d]
+sid: released (6.6.8-1)
+6.1-bookworm-security: released (6.1.69-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-51782 b/retired/CVE-2023-51782
new file mode 100644
index 00000000..e44ddaab
--- /dev/null
+++ b/retired/CVE-2023-51782
@@ -0,0 +1,12 @@
+Description: net/rose: Fix Use-After-Free in rose_ioctl
+References:
+Notes:
+Bugs:
+upstream: released (6.7-rc6) [810c38a369a0a0ce625b5c12169abce1dd9ccd53]
+6.1-upstream-stable: released (6.1.69) [01540ee2366a0a8671c35cd57a66bf0817106ffa]
+5.10-upstream-stable: released (5.10.205) [7eda5960a5332654b10d951e735750ed60d7f0a9]
+4.19-upstream-stable: released (4.19.303) [6c9afea8827dde62c4062185d22ac035090ba39b]
+sid: released (6.6.8-1)
+6.1-bookworm-security: released (6.1.69-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-5197 b/retired/CVE-2023-5197
new file mode 100644
index 00000000..a669ab8e
--- /dev/null
+++ b/retired/CVE-2023-5197
@@ -0,0 +1,16 @@
+Description: netfilter: nf_tables: disallow rule removal from chain binding
+References:
+ https://kernel.dance/f15f29fd4779be8a418b66e9d52979bb6d6c2325
+Notes:
+ carnil> Commit fixes d0e2c7de92c7 ("netfilter: nf_tables: add
+ carnil> NFT_CHAIN_BINDING") in 5.9-rc1.
+ carnil> For 6.5.y fixed as well in 6.5.6.
+Bugs:
+upstream: released (6.6-rc3) [f15f29fd4779be8a418b66e9d52979bb6d6c2325]
+6.1-upstream-stable: released (6.1.56) [9af8bb2afea3705b58fe930f97a39322f46e5b8b]
+5.10-upstream-stable: released (5.10.198) [5a03b42ae1ed646eb5f5acceff1fb2b1d85ec077]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52433 b/retired/CVE-2023-52433
new file mode 100644
index 00000000..dab95f09
--- /dev/null
+++ b/retired/CVE-2023-52433
@@ -0,0 +1,17 @@
+Description: netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
+References:
+ https://lore.kernel.org/linux-cve-announce/2024022058-outsell-equator-e1c5@gregkh/
+Notes:
+ carnil> Introduced with f6c383b8c31a ("netfilter: nf_tables: adapt set
+ carnil> backend to use GC transaction API") in 6.5-rc5 which got
+ carnil> backported to 5.10.198, 6.1.56 and 6.4.11. But for 5.10.y and
+ carnil> 6.1.y fixed in the same upstream version along.
+Bugs:
+upstream: released (6.6-rc1) [2ee52ae94baabf7ee09cf2a8d854b990dac5d0e4]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.6-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52438 b/retired/CVE-2023-52438
new file mode 100644
index 00000000..f499922c
--- /dev/null
+++ b/retired/CVE-2023-52438
@@ -0,0 +1,15 @@
+Description: binder: fix use-after-free in shinker's callback
+References:
+ https://lore.kernel.org/linux-cve-announce/2024022017-slit-wish-e5d7@gregkh/
+Notes:
+ carnil> Commit fixes dd2283f2605e ("mm: mmap: zap pages with read
+ carnil> mmap_sem in munmap") in 4.20-rc1.
+Bugs:
+upstream: released (6.8-rc1) [3f489c2067c5824528212b0fc18b28d51332d906]
+6.1-upstream-stable: released (6.1.74) [9fa04c93f24138747807fe75b5591bb680098f56]
+5.10-upstream-stable: released (5.10.209) [c8c1158ffb007197f31f9d9170cf13e4f34cbb5c]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.13-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: released (5.10.209-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52440 b/retired/CVE-2023-52440
new file mode 100644
index 00000000..e29b1427
--- /dev/null
+++ b/retired/CVE-2023-52440
@@ -0,0 +1,13 @@
+Description: ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()
+References:
+ https://www.zerodayinitiative.com/advisories/ZDI-24-229/
+Notes:
+Bugs:
+upstream: released (6.6-rc1) [4b081ce0d830b684fdf967abc3696d1261387254]
+6.1-upstream-stable: released (6.1.52) [30fd6521b2fbd9b767e438e31945e5ea3e3a2fba]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.3-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52441 b/retired/CVE-2023-52441
new file mode 100644
index 00000000..458e5290
--- /dev/null
+++ b/retired/CVE-2023-52441
@@ -0,0 +1,13 @@
+Description: ksmbd: fix out of bounds in init_smb2_rsp_hdr()
+References:
+ https://www.zerodayinitiative.com/advisories/ZDI-24-228/
+Notes:
+Bugs:
+upstream: released (6.5-rc4) [536bb492d39bb6c080c92f31e8a55fe9934f452b]
+6.1-upstream-stable: released (6.1.53) [330d900620dfc9893011d725b3620cd2ee0bc2bc]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.3-1)
+6.1-bookworm-security: released (6.1.55-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52442 b/retired/CVE-2023-52442
new file mode 100644
index 00000000..c9d90fb6
--- /dev/null
+++ b/retired/CVE-2023-52442
@@ -0,0 +1,13 @@
+Description: ksmbd: validate session id and tree id in compound request
+References:
+ https://www.zerodayinitiative.com/advisories/ZDI-24-227/
+Notes:
+Bugs:
+upstream: released (6.5-rc4) [3df0411e132ee74a87aa13142dfd2b190275332e]
+6.1-upstream-stable: released (6.1.53) [becb5191d1d5fdfca0198a2e37457bbbf4fe266f]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.3-1)
+6.1-bookworm-security: released (6.1.55-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52446 b/retired/CVE-2023-52446
new file mode 100644
index 00000000..63062aed
--- /dev/null
+++ b/retired/CVE-2023-52446
@@ -0,0 +1,13 @@
+Description: bpf: Fix a race condition between btf_put() and map_free()
+References:
+Notes:
+ carnil> Commit fixes 958cf2e273f0 ("bpf: Introduce bpf_obj_new") in 6.2-rc1.
+Bugs:
+upstream: released (6.8-rc1) [59e5791f59dd83e8aa72a4e74217eabb6e8cfd90]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52448 b/retired/CVE-2023-52448
new file mode 100644
index 00000000..11a67dfe
--- /dev/null
+++ b/retired/CVE-2023-52448
@@ -0,0 +1,14 @@
+Description: gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump
+References:
+Notes:
+ carnil> Introduced by 72244b6bc752 ("gfs2: improve debug information
+ carnil> when lvb mismatches are found") 4.20-rc1.
+Bugs:
+upstream: released (6.8-rc1) [8877243beafa7c6bfc42022cbfdf9e39b25bd4fa]
+6.1-upstream-stable: released (6.1.75) [d69d7804cf9e2ba171a27e5f98bc266f13d0414a]
+5.10-upstream-stable: released (5.10.209) [5c28478af371a1c3fdb570ca67f110e1ae60fc37]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: released (5.10.209-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52450 b/retired/CVE-2023-52450
new file mode 100644
index 00000000..8f1073bc
--- /dev/null
+++ b/retired/CVE-2023-52450
@@ -0,0 +1,14 @@
+Description: perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology()
+References:
+Notes:
+ carnil> Introduced by f680b6e6062e ("perf/x86/intel/uncore: Enable UPI
+ carnil> topology discovery for Icelake Server") in 6.2-rc1.
+Bugs:
+upstream: released (6.8-rc1) [1692cf434ba13ee212495b5af795b6a07e986ce4]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52451 b/retired/CVE-2023-52451
new file mode 100644
index 00000000..65b77220
--- /dev/null
+++ b/retired/CVE-2023-52451
@@ -0,0 +1,12 @@
+Description: powerpc/pseries/memhp: Fix access beyond end of drmem array
+References:
+Notes:
+Bugs:
+upstream: released (6.8-rc1) [bd68ffce69f6cf8ddd3a3c32549d1d2275e49fc5]
+6.1-upstream-stable: released (6.1.75) [026fd977dc50ff4a5e09bfb0603557f104d3f3a0]
+5.10-upstream-stable: released (5.10.209) [b582aa1f66411d4adcc1aa55b8c575683fb4687e]
+4.19-upstream-stable: released (4.19.306) [bb79613a9a704469ddb8d6c6029d532a5cea384c]
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: released (5.10.209-1)
+4.19-buster-security: ignored "powerpc not supported in LTS"
diff --git a/retired/CVE-2023-52453 b/retired/CVE-2023-52453
new file mode 100644
index 00000000..8ff00f9f
--- /dev/null
+++ b/retired/CVE-2023-52453
@@ -0,0 +1,16 @@
+Description: hisi_acc_vfio_pci: Update migration data pointer correctly on saving/resume
+References:
+Notes:
+ ksecbot> Commit fixes d9a871e4a143 ("hisi_acc_vfio_pci: Introduce
+ ksecbot> support for PRE_COPY state transitions") in 6.2-rc1.
+Bugs:
+upstream: released (6.8-rc1) [be12ad45e15b5ee0e2526a50266ba1d295d26a88]
+6.7-upstream-stable: released (6.7.2) [6bda81e24a35a856f58e6a5786de579b07371603]
+6.6-upstream-stable: released (6.6.14) [45f80b2f230df10600e6fa1b83b28bf1c334185e]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52454 b/retired/CVE-2023-52454
new file mode 100644
index 00000000..febef743
--- /dev/null
+++ b/retired/CVE-2023-52454
@@ -0,0 +1,16 @@
+Description: nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length
+References:
+Notes:
+ carnil> Commit fixes 872d26a391da ("nvmet-tcp: add NVMe over TCP target
+ carnil> driver") 5.0-rc1.
+Bugs:
+upstream: released (6.8-rc1) [efa56305908ba20de2104f1b8508c6a7401833be]
+6.7-upstream-stable: released (6.7.2) [70154e8d015c9b4fb56c1a2ef1fc8b83d45c7f68]
+6.6-upstream-stable: released (6.6.14) [24e05760186dc070d3db190ca61efdbce23afc88]
+6.1-upstream-stable: released (6.1.75) [2871aa407007f6f531fae181ad252486e022df42]
+5.10-upstream-stable: released (5.10.209) [f775f2621c2ac5cc3a0b3a64665dad4fb146e510]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: released (5.10.209-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52455 b/retired/CVE-2023-52455
new file mode 100644
index 00000000..002049f3
--- /dev/null
+++ b/retired/CVE-2023-52455
@@ -0,0 +1,16 @@
+Description: iommu: Don't reserve 0-length IOVA region
+References:
+Notes:
+ carnil> Commit fixes a5bf3cfce8cb ("iommu: Implement
+ carnil> of_iommu_get_resv_regions()") in 6.3-rc1.
+Bugs:
+upstream: released (6.8-rc1) [bb57f6705960bebeb832142ce9abf43220c3eab1]
+6.7-upstream-stable: released (6.7.2) [5e23e283910c9f30248732ae0770bcb0c9438abf]
+6.6-upstream-stable: released (6.6.14) [98b8a550da83cc392a14298c4b3eaaf0332ae6ad]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52456 b/retired/CVE-2023-52456
new file mode 100644
index 00000000..67375b46
--- /dev/null
+++ b/retired/CVE-2023-52456
@@ -0,0 +1,16 @@
+Description: serial: imx: fix tx statemachine deadlock
+References:
+Notes:
+ carnil> Commit fixes cb1a60923609 ("serial: imx: implement rts delaying
+ carnil> for rs485") in 5.9-rc1.
+Bugs:
+upstream: released (6.8-rc1) [78d60dae9a0c9f09aa3d6477c94047df2fe6f7b0]
+6.7-upstream-stable: released (6.7.2) [9a662d06c22ddfa371958c2071dc350436be802b]
+6.6-upstream-stable: released (6.6.14) [763cd68746317b5d746dc2649a3295c1efb41181]
+6.1-upstream-stable: released (6.1.75) [63ee7be01a3f7d28b1ea8b8d7944f12bb7b0ed06]
+5.10-upstream-stable: released (5.10.209) [6e04a9d30509fb53ba6df5d655ed61d607a7cfda]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: released (5.10.209-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52457 b/retired/CVE-2023-52457
new file mode 100644
index 00000000..4da35150
--- /dev/null
+++ b/retired/CVE-2023-52457
@@ -0,0 +1,17 @@
+Description: serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed
+References:
+Notes:
+ carnil> Introduced in e3f0c638f428 ("serial: 8250: omap: Fix unpaired
+ carnil> pm_runtime_put_sync() in omap8250_remove()"). Vulnerable versions: 5.4.225
+ carnil> 5.10.156 5.15.80 6.0.10 6.1-rc6.
+Bugs:
+upstream: released (6.8-rc1) [ad90d0358bd3b4554f243a425168fc7cebe7d04e]
+6.7-upstream-stable: released (6.7.2) [95e4e0031effad9837af557ecbfd4294a4d8aeee]
+6.6-upstream-stable: released (6.6.14) [887a558d0298d36297daea039954c39940228d9b]
+6.1-upstream-stable: released (6.1.75) [d74173bda29aba58f822175d983d07c8ed335494]
+5.10-upstream-stable: released (5.10.209) [bc57f3ef8a9eb0180606696f586a6dcfaa175ed0]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: released (5.10.209-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52459 b/retired/CVE-2023-52459
new file mode 100644
index 00000000..237ed942
--- /dev/null
+++ b/retired/CVE-2023-52459
@@ -0,0 +1,16 @@
+Description: media: v4l: async: Fix duplicated list deletion
+References:
+Notes:
+ carnil> Commit fixes 28a1295795d8 ("media: v4l: async: Allow multiple
+ carnil> connections between entities") in 6.6-rc1.
+Bugs:
+upstream: released (6.8-rc1) [3de6ee94aae701fa949cd3b5df6b6a440ddfb8f2]
+6.7-upstream-stable: released (6.7.2) [49d82811428469566667f22749610b8c132cdb3e]
+6.6-upstream-stable: released (6.6.14) [b7062628caeaec90e8f691ebab2d70f31b7b6b91]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52460 b/retired/CVE-2023-52460
new file mode 100644
index 00000000..1fd6acc0
--- /dev/null
+++ b/retired/CVE-2023-52460
@@ -0,0 +1,16 @@
+Description: drm/amd/display: Fix NULL pointer dereference at hibernate
+References:
+Notes:
+ carnil> Commit fixes 7966f319c66d ("drm/amd/display: Introduce DML2")
+ carnil> in 6.7-rc1.
+Bugs:
+upstream: released (6.8-rc1) [b719a9c15d52d4f56bdea8241a5d90fd9197ce99]
+6.7-upstream-stable: released (6.7.2) [6b80326efff093d037e0971831dca6ebddba9b45]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52461 b/retired/CVE-2023-52461
new file mode 100644
index 00000000..feb497c7
--- /dev/null
+++ b/retired/CVE-2023-52461
@@ -0,0 +1,16 @@
+Description: drm/sched: Fix bounds limiting when given a malformed entity
+References:
+Notes:
+ carnil> Commit fixes 56e449603f0ac5 ("drm/sched: Convert the GPU
+ carnil> scheduler to variable number of run-queues") in 6.7-rc1.
+Bugs:
+upstream: released (6.8-rc1) [2bbe6ab2be53858507f11f99f856846d04765ae3]
+6.7-upstream-stable: released (6.7.2) [1470d173925d697b497656b93f7c5bddae2e64b2]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52462 b/retired/CVE-2023-52462
new file mode 100644
index 00000000..bc8e940d
--- /dev/null
+++ b/retired/CVE-2023-52462
@@ -0,0 +1,16 @@
+Description: bpf: fix check for attempt to corrupt spilled pointer
+References:
+Notes:
+ carnil> Commit fixes 27113c59b6d0 ("bpf: Check the other end of
+ carnil> slot_type for STACK_SPILL") in 5.16-rc1 and 5.10.163.
+Bugs:
+upstream: released (6.8-rc1) [ab125ed3ec1c10ccc36bc98c7a4256ad114a3dae]
+6.7-upstream-stable: released (6.7.2) [40617d45ea05535105e202a8a819e388a2b1f036]
+6.6-upstream-stable: released (6.6.14) [8dc15b0670594543c356567a1a45b0182ec63174]
+6.1-upstream-stable: released (6.1.75) [fc3e3c50a0a4cac1463967c110686189e4a59104]
+5.10-upstream-stable: released (5.10.209) [2757f17972d87773b3677777f5682510f13c66ef]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: released (5.10.209-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52463 b/retired/CVE-2023-52463
new file mode 100644
index 00000000..9a4f2a74
--- /dev/null
+++ b/retired/CVE-2023-52463
@@ -0,0 +1,16 @@
+Description: efivarfs: force RO when remounting if SetVariable is not supported
+References:
+Notes:
+ carnil> Commit fixes f88814cc2578 ("efi/efivars: Expose RT service
+ carnil> availability via efivars abstraction") in 5.8-rc7 (and 5.7.11)
+Bugs:
+upstream: released (6.8-rc1) [0e8d2444168dd519fea501599d150e62718ed2fe]
+6.7-upstream-stable: released (6.7.2) [d4a714873db0866cc471521114eeac4a5072d548]
+6.6-upstream-stable: released (6.6.14) [0049fe7e4a85849bdd778cdb72e51a791ff3d737]
+6.1-upstream-stable: released (6.1.75) [d4a9aa7db574a0da64307729cc031fb68597aa8b]
+5.10-upstream-stable: released (5.10.209) [94c742324ed7e42c5bd6a9ed22e4ec6d764db4d8]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: released (5.10.209-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52465 b/retired/CVE-2023-52465
new file mode 100644
index 00000000..f5f2e849
--- /dev/null
+++ b/retired/CVE-2023-52465
@@ -0,0 +1,16 @@
+Description: power: supply: Fix null pointer dereference in smb2_probe
+References:
+Notes:
+ carnil> Introduced in 8648aeb5d7b7 ("power: supply: add Qualcomm PMI8998 SMB2 Charger
+ carnil> driver"). Vulnerable versions: 6.5-rc1.
+Bugs:
+upstream: released (6.8-rc1) [88f04bc3e737155e13caddf0ba8ed19db87f0212]
+6.7-upstream-stable: released (6.7.2) [bd3d2ec447ede9da822addf3960a5f4275e3ae76]
+6.6-upstream-stable: released (6.6.14) [e2717302fbc20f148bcda362facee0444b949a3a]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52467 b/retired/CVE-2023-52467
new file mode 100644
index 00000000..da90a3a3
--- /dev/null
+++ b/retired/CVE-2023-52467
@@ -0,0 +1,16 @@
+Description: mfd: syscon: Fix null pointer dereference in of_syscon_register()
+References:
+Notes:
+ carnil> Introduced in e15d7f2b81d2 ("mfd: syscon: Use a unique name with
+ carnil> regmap_config"). Vulnerable versions: 5.9-rc1.
+Bugs:
+upstream: released (6.8-rc1) [41673c66b3d0c09915698fec5c13b24336f18dd1]
+6.7-upstream-stable: released (6.7.2) [7f2c410ac470959b88e03dadd94b7a0b71df7973]
+6.6-upstream-stable: released (6.6.14) [3ef1130deee98997275904d9bfc37af75e1e906c]
+6.1-upstream-stable: released (6.1.75) [527e8c5f3d00299822612c495d5adf1f8f43c001]
+5.10-upstream-stable: released (5.10.209) [927626a2073887ee30ba00633260d4d203f8e875]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: released (5.10.209-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52468 b/retired/CVE-2023-52468
new file mode 100644
index 00000000..e3efa4eb
--- /dev/null
+++ b/retired/CVE-2023-52468
@@ -0,0 +1,16 @@
+Description: class: fix use-after-free in class_register()
+References:
+Notes:
+ carnil> Introduced in dcfbb67e48a2 ("driver core: class: use lock_class_key already
+ carnil> present in struct subsys_private"). Vulnerable versions: 6.4-rc1.
+Bugs:
+upstream: released (6.8-rc1) [93ec4a3b76404bce01bd5c9032bef5df6feb1d62]
+6.7-upstream-stable: released (6.7.2) [0f1486dafca3398c4c46b9f6e6452fa27e73b559]
+6.6-upstream-stable: released (6.6.14) [b57196a5ec5e4c0ffecde8348b085b778c7dce04]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52471 b/retired/CVE-2023-52471
new file mode 100644
index 00000000..0c404b2f
--- /dev/null
+++ b/retired/CVE-2023-52471
@@ -0,0 +1,16 @@
+Description: ice: Fix some null pointer dereference issues in ice_ptp.c
+References:
+Notes:
+ carnil> Introduced in d938a8cca88a ("ice: Auxbus devices & driver for E822 TS").
+ carnil> Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.8-rc1) [3027e7b15b02d2d37e3f82d6b8404f6d37e3b8cf]
+6.7-upstream-stable: released (6.7.2) [3cd9b9bee33f39f6c6d52360fe381b89a7b12695]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52472 b/retired/CVE-2023-52472
new file mode 100644
index 00000000..bb2e88ac
--- /dev/null
+++ b/retired/CVE-2023-52472
@@ -0,0 +1,16 @@
+Description: crypto: rsa - add a check for allocation failure
+References:
+Notes:
+ carnil> Introduced in 6637e11e4ad2 ("crypto: rsa - allow only odd e and restrict value
+ carnil> in FIPS mode"). Vulnerable versions: 6.5-rc1.
+Bugs:
+upstream: released (6.8-rc1) [d872ca165cb67112f2841ef9c37d51ef7e63d1e4]
+6.7-upstream-stable: released (6.7.2) [95ad8b6879e2e49d02e3bfc0e1fb46421633fe2a]
+6.6-upstream-stable: released (6.6.14) [2831f4d3bfa68e64c5f83e96688be779c87b3511]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52473 b/retired/CVE-2023-52473
new file mode 100644
index 00000000..755576eb
--- /dev/null
+++ b/retired/CVE-2023-52473
@@ -0,0 +1,16 @@
+Description: thermal: core: Fix NULL pointer dereference in zone registration error path
+References:
+Notes:
+ carnil> Introduced in 3d439b1a2ad3 ("thermal/core: Alloc-copy-free the thermal zone
+ carnil> parameters structure"). Vulnerable versions: 6.4-rc1.
+Bugs:
+upstream: released (6.8-rc1) [04e6ccfc93c5a1aa1d75a537cf27e418895e20ea]
+6.7-upstream-stable: released (6.7.2) [02871710b93058eb1249d5847c0b2d1c2c3c98ae]
+6.6-upstream-stable: released (6.6.14) [335176dd8ebaca6493807dceea33c478305667fa]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52475 b/retired/CVE-2023-52475
new file mode 100644
index 00000000..1e3af3ac
--- /dev/null
+++ b/retired/CVE-2023-52475
@@ -0,0 +1,15 @@
+Description: Input: powermate - fix use-after-free in powermate_config_complete
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.6-rc6) [5c15c60e7be615f05a45cd905093a54b11f461bc]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.59) [2efe67c581a2a6122b328d4bb6f21b3f36f40d46]
+5.10-upstream-stable: released (5.10.199) [cd2fbfd8b922b7fdd50732e47d797754ab59cb06]
+4.19-upstream-stable: released (4.19.297) [67cace72606baf1758fd60feb358f4c6be92e1cc]
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-52477 b/retired/CVE-2023-52477
new file mode 100644
index 00000000..f12727fc
--- /dev/null
+++ b/retired/CVE-2023-52477
@@ -0,0 +1,15 @@
+Description: usb: hub: Guard against accesses to uninitialized BOS descriptors
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.6-rc6) [f74a7afc224acd5e922c7a2e52244d891bbe44ee]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.59) [fb9895ab9533534335fa83d70344b397ac862c81]
+5.10-upstream-stable: released (5.10.199) [241f230324337ed5eae3846a554fb6d15169872c]
+4.19-upstream-stable: released (4.19.297) [8e7346bfea56453e31b7421c1c17ca2fb9ed613d]
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-52478 b/retired/CVE-2023-52478
new file mode 100644
index 00000000..abac82c2
--- /dev/null
+++ b/retired/CVE-2023-52478
@@ -0,0 +1,15 @@
+Description: HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.6-rc6) [dac501397b9d81e4782232c39f94f4307b137452]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.59) [fd72ac9556a473fc7daf54efb6ca8a97180d621d]
+5.10-upstream-stable: released (5.10.199) [093af62c023537f097d2ebdfaa0bc7c1a6e874e1]
+4.19-upstream-stable: released (4.19.297) [44481b244fcaa2b895a53081d6204c574720c38c]
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-52483 b/retired/CVE-2023-52483
new file mode 100644
index 00000000..43db8a4a
--- /dev/null
+++ b/retired/CVE-2023-52483
@@ -0,0 +1,16 @@
+Description: mctp: perform route lookups under a RCU read-side lock
+References:
+Notes:
+ carnil> Introduced in 889b7da23abf ("mctp: Add initial routing framework"). Vulnerable
+ carnil> versions: 5.15-rc1.
+Bugs:
+upstream: released (6.6-rc6) [5093bbfc10ab6636b32728e35813cbd79feb063c]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.59) [1db0724a01b558feb1ecae551782add1951a114a]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52487 b/retired/CVE-2023-52487
new file mode 100644
index 00000000..ae915003
--- /dev/null
+++ b/retired/CVE-2023-52487
@@ -0,0 +1,16 @@
+Description: net/mlx5e: Fix peer flow lists handling
+References:
+Notes:
+ carnil> Introduced in 9be6c21fdcf8 ("net/mlx5e: Handle offloads flows per peer").
+ carnil> Vulnerable versions: 6.5-rc1.
+Bugs:
+upstream: released (6.8-rc2) [d76fdd31f953ac5046555171620f2562715e9b71]
+6.7-upstream-stable: released (6.7.3) [e24d6f5a7f2d95a98a46257a5a5a5381d572894f]
+6.6-upstream-stable: released (6.6.15) [74cec142f89bf85c6c99c5db957da9f663f9f16f]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52490 b/retired/CVE-2023-52490
new file mode 100644
index 00000000..d183cd64
--- /dev/null
+++ b/retired/CVE-2023-52490
@@ -0,0 +1,16 @@
+Description: mm: migrate: fix getting incorrect page mapping during page migration
+References:
+Notes:
+ carnil> Introduced in 64c8902ed441 ("migrate_pages: split unmap_and_move() to _unmap()
+ carnil> and _move()"). Vulnerable versions: 6.3-rc1.
+Bugs:
+upstream: released (6.8-rc1) [d1adb25df7111de83b64655a80b5a135adbded61]
+6.7-upstream-stable: released (6.7.3) [3889a418b6eb9a1113fb989aaadecf2f64964767]
+6.6-upstream-stable: released (6.6.15) [9128bfbc5c80d8f4874dd0a0424d1f5fb010df1b]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52495 b/retired/CVE-2023-52495
new file mode 100644
index 00000000..b088a3a6
--- /dev/null
+++ b/retired/CVE-2023-52495
@@ -0,0 +1,16 @@
+Description: soc: qcom: pmic_glink_altmode: fix port sanity check
+References:
+Notes:
+ carnil> Introduced in 080b4e24852b ("soc: qcom: pmic_glink: Introduce altmode
+ carnil> support"). Vulnerable versions: 6.3-rc1.
+Bugs:
+upstream: released (6.8-rc1) [c4fb7d2eac9ff9bfc35a2e4d40c7169a332416e0]
+6.7-upstream-stable: released (6.7.3) [d26edf4ee3672cc9828f2a3ffae34086a712574d]
+6.6-upstream-stable: released (6.6.15) [532a5557da6892a6b2d5793052e1bce1f4c9e177]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52499 b/retired/CVE-2023-52499
new file mode 100644
index 00000000..c0aba053
--- /dev/null
+++ b/retired/CVE-2023-52499
@@ -0,0 +1,16 @@
+Description: powerpc/47x: Fix 47x syscall return crash
+References:
+Notes:
+ carnil> Introduced in 6f76a01173cc ("powerpc/syscall: implement system call entry/exit
+ carnil> logic in C for PPC32"). Vulnerable versions: 5.12-rc1.
+Bugs:
+upstream: released (6.6-rc6) [f0eee815babed70a749d2496a7678be5b45b4c14]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.59) [8ac2689502f986a46f4221e239d4ff2897f1ccb3]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52502 b/retired/CVE-2023-52502
new file mode 100644
index 00000000..c8427a31
--- /dev/null
+++ b/retired/CVE-2023-52502
@@ -0,0 +1,16 @@
+Description: net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()
+References:
+Notes:
+ carnil> Introduced in 8f50020ed9b8 ("NFC: LLCP late binding"). Vulnerable versions:
+ carnil> 3.6-rc1.
+Bugs:
+upstream: released (6.6-rc6) [31c07dffafce914c1d1543c135382a11ff058d93]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.59) [e4f2611f07c87b3ddb57c4b9e8efcd1e330fc3dc]
+5.10-upstream-stable: released (5.10.199) [6ac22ecdaad2ecc662048f8c6b0ceb1ca0699ef9]
+4.19-upstream-stable: released (4.19.297) [e863f5720a5680e50c4cecf12424d7cc31b3eb0a]
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-52503 b/retired/CVE-2023-52503
new file mode 100644
index 00000000..390f140e
--- /dev/null
+++ b/retired/CVE-2023-52503
@@ -0,0 +1,16 @@
+Description: tee: amdtee: fix use-after-free vulnerability in amdtee_close_session
+References:
+Notes:
+ carnil> Introduced in 757cc3e9ff1d ("tee: add AMD-TEE driver"). Vulnerable versions:
+ carnil> 5.6-rc1.
+Bugs:
+upstream: released (6.6-rc6) [f4384b3e54ea813868bb81a861bf5b2406e15d8f]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.59) [60c3e7a00db954947c265b55099c21b216f2a05c]
+5.10-upstream-stable: released (5.10.199) [da7ce52a2f6c468946195b116615297d3d113a27]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52504 b/retired/CVE-2023-52504
new file mode 100644
index 00000000..de85a9d3
--- /dev/null
+++ b/retired/CVE-2023-52504
@@ -0,0 +1,16 @@
+Description: x86/alternatives: Disable KASAN in apply_alternatives()
+References:
+Notes:
+ carnil> Introduced in 6657fca06e3f ("x86/mm: Allow to boot without LA57 if
+ carnil> CONFIG_X86_5LEVEL=y"). Vulnerable versions: 4.17-rc1.
+Bugs:
+upstream: released (6.6-rc6) [d35652a5fc9944784f6f50a5c979518ff8dacf61]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.59) [5b784489c8158518bf7a466bb3cc045b0fb66b4b]
+5.10-upstream-stable: released (5.10.199) [6788b10620ca6e98575d1e06e72a8974aad7657e]
+4.19-upstream-stable: released (4.19.297) [3719d3c36aa853d5a2401af9f8d6b116c91ad5ae]
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-52505 b/retired/CVE-2023-52505
new file mode 100644
index 00000000..4b3374eb
--- /dev/null
+++ b/retired/CVE-2023-52505
@@ -0,0 +1,16 @@
+Description: phy: lynx-28g: serialize concurrent phy_set_mode_ext() calls to shared registers
+References:
+Notes:
+ carnil> Introduced in 8f73b37cf3fb ("phy: add support for the Layerscape SerDes 28G").
+ carnil> Vulnerable versions: 5.18-rc1.
+Bugs:
+upstream: released (6.6-rc6) [139ad1143151a07be93bf741d4ea7c89e59f89ce]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.59) [6f901f8448c6b25ed843796b114471d2a3fc5dfb]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52506 b/retired/CVE-2023-52506
new file mode 100644
index 00000000..ed8d7e16
--- /dev/null
+++ b/retired/CVE-2023-52506
@@ -0,0 +1,17 @@
+Description: LoongArch: Set all reserved memblocks on Node#0 at initialization
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+ bwh> LoongArch was only added in 5.19 and is not supported in any
+ bwh> Debian stable release.
+Bugs:
+upstream: released (6.6-rc3) [b795fb9f5861ee256070d59e33130980a01fadd7]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [f105e893a8edd48bdf4bef9fef845a9ff402f737]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52507 b/retired/CVE-2023-52507
new file mode 100644
index 00000000..c8221600
--- /dev/null
+++ b/retired/CVE-2023-52507
@@ -0,0 +1,16 @@
+Description: nfc: nci: assert requested protocol is valid
+References:
+Notes:
+ carnil> Introduced in 6a2968aaf50c ("NFC: basic NCI protocol implementation").
+ carnil> Vulnerable versions: 3.2-rc1.
+Bugs:
+upstream: released (6.6-rc6) [354a6e707e29cb0c007176ee5b8db8be7bd2dee0]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.59) [853dda54ba59ea70d5580a298b7ede4707826848]
+5.10-upstream-stable: released (5.10.199) [a424807d860ba816aaafc3064b46b456361c0802]
+4.19-upstream-stable: released (4.19.297) [a686f84101680b8442181a8846fbd3c934653729]
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-52510 b/retired/CVE-2023-52510
new file mode 100644
index 00000000..15312fd9
--- /dev/null
+++ b/retired/CVE-2023-52510
@@ -0,0 +1,16 @@
+Description: ieee802154: ca8210: Fix a potential UAF in ca8210_probe
+References:
+Notes:
+ carnil> Introduced in ded845a781a5 ("ieee802154: Add CA8210 IEEE 802.15.4 device
+ carnil> driver"). Vulnerable versions: 4.12-rc1.
+Bugs:
+upstream: released (6.6-rc6) [f990874b1c98fe8e57ee9385669f501822979258]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.59) [217efe32a45249eb07dcd7197e8403de98345e66]
+5.10-upstream-stable: released (5.10.199) [55e06850c7894f00d41b767c5f5665459f83f58f]
+4.19-upstream-stable: released (4.19.297) [cdb46be93c1f7bbf2c4649e9fc5fb147cfb5245d]
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-52512 b/retired/CVE-2023-52512
new file mode 100644
index 00000000..e492a27d
--- /dev/null
+++ b/retired/CVE-2023-52512
@@ -0,0 +1,16 @@
+Description: pinctrl: nuvoton: wpcm450: fix out of bounds write
+References:
+Notes:
+ carnil> Introduced in a1d1e0e3d80a ("pinctrl: nuvoton: Add driver for WPCM450").
+ carnil> Vulnerable versions: 5.18-rc1.
+Bugs:
+upstream: released (6.6-rc6) [87d315a34133edcb29c4cadbf196ec6c30dfd47b]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.59) [6c18c386fd13dbb3ff31a1086dabb526780d9bda]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52513 b/retired/CVE-2023-52513
new file mode 100644
index 00000000..c6693f28
--- /dev/null
+++ b/retired/CVE-2023-52513
@@ -0,0 +1,16 @@
+Description: RDMA/siw: Fix connection failure handling
+References:
+Notes:
+ carnil> Introduced in 6c52fdc244b5 ("rdma/siw: connection management"). Vulnerable
+ carnil> versions: 5.3-rc1.
+Bugs:
+upstream: released (6.6-rc5) [53a3f777049771496f791504e7dc8ef017cba590]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.57) [5cf38e638e5d01b68f9133968a85e8b3fd1ecf2f]
+5.10-upstream-stable: released (5.10.198) [0d520cdb0cd095eac5d00078dfd318408c9b5eed]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52518 b/retired/CVE-2023-52518
new file mode 100644
index 00000000..9716687b
--- /dev/null
+++ b/retired/CVE-2023-52518
@@ -0,0 +1,16 @@
+Description: Bluetooth: hci_codec: Fix leaking content of local_codecs
+References:
+Notes:
+ carnil> Introduced in 8961987f3f5f ("Bluetooth: Enumerate local supported codec and
+ carnil> cache details"). Vulnerable versions: 5.16-rc1.
+Bugs:
+upstream: released (6.6-rc5) [b938790e70540bf4f2e653dcd74b232494d06c8f]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.57) [626535077ba9dc110787540d1fe24881094c15a1]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52519 b/retired/CVE-2023-52519
new file mode 100644
index 00000000..2e652f89
--- /dev/null
+++ b/retired/CVE-2023-52519
@@ -0,0 +1,16 @@
+Description: HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit
+References:
+Notes:
+ carnil> Introduced in 2e23a70edabe ("HID: intel-ish-hid: ipc: finish power flow for EHL
+ carnil> OOB"). Vulnerable versions: 5.12-rc1.
+Bugs:
+upstream: released (6.6-rc5) [8f02139ad9a7e6e5c05712f8c1501eebed8eacfd]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.57) [cdcc04e844a2d22d9d25cef1e8e504a174ea9f8f]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52520 b/retired/CVE-2023-52520
new file mode 100644
index 00000000..d7fd7d86
--- /dev/null
+++ b/retired/CVE-2023-52520
@@ -0,0 +1,16 @@
+Description: platform/x86: think-lmi: Fix reference leak
+References:
+Notes:
+ carnil> Introduced in 1bcad8e510b2 ("platform/x86: think-lmi: Fix issues with duplicate
+ carnil> attributes"). Vulnerable versions: 5.14-rc1.
+Bugs:
+upstream: released (6.6-rc5) [528ab3e605cabf2f9c9bd5944d3bfe15f6e94f81]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.59) [af21c9119a37cecb7ff27ce0c2f3cf721e9d0ec4]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52523 b/retired/CVE-2023-52523
new file mode 100644
index 00000000..9743e686
--- /dev/null
+++ b/retired/CVE-2023-52523
@@ -0,0 +1,16 @@
+Description: bpf, sockmap: Reject sk_msg egress redirects to non-TCP sockets
+References:
+Notes:
+ carnil> Introduced in 122e6c79efe1 ("sock_map: Update sock type checks for UDP").
+ carnil> Vulnerable versions: 5.13-rc1.
+Bugs:
+upstream: released (6.6-rc5) [b80e31baa43614e086a9d29dc1151932b1bd7fc5]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.57) [b8f97e47b6fb84fcf2f5a22e725eefb6cf5070c2]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52524 b/retired/CVE-2023-52524
new file mode 100644
index 00000000..6d1a339a
--- /dev/null
+++ b/retired/CVE-2023-52524
@@ -0,0 +1,17 @@
+Description: net: nfc: llcp: Add lock when modifying device list
+References:
+Notes:
+ carnil> Introduced in 6709d4b7bc2e ("net: nfc: Fix use-after-free caused by
+ carnil> nfc_llcp_find_local"). Vulnerable versions: 5.4.251 5.10.188 5.15.121 6.1.39
+ carnil> 6.3.13 6.4.4 6.5-rc1.
+Bugs:
+upstream: released (6.6-rc5) [dfc7f7a988dad34c3bf4c053124fb26aa6c5f916]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.57) [7562780e32b84196731d57dd24563546fcf6d082]
+5.10-upstream-stable: released (5.10.198) [dba849cc98113b145c6e720122942c00b8012bdb]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52525 b/retired/CVE-2023-52525
new file mode 100644
index 00000000..03229cd2
--- /dev/null
+++ b/retired/CVE-2023-52525
@@ -0,0 +1,17 @@
+Description: wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet
+References:
+Notes:
+ carnil> Introduced in 119585281617 ("wifi: mwifiex: Fix OOB and integer underflow when
+ carnil> rx packets"). Vulnerable versions: 4.14.326 4.19.295 5.4.257 5.10.195 5.15.132
+ carnil> 6.1.53 6.4.16 6.5.3 6.6-rc1.
+Bugs:
+upstream: released (6.6-rc5) [aef7a0300047e7b4707ea0411dc9597cba108fc8]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.57) [6b706286473db4fd54b5f869faa67f4a8cb18e99]
+5.10-upstream-stable: released (5.10.198) [10a18c8bac7f60d32b7af22da03b66f350beee38]
+4.19-upstream-stable: released (4.19.296) [16cc18b9080892d1a0200a38e36ae52e464bc555]
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-52526 b/retired/CVE-2023-52526
new file mode 100644
index 00000000..f35ab01f
--- /dev/null
+++ b/retired/CVE-2023-52526
@@ -0,0 +1,16 @@
+Description: erofs: fix memory leak of LZMA global compressed deduplication
+References:
+Notes:
+ carnil> Introduced in 5c2a64252c5d ("erofs: introduce partial-referenced pclusters").
+ carnil> Vulnerable versions: 6.1-rc1.
+Bugs:
+upstream: released (6.6-rc5) [75a5221630fe5aa3fedba7a06be618db0f79ba1e]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.57) [6a5a8f0a9740f865693d5aa97a42cc4504538e18]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52527 b/retired/CVE-2023-52527
new file mode 100644
index 00000000..63fc02c1
--- /dev/null
+++ b/retired/CVE-2023-52527
@@ -0,0 +1,16 @@
+Description: ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data()
+References:
+Notes:
+ carnil> Introduced in a32e0eec7042 ("l2tp: introduce L2TPv3 IP encapsulation support
+ carnil> for IPv6"). Vulnerable versions: 3.5-rc1.
+Bugs:
+upstream: released (6.6-rc5) [9d4c75800f61e5d75c1659ba201b6c0c7ead3070]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.57) [f6a7182179c0ed788e3755ee2ed18c888ddcc33f]
+5.10-upstream-stable: released (5.10.198) [96b2e1090397217839fcd6c9b6d8f5d439e705ed]
+4.19-upstream-stable: released (4.19.296) [559d697c5d072593d22b3e0bd8b8081108aeaf59]
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-52528 b/retired/CVE-2023-52528
new file mode 100644
index 00000000..4a654304
--- /dev/null
+++ b/retired/CVE-2023-52528
@@ -0,0 +1,17 @@
+Description: net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg
+References:
+Notes:
+ carnil> Introduced in d0cad871703b ("smsc75xx: SMSC LAN75xx USB gigabit ethernet
+ carnil> adapter driver"). Vulnerable versions: 2.6.34-rc2 3.16.61 3.18.120 4.4.152
+ carnil> 4.9.124 4.14.67 4.17.19.
+Bugs:
+upstream: released (6.6-rc5) [e9c65989920f7c28775ec4e0c11b483910fb67b8]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.57) [9ffc5018020fe646795a8dc1203224b8f776dc09]
+5.10-upstream-stable: released (5.10.198) [30bc4d7aebe33904b0f2d3aad4b4a9c6029ad0c5]
+4.19-upstream-stable: released (4.19.296) [2a36d9e2995c8c3c3f179aab1215a69cff06cbed]
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-52529 b/retired/CVE-2023-52529
new file mode 100644
index 00000000..1bfa3b5d
--- /dev/null
+++ b/retired/CVE-2023-52529
@@ -0,0 +1,16 @@
+Description: HID: sony: Fix a potential memory leak in sony_probe()
+References:
+Notes:
+ carnil> Introduced in fb1a79a6b6e1 ("HID: sony: fix freeze when inserting ghlive
+ carnil> ps3/wii dongles"). Vulnerable versions: 5.12.17 5.13.2 5.14-rc1.
+Bugs:
+upstream: released (6.6-rc5) [e1cd4004cde7c9b694bbdd8def0e02288ee58c74]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.57) [f237b17611fa3501f43f12d1cb64323e10fdcb4f]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52532 b/retired/CVE-2023-52532
new file mode 100644
index 00000000..27847ca6
--- /dev/null
+++ b/retired/CVE-2023-52532
@@ -0,0 +1,16 @@
+Description: net: mana: Fix TX CQE error handling
+References:
+Notes:
+ carnil> Introduced in ca9c54d2d6a5 ("net: mana: Add a driver for Microsoft Azure
+ carnil> Network Adapter (MANA)"). Vulnerable versions: 5.13-rc1.
+Bugs:
+upstream: released (6.6-rc5) [b2b000069a4c307b09548dc2243f31f3ca0eac9c]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.59) [b67d7b1bfc46d05c1a58b172516454698e8d5004]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52559 b/retired/CVE-2023-52559
new file mode 100644
index 00000000..b72c4656
--- /dev/null
+++ b/retired/CVE-2023-52559
@@ -0,0 +1,16 @@
+Description: iommu/vt-d: Avoid memory allocation in iommu_suspend()
+References:
+Notes:
+ carnil> Introduced in 33e07157105e ("iommu/vt-d: Avoid GFP_ATOMIC where it is not
+ carnil> needed"). Vulnerable versions: 5.11-rc1.
+Bugs:
+upstream: released (6.6-rc5) [59df44bfb0ca4c3ee1f1c3c5d0ee8e314844799e]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.57) [c12ef025add77ca3a0902e8719d552b6d47b4282]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52560 b/retired/CVE-2023-52560
new file mode 100644
index 00000000..cdca9fdb
--- /dev/null
+++ b/retired/CVE-2023-52560
@@ -0,0 +1,16 @@
+Description: mm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions()
+References:
+Notes:
+ carnil> Introduced in 9f86d624292c ("mm/damon/vaddr-test: remove unnecessary
+ carnil> variables"). Vulnerable versions: 5.16-rc5.
+Bugs:
+upstream: released (6.6-rc4) [45120b15743fa7c0aa53d5db6dfb4c8f87be4abd]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [9a4fe81a8644b717d57d81ce5849e16583b13fe8]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52562 b/retired/CVE-2023-52562
new file mode 100644
index 00000000..52c9106c
--- /dev/null
+++ b/retired/CVE-2023-52562
@@ -0,0 +1,17 @@
+Description: mm/slab_common: fix slab_caches list corruption after kmem_cache_destroy()
+References:
+Notes:
+ carnil> Introduced in 0495e337b703 ("mm/slab_common: Deleting kobject in
+ carnil> kmem_cache_destroy() without holding slab_mutex/cpu_hotplug_lock").
+ carnil> Vulnerable versions: 5.19.8 6.0-rc4.
+Bugs:
+upstream: released (6.6-rc4) [46a9ea6681907a3be6b6b0d43776dccc62cad6cf]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [a5569bb187521432f509b69dda7d29f78b2d38b0]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52563 b/retired/CVE-2023-52563
new file mode 100644
index 00000000..550cf32b
--- /dev/null
+++ b/retired/CVE-2023-52563
@@ -0,0 +1,16 @@
+Description: drm/meson: fix memory leak on ->hpd_notify callback
+References:
+Notes:
+ carnil> Introduced in 0af5e0b41110 ("drm/meson: encoder_hdmi: switch to bridge
+ carnil> DRM_BRIDGE_ATTACH_NO_CONNECTOR"). Vulnerable versions: 5.15.61 5.17-rc1.
+Bugs:
+upstream: released (6.6-rc3) [099f0af9d98231bb74956ce92508e87cbcb896be]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [ee335e0094add7fc2c7034e0534e1920d61d2078]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52564 b/retired/CVE-2023-52564
new file mode 100644
index 00000000..74b42758
--- /dev/null
+++ b/retired/CVE-2023-52564
@@ -0,0 +1,17 @@
+Description: Revert "tty: n_gsm: fix UAF in gsm_cleanup_mux"
+References:
+Notes:
+ carnil> Introduced in 9b9c8195f3f0 ("tty: n_gsm: fix UAF in gsm_cleanup_mux").
+ carnil> Vulnerable versions: 5.10.190 5.10.198 5.15.124 5.15.134 6.1.43 6.1.56 6.4.8
+ carnil> 6.5-rc4 6.5.6.
+Bugs:
+upstream: released (6.6-rc4) [29346e217b8ab8a52889b88f00b268278d6b7668]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [c61d0b87a7028c2c10faffc524d748334c7b9827]
+5.10-upstream-stable: released (5.10.198) [6d5c8862932d31a810b6545f7d69ecc124402c6e]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52565 b/retired/CVE-2023-52565
new file mode 100644
index 00000000..375618fe
--- /dev/null
+++ b/retired/CVE-2023-52565
@@ -0,0 +1,16 @@
+Description: media: uvcvideo: Fix OOB read
+References:
+Notes:
+ carnil> Introduced in 40140eda661e ("media: uvcvideo: Implement mask for
+ carnil> V4L2_CTRL_TYPE_MENU"). Vulnerable versions: 6.1.16 6.2.3 6.3-rc1.
+Bugs:
+upstream: released (6.6-rc3) [41ebaa5e0eebea4c3bac96b72f9f8ae0d77c0bdb]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [09635bf4cdd4adf2160198a6041bcc7ca46c0558]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52566 b/retired/CVE-2023-52566
new file mode 100644
index 00000000..a8b83a4c
--- /dev/null
+++ b/retired/CVE-2023-52566
@@ -0,0 +1,16 @@
+Description: nilfs2: fix potential use after free in nilfs_gccache_submit_read_data()
+References:
+Notes:
+ carnil> Introduced in a3d93f709e89 ("nilfs2: block cache for garbage collection").
+ carnil> Vulnerable versions: 2.6.30-rc1.
+Bugs:
+upstream: released (6.6-rc4) [7ee29facd8a9c5a26079148e36bcf07141b3a6bc]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [980663f1d189eedafd18d80053d9cf3e2ceb5c8c]
+5.10-upstream-stable: released (5.10.198) [7130a87ca32396eb9bf48b71a2d42259ae44c6c7]
+4.19-upstream-stable: released (4.19.296) [bb61224f6abc8e71bfdf06d7c984e23460875f5b]
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-52567 b/retired/CVE-2023-52567
new file mode 100644
index 00000000..15afe2bb
--- /dev/null
+++ b/retired/CVE-2023-52567
@@ -0,0 +1,17 @@
+Description: serial: 8250_port: Check IRQ data before use
+References:
+Notes:
+ carnil> Introduced in 0ba9e3a13c6a ("serial: 8250: Add missing wakeup event
+ carnil> reporting"). Vulnerable versions: 4.14.315 4.19.283 5.4.243 5.10.180 5.15.111
+ carnil> 6.1.28 6.2.15 6.3.2 6.4-rc1.
+Bugs:
+upstream: released (6.6-rc4) [cce7fc8b29961b64fadb1ce398dc5ff32a79643b]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [e14f68a48fd445a083ac0750fafcb064df5f18f7]
+5.10-upstream-stable: released (5.10.198) [e14afa4450cb7e4cf93e993a765801203d41d014]
+4.19-upstream-stable: released (4.19.296) [c334650150c29234b0923476f51573ae1b2f252a]
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-52568 b/retired/CVE-2023-52568
new file mode 100644
index 00000000..ab7a0a9f
--- /dev/null
+++ b/retired/CVE-2023-52568
@@ -0,0 +1,16 @@
+Description: x86/sgx: Resolves SECS reclaim vs. page fault for EAUG race
+References:
+Notes:
+ carnil> Introduced in 5a90d2c3f5ef ("x86/sgx: Support adding of pages to an initialized
+ carnil> enclave"). Vulnerable versions: 6.0-rc1.
+Bugs:
+upstream: released (6.6-rc4) [c6c2adcba50c2622ed25ba5d5e7f05f584711358]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [811ba2ef0cb6402672e64ba1419d6ef95aa3405d]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52570 b/retired/CVE-2023-52570
new file mode 100644
index 00000000..d7de4f7f
--- /dev/null
+++ b/retired/CVE-2023-52570
@@ -0,0 +1,16 @@
+Description: vfio/mdev: Fix a null-ptr-deref bug for mdev_unregister_parent()
+References:
+Notes:
+ carnil> Introduced in da44c340c4fe ("vfio/mdev: simplify mdev_type handling").
+ carnil> Vulnerable versions: 6.1-rc1.
+Bugs:
+upstream: released (6.6-rc4) [c777b11d34e0f47dbbc4b018ef65ad030f2b283a]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [c01b2e0ee22ef8b4dd7509a93aecc0ac0826bae4]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52571 b/retired/CVE-2023-52571
new file mode 100644
index 00000000..ccf21bb7
--- /dev/null
+++ b/retired/CVE-2023-52571
@@ -0,0 +1,16 @@
+Description: power: supply: rk817: Fix node refcount leak
+References:
+Notes:
+ carnil> Introduced in 54c03bfd094f ("power: supply: Fix refcount leak in
+ carnil> rk817_charger_probe"). Vulnerable versions: 6.1.2 6.2-rc1.
+Bugs:
+upstream: released (6.6-rc4) [488ef44c068e79752dba8eda0b75f524f111a695]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [fe6406238d5a24e9fb0286c71edd67b99d8db58d]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52573 b/retired/CVE-2023-52573
new file mode 100644
index 00000000..1aed318d
--- /dev/null
+++ b/retired/CVE-2023-52573
@@ -0,0 +1,16 @@
+Description: net: rds: Fix possible NULL-pointer dereference
+References:
+Notes:
+ carnil> Introduced in fd261ce6a30e ("rds: rdma: update rdma transport for tos").
+ carnil> Vulnerable versions: 5.1-rc1.
+Bugs:
+upstream: released (6.6-rc3) [f1d95df0f31048f1c59092648997686e3f7d9478]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [51fa66024a5eabf270164f2dc82a48ffb35a12e9]
+5.10-upstream-stable: released (5.10.198) [f515112e833791001aaa8ab886af3ca78503617f]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52574 b/retired/CVE-2023-52574
new file mode 100644
index 00000000..c1b88ec0
--- /dev/null
+++ b/retired/CVE-2023-52574
@@ -0,0 +1,16 @@
+Description: team: fix null-ptr-deref when team device type is changed
+References:
+Notes:
+ carnil> Introduced in 1d76efe1577b ("team: add support for non-ethernet devices").
+ carnil> Vulnerable versions: 3.7-rc1.
+Bugs:
+upstream: released (6.6-rc3) [492032760127251e5540a5716a70996bacf2a3fd]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [2f0acb0736ecc3eb85dc80ad2790d634dcb10b58]
+5.10-upstream-stable: released (5.10.198) [b44dd92e2afd89eb6e9d27616858e72a67bdc1a7]
+4.19-upstream-stable: released (4.19.296) [a7fb47b9711101d2405b0eb1276fb1f9b9b270c7]
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-52575 b/retired/CVE-2023-52575
new file mode 100644
index 00000000..5ab41c92
--- /dev/null
+++ b/retired/CVE-2023-52575
@@ -0,0 +1,16 @@
+Description: x86/srso: Fix SBPB enablement for spec_rstack_overflow=off
+References:
+Notes:
+ carnil> Introduced in fb3bd914b3ec ("x86/srso: Add a Speculative RAS Overflow
+ carnil> mitigation"). Vulnerable versions: 5.10.189 5.15.125 6.1.44 6.4.9 6.5-rc6.
+Bugs:
+upstream: released (6.6-rc3) [01b057b2f4cc2d905a0bd92195657dbd9a7005ab]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [adbcec23c8423e3d5df1839c5ae91599dcf703cb]
+5.10-upstream-stable: released (5.10.198) [ae806c74c0634b0c23855066d8ba28d850fd1260]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52576 b/retired/CVE-2023-52576
new file mode 100644
index 00000000..9bab156a
--- /dev/null
+++ b/retired/CVE-2023-52576
@@ -0,0 +1,16 @@
+Description: x86/mm, kexec, ima: Use memblock_free_late() from ima_free_kexec_buffer()
+References:
+Notes:
+ carnil> Introduced in fee3ff99bc67 ("powerpc: Move arch independent ima kexec functions
+ carnil> to drivers/of/kexec.c"). Vulnerable versions: 5.13-rc1.
+Bugs:
+upstream: released (6.6-rc3) [34cf99c250d5cd2530b93a57b0de31d3aaf8685b]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [eef16bfdb212da60f5144689f2967fb25b051a2b]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52577 b/retired/CVE-2023-52577
new file mode 100644
index 00000000..706a55b7
--- /dev/null
+++ b/retired/CVE-2023-52577
@@ -0,0 +1,17 @@
+Description: dccp: fix dccp_v4_err()/dccp_v6_err() again
+References:
+Notes:
+ carnil> Introduced in 977ad86c2a1b ("dccp: Fix out of bounds access in DCCP error
+ carnil> handler"). Vulnerable versions: 4.14.326 4.19.295 5.4.257 5.10.195 5.15.132
+ carnil> 6.1.53 6.4.16 6.5.3 6.6-rc1.
+Bugs:
+upstream: released (6.6-rc3) [6af289746a636f71f4c0535a9801774118486c7a]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [73be49248a04746096339a48a33fa2f03bd85969]
+5.10-upstream-stable: released (5.10.198) [60d73c62e3e4464f375758b6f2459c13d46465b6]
+4.19-upstream-stable: released (4.19.296) [62c218124fe58372e0e1f60d5b634d21c264b337]
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-52578 b/retired/CVE-2023-52578
new file mode 100644
index 00000000..d4e35504
--- /dev/null
+++ b/retired/CVE-2023-52578
@@ -0,0 +1,16 @@
+Description: net: bridge: use DEV_STATS_INC()
+References:
+Notes:
+ carnil> Introduced in 1c29fc4989bc ("[BRIDGE]: keep track of received multicast
+ carnil> packets"). Vulnerable versions: 2.6.17-rc4.
+Bugs:
+upstream: released (6.6-rc3) [44bdb313da57322c9b3c108eb66981c6ec6509f4]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [89f9f20b1cbd36d99d5a248a4bf8d11d4fd049a2]
+5.10-upstream-stable: released (5.10.198) [04cc361f029c14dd067ad180525c7392334c9bfd]
+4.19-upstream-stable: released (4.19.296) [d2346e6beb699909ca455d9d20c4e577ce900839]
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-52580 b/retired/CVE-2023-52580
new file mode 100644
index 00000000..414de611
--- /dev/null
+++ b/retired/CVE-2023-52580
@@ -0,0 +1,16 @@
+Description: net/core: Fix ETH_P_1588 flow dissector
+References:
+Notes:
+ carnil> Introduced in 4f1cc51f3488 ("net: flow_dissector: Parse PTP L2 packet header").
+ carnil> Vulnerable versions: 5.12-rc1.
+Bugs:
+upstream: released (6.6-rc3) [75ad80ed88a182ab2ad5513e448cf07b403af5c3]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [488ea2a3e2666022f79abfdd7d12e8305fc27a40]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52581 b/retired/CVE-2023-52581
new file mode 100644
index 00000000..30bb92be
--- /dev/null
+++ b/retired/CVE-2023-52581
@@ -0,0 +1,17 @@
+Description: netfilter: nf_tables: fix memleak when more than 255 elements expired
+References:
+Notes:
+ carnil> Introduced in 5f68718b34a5 ("netfilter: nf_tables: GC transaction API to avoid
+ carnil> race with control plane"). Vulnerable versions: 5.4.262 5.10.198 5.15.134
+ carnil> 6.1.56 6.4.11 6.5-rc6.
+Bugs:
+upstream: released (6.6-rc3) [cf5000a7787cbc10341091d37245a42c119d26c5]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.6-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52582 b/retired/CVE-2023-52582
new file mode 100644
index 00000000..c7970559
--- /dev/null
+++ b/retired/CVE-2023-52582
@@ -0,0 +1,16 @@
+Description: netfs: Only call folio_start_fscache() one time for each folio
+References:
+Notes:
+ carnil> Introduced in 3d3c95046742 ("netfs: Provide readahead and readpage netfs
+ carnil> helpers". Vulnerable versions: 5.13-rc1.
+Bugs:
+upstream: released (6.6-rc3) [df1c357f25d808e30b216188330e708e09e1a412]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [df9950d37df113db59495fa09d060754366a2b7c]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52611 b/retired/CVE-2023-52611
new file mode 100644
index 00000000..b51090d9
--- /dev/null
+++ b/retired/CVE-2023-52611
@@ -0,0 +1,16 @@
+Description: wifi: rtw88: sdio: Honor the host max_req_size in the RX path
+References:
+Notes:
+ carnil> Introduced in 65371a3f14e7 ("wifi: rtw88: sdio: Add HCI implementation for SDIO
+ carnil> based chipsets"). Vulnerable versions: 6.4-rc1.
+Bugs:
+upstream: released (6.8-rc1) [00384f565a91c08c4bedae167f749b093d10e3fe]
+6.7-upstream-stable: released (6.7.2) [0e9ffff72a0674cd6656314dbd99cdd2123a3030]
+6.6-upstream-stable: released (6.6.14) [5b5ddf21b978ec315cab9d9e7e6ac7374791a8c7]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52613 b/retired/CVE-2023-52613
new file mode 100644
index 00000000..7743cf66
--- /dev/null
+++ b/retired/CVE-2023-52613
@@ -0,0 +1,16 @@
+Description: drivers/thermal/loongson2_thermal: Fix incorrect PTR_ERR() judgment
+References:
+Notes:
+ carnil> Introduced in e7e3a7c35791 ("thermal/drivers/loongson-2: Add thermal management
+ carnil> support"). Vulnerable versions: 6.6-rc1.
+Bugs:
+upstream: released (6.8-rc1) [15ef92e9c41124ee9d88b01208364f3fe1f45f84]
+6.7-upstream-stable: released (6.7.2) [6010a9fc14eb1feab5cafd84422001134fe8ec58]
+6.6-upstream-stable: released (6.6.14) [70481755ed77400e783200e2d022e5fea16060ce]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52626 b/retired/CVE-2023-52626
new file mode 100644
index 00000000..df266106
--- /dev/null
+++ b/retired/CVE-2023-52626
@@ -0,0 +1,16 @@
+Description: net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context
+References:
+Notes:
+ carnil> Introduced in 92214be5979c ("net/mlx5e: Update doorbell for port timestamping
+ carnil> CQ before the software counter"). Vulnerable versions: 6.5.13 6.6.3 6.7-rc2.
+Bugs:
+upstream: released (6.8-rc2) [3876638b2c7ebb2c9d181de1191db0de8cac143a]
+6.7-upstream-stable: released (6.7.3) [33cdeae8c6fb58cc445f859b67c014dc9f60b4e0]
+6.6-upstream-stable: released (6.6.15) [40e0d0746390c5b0c31144f4f1688d72f3f8d790]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-5345 b/retired/CVE-2023-5345
new file mode 100644
index 00000000..9ca8bdbb
--- /dev/null
+++ b/retired/CVE-2023-5345
@@ -0,0 +1,16 @@
+Description: fs/smb/client: Reset password pointer to NULL
+References:
+ https://kernel.dance/#e6e43b8aa7cd3c3af686caf0c2e11819a886d705
+Notes:
+ carnil> For 6.5.y fixed as well in 6.5.6.
+ carnil> Introduced in e6e43b8aa7cd ("fs/smb/client: Reset password
+ carnil> pointer to NULL") in 6.1-rc1.
+Bugs:
+upstream: released (6.6-rc4) [e6e43b8aa7cd3c3af686caf0c2e11819a886d705]
+6.1-upstream-stable: released (6.1.56) [f555a508087ab8210b4658120ac6413d6fe2b4c7]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-5633 b/retired/CVE-2023-5633
new file mode 100644
index 00000000..194fd068
--- /dev/null
+++ b/retired/CVE-2023-5633
@@ -0,0 +1,17 @@
+Description: drm/vmwgfx: Keep a gem reference to user bos in surfaces
+References:
+ https://lists.freedesktop.org/archives/dri-devel/2023-September/424805.html
+Notes:
+ carnil> Commit fixes a950b989ea29 ("drm/vmwgfx: Do not drop the
+ carnil> reference to the handle too soon") in 6.2 (and backported to
+ carnil> 6.1.13) (which is part of the changes to address CVE-2023-33951
+ carnil> and CVE-2023-33952)
+Bugs:
+upstream: released (6.6-rc6) [91398b413d03660fd5828f7b4abc64e884b98069]
+6.1-upstream-stable: released (6.1.75) [104f95698cad038caa8f7496be67f738d8ace9cb]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-5717 b/retired/CVE-2023-5717
new file mode 100644
index 00000000..8d2ea398
--- /dev/null
+++ b/retired/CVE-2023-5717
@@ -0,0 +1,14 @@
+Description: perf: Disallow mis-matched inherited group reads
+References:
+ https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06
+Notes:
+ carnil> For 6.5.y fixed as well in 6.5.9.
+Bugs:
+upstream: released (6.6-rc7) [32671e3799ca2e4590773fd0e63aaa4229e50c06]
+6.1-upstream-stable: released (6.1.60) [f6952655a61264900ed08e9d642adad8222f8e29]
+5.10-upstream-stable: released (5.10.199) [487a8e24643a0effb2ba19cad3227fc75dc3c4b7]
+4.19-upstream-stable: released (4.19.297) [a714491fa92d2068358dd603cc50bf2062517bd8]
+sid: released (6.5.10-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-5972 b/retired/CVE-2023-5972
new file mode 100644
index 00000000..51904c8b
--- /dev/null
+++ b/retired/CVE-2023-5972
@@ -0,0 +1,15 @@
+Description: The NFTA_INNER_NUM and NFTA_EXPR_NAME netlink attributes accessed without checking its presence in nft_inner.c
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2248189
+Notes:
+ carnil> Fixes for 3a07327d10a0 ("netfilter: nft_inner: support for
+ carnil> inner tunnel header matching") in 6.2-rc1.
+Bugs:
+upstream: released (6.6-rc7) [505ce0630ad5d31185695f8a29dde8d29f28faa7, 52177bbf19e6e9398375a148d2e13ed492b40b80]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.10-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-6111 b/retired/CVE-2023-6111
new file mode 100644
index 00000000..a29138fa
--- /dev/null
+++ b/retired/CVE-2023-6111
@@ -0,0 +1,18 @@
+Description: netfilter: nf_tables: remove catchall element in GC sync path
+References:
+ https://kernel.dance/93995bf4af2c5a99e2a87f0cd5ce547d31eb7630
+Notes:
+ carnil> Introduced in 4a9e12ea7e70 ("netfilter: nft_set_pipapo: call
+ carnil> nft_trans_gc_queue_sync() in catchall GC") in 6.6-rc3 (which
+ carnil> got backported to 6.5.6, 6.1.56, 5.15.134).
+ carnil> Fixed as well in 6.6.3 for 6.6.y and in 6.5.13 for 6.5.y.
+ carnil> We did backport the commit as well in 6.1.55-1.
+Bugs:
+upstream: released (6.7-rc1) [93995bf4af2c5a99e2a87f0cd5ce547d31eb7630]
+6.1-upstream-stable: released (6.1.64) [13e2d49647a7f137ebc063a4a9702dda80371b2e]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.13-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-6176 b/retired/CVE-2023-6176
new file mode 100644
index 00000000..ff0e747f
--- /dev/null
+++ b/retired/CVE-2023-6176
@@ -0,0 +1,15 @@
+Description: net/tls: do not free tls_rec on async operation in bpf_exec_tx_verdict()
+References:
+Notes:
+ carnil> Commit fixes 635d93981786 ("net/tls: free record only on
+ carnil> encryption error") in 5.7-rc7 (and backported to 5.4.44 and
+ carnil> 5.6.16).
+Bugs:
+upstream: released (6.6-rc2) [cfaa80c91f6f99b9342b6557f0f0e1143e434066]
+6.1-upstream-stable: released (6.1.54) [7f4116c6f98412a6e29ace6d6a7b41ebb4e8a392]
+5.10-upstream-stable: released (5.10.195) [a5096cc6e7836711541b7cd2d6da48d36fe420e9]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.55-1)
+5.10-bullseye-security: released (5.10.197-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-6200 b/retired/CVE-2023-6200
new file mode 100644
index 00000000..4ef6b247
--- /dev/null
+++ b/retired/CVE-2023-6200
@@ -0,0 +1,15 @@
+Description: net/ipv6: Revert remove expired routes with a separated list of routes
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2250377
+Notes:
+ carnil> Fixes 3dec89b14d37 ("net/ipv6: Remove expired routes with a
+ carnil> separated list of routes") in 6.6-rc1.
+Bugs:
+upstream: released (6.7-rc7) [dade3f6a1e4e35a5ae916d5e78b3229ec34c78ec]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.9-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-6531 b/retired/CVE-2023-6531
new file mode 100644
index 00000000..aea2492d
--- /dev/null
+++ b/retired/CVE-2023-6531
@@ -0,0 +1,19 @@
+Description: io_uring/af_unix: disable sending io_uring over sockets
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2253034
+Notes:
+ carnil> Commit fixes 0091bfc81741b ("io_uring/af_unix: defer registered
+ carnil> files gc to io_uring release") in 6.1-rc1 (and backported to
+ carnil> 6.0.3, 5.19.17, 5.15.75, 5.10.150 and 5.4.220).
+ carnil> For mainline there are two commits doing the same, but I have
+ carnil> not checked what happened betweeen 6.7-rc5 and 6.7-rc6 which
+ carnil> made that necessary.
+Bugs:
+upstream: released (6.7-rc5) [705318a99a138c29a512a72c3e0043b3cd7f55f4], released (6.7-rc6) [69db702c83874fbaa2a51af761e35a8e5a593b95]
+6.1-upstream-stable: released (6.1.68) [5a33d385eb36991a91e3dddb189d8679e2aac2be]
+5.10-upstream-stable: released (5.10.204) [3fe1ea5f921bf5b71cbfdc4469fb96c05936610e]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.8-1)
+6.1-bookworm-security: released (6.1.69-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-6546 b/retired/CVE-2023-6546
new file mode 100644
index 00000000..bdd742fd
--- /dev/null
+++ b/retired/CVE-2023-6546
@@ -0,0 +1,17 @@
+Description: tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2255498
+Notes:
+ carnil> Commit fixes 9b9c8195f3f0 ("tty: n_gsm: fix UAF in
+ carnil> gsm_cleanup_mux") and aa371e96f05d ("tty: n_gsm: fix restart
+ carnil> handling via CLD command") where the later was in 5.18-rc5 (and
+ carnil> backported to 5.10.114 as well).
+Bugs:
+upstream: released (6.5-rc7) [3c4f8333b582487a2d1e02171f1465531cde53e3]
+6.1-upstream-stable: released (6.1.47) [31311a9a4baae0ad47c85e448af21b2120344ff0]
+5.10-upstream-stable: released (5.10.192) [869ce5e5984595bd2c62b598d977debc218b6f4d]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.4.13-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.197-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-6560 b/retired/CVE-2023-6560
new file mode 100644
index 00000000..8bc3af7e
--- /dev/null
+++ b/retired/CVE-2023-6560
@@ -0,0 +1,17 @@
+Description: io_uring out of boundary memory access in __io_uaddr_map()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2253249
+ https://patchwork.kernel.org/project/io-uring/patch/20231130194633.649319-2-axboe@kernel.dk/
+Notes:
+ carnil> Commit fixes 03d89a2de25b ("io_uring: support for user
+ carnil> allocated memory for rings/sqes") in 6.5-rc1.
+ carnil> For 6.6.y fixed as well in 6.6.5.
+Bugs:
+upstream: released (6.7-rc4) [820d070feb668aab5bc9413c285a1dda2a70e076]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.8-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-6606 b/retired/CVE-2023-6606
new file mode 100644
index 00000000..16187076
--- /dev/null
+++ b/retired/CVE-2023-6606
@@ -0,0 +1,17 @@
+Description: smb: client: fix OOB in smbCalcSize()
+References:
+ https://bugzilla.kernel.org/show_bug.cgi?id=218218
+ https://bugzilla.redhat.com/show_bug.cgi?id=2253611
+Notes:
+ bwh> This appears to have been present ever since CIFS was added in
+ bwh> 2.5.42(!).
+ carnil> For 6.6.y fixed as well in 6.6.9.
+Bugs:
+upstream: released (6.7-rc7) [b35858b3786ddbb56e1c35138ba25d6adf8d0bef]
+6.1-upstream-stable: released (6.1.70) [c60e10d1549f8748a68ec13dcd177c62843985ff]
+5.10-upstream-stable: released (5.10.206) [0c54b79d1d9b25f5a406bcf1969f956e14c4704d]
+4.19-upstream-stable: released (4.19.304) [89b6ae907c6bcc175bc95a67d6936217530a29ff]
+sid: released (6.6.9-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: released (5.10.209-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-6622 b/retired/CVE-2023-6622
new file mode 100644
index 00000000..a843e6e6
--- /dev/null
+++ b/retired/CVE-2023-6622
@@ -0,0 +1,16 @@
+Description: netfilter: nf_tables: bail out on mismatching dynset and set expressions
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2253632
+Notes:
+ carnil> Commit fixes 48b0ae046ee9 ("netfilter: nftables: netlink
+ carnil> support for several set element expressions") in 5.11-rc1.
+ carnil> Fixed as well in 6.6.7 for 6.6.y.
+Bugs:
+upstream: released (6.7-rc5) [3701cd390fd731ee7ae8b8006246c8db82c72bea]
+6.1-upstream-stable: released (6.1.68) [96f8654b701f772af5f358b91807ce2836ff3444]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.8-1)
+6.1-bookworm-security: released (6.1.69-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-6679 b/retired/CVE-2023-6679
new file mode 100644
index 00000000..84c2c4e0
--- /dev/null
+++ b/retired/CVE-2023-6679
@@ -0,0 +1,16 @@
+Description: dpll: sanitize possible null pointer dereference in dpll_pin_parent_pin_set()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2253986
+ https://lore.kernel.org/netdev/20231211083758.1082853-1-jiri@resnulli.us/
+Notes:
+ carnil> Commit fixes 9d71b54b65b1 ("dpll: netlink: Add DPLL framework
+ carnil> base functions") in 6.7-rc1.
+Bugs:
+upstream: released (6.7-rc6) [65c95f78917ea6fa7ff189a2c19879c4fe161873]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-6817 b/retired/CVE-2023-6817
new file mode 100644
index 00000000..76923ae0
--- /dev/null
+++ b/retired/CVE-2023-6817
@@ -0,0 +1,17 @@
+Description: netfilter: nft_set_pipapo: skip inactive elements during set walk
+References:
+ https://kernel.dance/317eb9685095678f2c9f5a8189de698c5354316a
+ https://www.openwall.com/lists/oss-security/2023/12/22/6
+Notes:
+ carnil> Commit fixes 3c4287f62044 ("nf_tables: Add set type for
+ carnil> arbitrary concatenation of ranges") in 5.6-rc1.
+ carnil> For 6.6.y fixed as well in 6.6.7.
+Bugs:
+upstream: released (6.7-rc5) [317eb9685095678f2c9f5a8189de698c5354316a]
+6.1-upstream-stable: released (6.1.68) [189c2a82933c67ad360c421258d5449f6647544a]
+5.10-upstream-stable: released (5.10.204) [bf72b44fe81be08a9fcd58aabf417cd3337ffc99]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.8-1)
+6.1-bookworm-security: released (6.1.69-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-6931 b/retired/CVE-2023-6931
new file mode 100644
index 00000000..8a3348e9
--- /dev/null
+++ b/retired/CVE-2023-6931
@@ -0,0 +1,14 @@
+Description: perf: Fix perf_event_validate_size()
+References:
+ https://kernel.dance/382c27f4ed28f803b1f1473ac2d8db0afc795a1b
+Notes:
+ carnil> Fixed as well in 6.6.7 for 6.6.y.
+Bugs:
+upstream: released (6.7-rc5) [382c27f4ed28f803b1f1473ac2d8db0afc795a1b]
+6.1-upstream-stable: released (6.1.68) [06dec254c59afd01b7a44838cf8bfc382bef019b]
+5.10-upstream-stable: released (5.10.204) [208dd116f96ea19e5d38d7b80fce49bc5ce1bbe8]
+4.19-upstream-stable: released (4.19.302) [f5d6ab016792c9d6d5280fdb7f8962eb3b8c620e]
+sid: released (6.6.8-1)
+6.1-bookworm-security: released (6.1.69-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-6932 b/retired/CVE-2023-6932
new file mode 100644
index 00000000..e8a55938
--- /dev/null
+++ b/retired/CVE-2023-6932
@@ -0,0 +1,14 @@
+Description: ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet
+References:
+ https://kernel.dance/e2b706c691905fe78468c361aaabc719d0a496f1
+Notes:
+ carnil> For 6.6.y fixed as well in 6.6.5.
+Bugs:
+upstream: released (6.7-rc4) [e2b706c691905fe78468c361aaabc719d0a496f1]
+6.1-upstream-stable: released (6.1.66) [94445d9583079e0ccc5dde1370076ff24800d86e]
+5.10-upstream-stable: released (5.10.203) [772fe1da9a8d4dcd8993abaecbde04789c52a4c2]
+4.19-upstream-stable: released (4.19.301) [6b6f5c6671fdfde9c94efe6409fa9f39436017e7]
+sid: released (6.6.8-1)
+6.1-bookworm-security: released (6.1.66-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-7192 b/retired/CVE-2023-7192
new file mode 100644
index 00000000..52f64df6
--- /dev/null
+++ b/retired/CVE-2023-7192
@@ -0,0 +1,14 @@
+Description: netfilter: ctnetlink: fix possible refcount leak in ctnetlink_create_conntrack()
+References:
+Notes:
+ carnil> Commit fixes 7d367e06688d ("netfilter: ctnetlink: fix soft
+ carnil> lockup when netlink adds new entries (v2)") 3.3-rc6.
+Bugs:
+upstream: released (6.3-rc1) [ac4893980bbe79ce383daf9a0885666a30fe4c83]
+6.1-upstream-stable: released (6.1.18) [4f25d1dff80535f088b8f8568dd731fb098e29b4]
+5.10-upstream-stable: released (5.10.173) [1ff0b87df98b93e10ced45773aa7d35377355421]
+4.19-upstream-stable: released (4.19.276) [43b9a9c78e37a5532c2a9260dff9d9989f2bbb23]
+sid: released (6.1.20-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: released (4.19.282-1)
diff --git a/retired/CVE-2024-0193 b/retired/CVE-2024-0193
new file mode 100644
index 00000000..0fa15bea
--- /dev/null
+++ b/retired/CVE-2024-0193
@@ -0,0 +1,19 @@
+Description: netfilter: nf_tables: skip set commit for deleted/destroyed sets
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2255653
+ https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git/commit/?id=7315dc1e122c85ffdfc8defffbb8f8b616c2eb1a
+Notes:
+ carnil> Commit fixes 5f68718b34a5 ("netfilter: nf_tables: GC
+ carnil> transaction API to avoid race with control plane") in 6.5-rc6
+ carnil> (and got backported to 5.10.198, 6.1.56, 6.4.11). This was part
+ carnil> of the fix for CVE-2023-4244 and backported as well in Debian.
+ carnil> Fixed in 6.6.10 for 6.6.y.
+Bugs:
+upstream: released (6.7) [7315dc1e122c85ffdfc8defffbb8f8b616c2eb1a]
+6.1-upstream-stable: released (6.1.71) [0105571f80edb96f81bb4bbdd5233a9130dc345b]
+5.10-upstream-stable: released (5.10.206) [73117ea03363d4493bd4e9f82f29b34b92d88a91]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.11-1)
+6.1-bookworm-security: released (6.1.69-1) [bugfix/all/netfilter-nf_tables-skip-set-commit-for-deleted-dest.patch]
+5.10-bullseye-security: released (5.10.205-1) [bugfix/all/netfilter-nf_tables-skip-set-commit-for-deleted-dest.patch]
+4.19-buster-security: N/A "Vulnerable code not present in a Debian released version"
diff --git a/retired/CVE-2024-0443 b/retired/CVE-2024-0443
new file mode 100644
index 00000000..1182fa97
--- /dev/null
+++ b/retired/CVE-2024-0443
@@ -0,0 +1,20 @@
+Description: blk-cgroup: Flush stats at blkgs destruction path
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2257968
+ https://lore.kernel.org/linux-block/20221215033132.230023-3-longman@redhat.com/
+Notes:
+ carnil> Initially there was attempt to address it with dae590a6c96c ("blk-
+ carnil> cgroup: Flush stats at blkgs destruction path") but then
+ carnil> reverted with c62256dda371 ("Revert "blk-cgroup: Flush stats at
+ carnil> blkgs destruction path"").
+ carnil> Commit fixes 3b8cc6298724 ("blk-cgroup: Optimize
+ carnil> blkcg_rstat_flush()") in 6.2-rc1.
+Bugs:
+upstream: released (6.4-rc7) [20cb1c2fb7568a6054c55defe044311397e01ddb]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.3.11-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-0562 b/retired/CVE-2024-0562
new file mode 100644
index 00000000..c388b114
--- /dev/null
+++ b/retired/CVE-2024-0562
@@ -0,0 +1,16 @@
+Description: writeback: avoid use-after-free after removing device
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2258475
+ https://patchwork.kernel.org/project/linux-mm/patch/20220801155034.3772543-1-khazhy@google.com/
+Notes:
+ carnil> Commit fixes 45a2966fd641 ("writeback: fix bandwidth estimate
+ carnil> for spiky workload") in 5.15-rc1.
+Bugs:
+upstream: released (6.0-rc3) [f87904c075515f3e1d8f4a7115869d3b914674fd]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.19.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-0582 b/retired/CVE-2024-0582
new file mode 100644
index 00000000..d1be9f88
--- /dev/null
+++ b/retired/CVE-2024-0582
@@ -0,0 +1,16 @@
+Description: io_uring/kbuf: defer release of mapped buffer rings
+References:
+ https://bugs.chromium.org/p/project-zero/issues/detail?id=2504
+ https://bugzilla.redhat.com/show_bug.cgi?id=2254050
+Notes:
+ carnil> Issue introduced with c56e022c0a27 ("io_uring: add support for
+ carnil> user mapped provided buffer ring") in 6.4-rc1.
+Bugs:
+upstream: released (6.7-rc4) [c392cbecd8eca4c53f2bf508731257d9d0a21c2d]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.8-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-0639 b/retired/CVE-2024-0639
new file mode 100644
index 00000000..56a3d794
--- /dev/null
+++ b/retired/CVE-2024-0639
@@ -0,0 +1,13 @@
+Description: sctp: fix potential deadlock on &net->sctp.addr_wq_lock
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2258754
+Notes:
+Bugs:
+upstream: released (6.5-rc1) [6feb37b3b06e9049e20dcf7e23998f92c9c5be9a]
+6.1-upstream-stable: released (6.1.39) [1aa5a6a6d28c77e364feaba35ff7f12d2d74fec1]
+5.10-upstream-stable: released (5.10.188) [6d2243ab783bf79d1d674ff0ca26229233c56508]
+4.19-upstream-stable: released (4.19.291) [0ad0e8b0cb0e28626ab6dffe3da883941b9cbc4b]
+sid: released (6.4.4-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2024-0641 b/retired/CVE-2024-0641
new file mode 100644
index 00000000..d34e3fe6
--- /dev/null
+++ b/retired/CVE-2024-0641
@@ -0,0 +1,15 @@
+Description: tipc: fix a potential deadlock on &tx->lock
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2258757
+Notes:
+ carnil> Commit fixes fc1b6d6de220 ("tipc: introduce TIPC encryption &
+ carnil> authentication") in 5.5-rc1.
+Bugs:
+upstream: released (6.6-rc5) [08e50cf071847323414df0835109b6f3560d44f5]
+6.1-upstream-stable: released (6.1.57) [143e72757a902abcecd5f487553f44dc19a56cfc]
+5.10-upstream-stable: released (5.10.198) [6a24d0661fa389c241d935da38e0f6a5ee8eb1ae]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-0646 b/retired/CVE-2024-0646
new file mode 100644
index 00000000..735f5c46
--- /dev/null
+++ b/retired/CVE-2024-0646
@@ -0,0 +1,16 @@
+Description: net: tls, update curr on splice as well
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2253908
+Notes:
+ carnil> Commit fixes d829e9c4112b ("tls: convert to generic sk_msg
+ carnil> interface") in 4.20-rc1. In Debian CONFIG_TLS was only enabled
+ carnil> as module in 5.15.1-1~exp1.
+Bugs:
+upstream: released (6.7-rc5) [c5a595000e2677e865a39f249c056bc05d6e55fd]
+6.1-upstream-stable: released (6.1.69) [9b3d3a7f3c4d710c1dd3f723851c3eeaf42642bc]
+5.10-upstream-stable: released (5.10.208) [c6b2a6b827d4b2d0f36b520e54e083df9b330a7b]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.8-1)
+6.1-bookworm-security: released (6.1.69-1)
+5.10-bullseye-security: released (5.10.209-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-0775 b/retired/CVE-2024-0775
new file mode 100644
index 00000000..0c3dd706
--- /dev/null
+++ b/retired/CVE-2024-0775
@@ -0,0 +1,13 @@
+Description: ext4: improve error recovery code paths in __ext4_remount()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2259414
+Notes:
+Bugs:
+upstream: released (6.4-rc2) [4c0b4818b1f636bc96359f7817a2d8bab6370162]
+6.1-upstream-stable: released (6.1.29) [25c9fca7b71c5045d6dc537430af5b2e79598fa1]
+5.10-upstream-stable: released (5.10.180) [37c69da3adc45fc34df0b8d07a158a6fa5b2a3f7]
+4.19-upstream-stable: released (4.19.283) [37302d4c2724dc92be5f90a3718eafa29834d586]
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.289-1)
diff --git a/retired/CVE-2024-1085 b/retired/CVE-2024-1085
new file mode 100644
index 00000000..ebcbacd4
--- /dev/null
+++ b/retired/CVE-2024-1085
@@ -0,0 +1,16 @@
+Description: netfilter: nf_tables: check if catch-all set element is active in next generation
+References:
+ https://kernel.dance/b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7
+Notes:
+ carnil> Fixed for 6.7.y in 6.7.2 and for 6.6.y in 6.6.14.
+ carnil> Commit fixes aaa31047a6d2 ("netfilter: nftables: add catch-all
+ carnil> set element support") in 5.13-rc1.
+Bugs:
+upstream: released (6.8-rc1) [b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7]
+6.1-upstream-stable: released (6.1.75) [a372f1d01bc11aa85773a02353cd01aaf16dc18e]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-1312 b/retired/CVE-2024-1312
new file mode 100644
index 00000000..7fa6db70
--- /dev/null
+++ b/retired/CVE-2024-1312
@@ -0,0 +1,16 @@
+Description: mm: lock_vma_under_rcu() must check vma->anon_vma under vma lock
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2225569
+Notes:
+ carnil> Commit fixes 5e31275cc997 ("mm: add per-VMA lock and helper
+ carnil> functions to control it") 6.4-rc1.
+ carnil> For 6.4.y fixed as well in 6.4.10.
+Bugs:
+upstream: released (6.5-rc4) [657b5146955eba331e01b9a6ae89ce2e716ba306]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.4.11-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-22705 b/retired/CVE-2024-22705
new file mode 100644
index 00000000..f35a6e31
--- /dev/null
+++ b/retired/CVE-2024-22705
@@ -0,0 +1,12 @@
+Description: ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16()
+References:
+Notes:
+Bugs:
+upstream: released (6.7-rc8) [d10c77873ba1e9e6b91905018e29e196fd5f863d]
+6.1-upstream-stable: released (6.1.71) [7a3bbbadac4be9d30b45e9f1134e94294f79ce77]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.11-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-24860 b/retired/CVE-2024-24860
new file mode 100644
index 00000000..618d9412
--- /dev/null
+++ b/retired/CVE-2024-24860
@@ -0,0 +1,15 @@
+Description:
+References:
+ https://bugzilla.openanolis.cn/show_bug.cgi?id=8151
+Notes:
+ carnil> Introduced by 18f81241b74f ("Bluetooth: Move {min,max}_key_size
+ carnil> debugfs ...") in 5.6-rc1.
+Bugs:
+upstream: released (6.8-rc1) [da9065caa594d19b26e1a030fd0cc27bd365d685]
+6.1-upstream-stable: released (6.1.75) [96860d9ad462db61f4eeb09934235c38eab655c4]
+5.10-upstream-stable: released (5.10.209) [394c6c0b6d9bdd7d6ebca35ca9cfbabf44c0c257]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: released (5.10.209-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-25744 b/retired/CVE-2024-25744
new file mode 100644
index 00000000..fad18842
--- /dev/null
+++ b/retired/CVE-2024-25744
@@ -0,0 +1,12 @@
+Description: x86/coco: Disable 32-bit emulation by default on TDX and SEV
+References:
+Notes:
+Bugs:
+upstream: released (6.7-rc5) [b82a8dbd3d2f4563156f7150c6f2ecab6e960b30]
+6.1-upstream-stable: released (6.1.68) [b8ec27ae221eee458b15b700706db311474ac619]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.8-1)
+6.1-bookworm-security: released (6.1.69-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26587 b/retired/CVE-2024-26587
new file mode 100644
index 00000000..40601831
--- /dev/null
+++ b/retired/CVE-2024-26587
@@ -0,0 +1,14 @@
+Description: net: netdevsim: don't try to destroy PHC on VFs
+References:
+Notes:
+ carnil> Fixes b63e78fca889 ("net: netdevsim: use mock PHC driver")
+ carnil> 6.6-rc1.
+Bugs:
+upstream: released (6.8-rc1) [ea937f77208323d35ffe2f8d8fc81b00118bfcda]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26588 b/retired/CVE-2024-26588
new file mode 100644
index 00000000..64e3f7de
--- /dev/null
+++ b/retired/CVE-2024-26588
@@ -0,0 +1,14 @@
+Description: LoongArch: BPF: Prevent out-of-bounds memory access
+References:
+Notes:
+ carnil> Fixes bbfddb904df6f82 ("LoongArch: BPF: Avoid declare variables
+ carnil> in switch-case") in 6.1-rc3.
+Bugs:
+upstream: released (6.8-rc1) [36a87385e31c9343af9a4756598e704741250a67]
+6.1-upstream-stable: released (6.1.75) [4631c2dd69d928bca396f9f58baeddf85e14ced5]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26591 b/retired/CVE-2024-26591
new file mode 100644
index 00000000..af39b95a
--- /dev/null
+++ b/retired/CVE-2024-26591
@@ -0,0 +1,14 @@
+Description: bpf: Fix re-attachment branch in bpf_tracing_prog_attach
+References:
+Notes:
+ carnil> Commit fixes f3a95075549e0 ("bpf: Allow trampoline re-attach
+ carnil> for tracing and lsm programs") in 5.13-rc1
+Bugs:
+upstream: released (6.8-rc1) [715d82ba636cb3629a6e18a33bb9dbe53f9936ee]
+6.1-upstream-stable: released (6.1.75) [6cc9c0af0aa06f781fa515a1734b1a4239dfd2c0]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26592 b/retired/CVE-2024-26592
new file mode 100644
index 00000000..3f3e3698
--- /dev/null
+++ b/retired/CVE-2024-26592
@@ -0,0 +1,15 @@
+Description: ksmbd: fix UAF issue in ksmbd_tcp_new_connection()
+References:
+Notes:
+ carnil> Vulnerable versions: 5.15.
+Bugs:
+upstream: released (6.8-rc1) [38d20c62903d669693a1869aa68c4dd5674e2544]
+6.7-upstream-stable: released (6.7.2) [69d54650b751532d1e1613a4fb433e591aeef126]
+6.6-upstream-stable: released (6.6.14) [24290ba94cd0136e417283b0dbf8fcdabcf62111]
+6.1-upstream-stable: released (6.1.75) [380965e48e9c32ee4263c023e1d830ea7e462ed1]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26594 b/retired/CVE-2024-26594
new file mode 100644
index 00000000..12b7e38e
--- /dev/null
+++ b/retired/CVE-2024-26594
@@ -0,0 +1,14 @@
+Description: ksmbd: validate mech token in session setup
+References:
+Notes:
+Bugs:
+upstream: released (6.8-rc1) [92e470163d96df8db6c4fa0f484e4a229edb903d]
+6.7-upstream-stable: released (6.7.2) [5e6dfec95833edc54c48605a98365a7325e5541e]
+6.6-upstream-stable: released (6.6.14) [a2b21ef1ea4cf632d19b3a7cc4d4245b8e63202a]
+6.1-upstream-stable: released (6.1.75) [6eb8015492bcc84e40646390e50a862b2c0529c9]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26599 b/retired/CVE-2024-26599
new file mode 100644
index 00000000..267ed3fc
--- /dev/null
+++ b/retired/CVE-2024-26599
@@ -0,0 +1,16 @@
+Description: pwm: Fix out-of-bounds access in of_pwm_single_xlate()
+References:
+Notes:
+ carnil> Commit fixes 3ab7b6ac5d82 ("pwm: Introduce single-PWM of_xlate
+ carnil> function") in 5.17-rc1.
+Bugs:
+upstream: released (6.8-rc1) [a297d07b9a1e4fb8cda25a4a2363a507d294b7c9]
+6.7-upstream-stable: released (6.7.2) [bae45b7ebb31984b63b13c3519fd724b3ce92123]
+6.6-upstream-stable: released (6.6.14) [e5f2b4b62977fb6c2efcbc5779e0c9dce18215f7]
+6.1-upstream-stable: released (6.1.75) [7b85554c7c2aee91171e038e4d5442ffa130b282]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26604 b/retired/CVE-2024-26604
new file mode 100644
index 00000000..b97ee4f2
--- /dev/null
+++ b/retired/CVE-2024-26604
@@ -0,0 +1,16 @@
+Description: Revert "kobject: Remove redundant checks for whether ktype is NULL"
+References:
+Notes:
+ carnil> Introduced in 1b28cb81dab7 ("kobject: Remove redundant checks for whether ktype
+ carnil> is NULL"). Vulnerable versions: 6.6-rc1.
+Bugs:
+upstream: released (6.8-rc5) [3ca8fbabcceb8bfe44f7f50640092fd8f1de375c]
+6.7-upstream-stable: released (6.7.6) [b746d52ce7bcac325a2fa264216ead85b7fbbfaa]
+6.6-upstream-stable: released (6.6.18) [7f414d306320f837cc3df96cf52161cb8290fb1b]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26608 b/retired/CVE-2024-26608
new file mode 100644
index 00000000..ba08fd3c
--- /dev/null
+++ b/retired/CVE-2024-26608
@@ -0,0 +1,16 @@
+Description: ksmbd: fix global oob in ksmbd_nl_policy
+References:
+Notes:
+ carnil> Introduced in 0626e6641f6b ("cifsd: add server handler for central processing
+ carnil> and tranport layers"). Vulnerable versions: 5.15-rc1.
+Bugs:
+upstream: released (6.8-rc2) [ebeae8adf89d9a82359f6659b1663d09beec2faa]
+6.7-upstream-stable: released (6.7.3) [6993328a4cd62a24df254b587c0796a4a1eecc95]
+6.6-upstream-stable: released (6.6.15) [9863a53100f47652755545c2bd43e14a1855104d]
+6.1-upstream-stable: released (6.1.76) [2c939c74ef0b74e99b92e32edc2a59f9b9ca3d5a]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26611 b/retired/CVE-2024-26611
new file mode 100644
index 00000000..57fc6cb3
--- /dev/null
+++ b/retired/CVE-2024-26611
@@ -0,0 +1,16 @@
+Description: xsk: fix usage of multi-buffer BPF helpers for ZC XDP
+References:
+Notes:
+ carnil> Introduced in 24ea50127ecf ("xsk: support mbuf on ZC RX"). Vulnerable versions:
+ carnil> 6.6-rc1.
+Bugs:
+upstream: released (6.8-rc2) [c5114710c8ce86b8317e9b448f4fd15c711c2a82]
+6.7-upstream-stable: released (6.7.3) [5cd781f7216f980207af09c5e0e1bb1eda284540]
+6.6-upstream-stable: released (6.6.15) [82ee4781b8200e44669a354140d5c6bd966b8768]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26612 b/retired/CVE-2024-26612
new file mode 100644
index 00000000..3c3e8ee8
--- /dev/null
+++ b/retired/CVE-2024-26612
@@ -0,0 +1,16 @@
+Description: netfs, fscache: Prevent Oops in fscache_put_cache()
+References:
+Notes:
+ carnil> Introduced in 9549332df4ed ("fscache: Implement cache registration").
+ carnil> Vulnerable versions: 5.17-rc1.
+Bugs:
+upstream: released (6.8-rc2) [3be0b3ed1d76c6703b9ee482b55f7e01c369cc68]
+6.7-upstream-stable: released (6.7.3) [4200ad3e46ce50f410fdda302745489441bc70f0]
+6.6-upstream-stable: released (6.6.15) [1c45256e599061021e2c848952e50f406457e448]
+6.1-upstream-stable: released (6.1.76) [82a9bc343ba019665d3ddc1d9a180bf0e0390cf3]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26616 b/retired/CVE-2024-26616
new file mode 100644
index 00000000..b22a792d
--- /dev/null
+++ b/retired/CVE-2024-26616
@@ -0,0 +1,17 @@
+Description: btrfs: scrub: avoid use-after-free when chunk length is not 64K aligned
+References:
+Notes:
+ carnil> Introduced in
+ carnil> e02ee89baa66 ("btrfs: scrub: switch scrub_simple_mirror() to scrub_stripe
+ carnil> infrastructure"). Vulnerable versions: 6.4-rc1.
+Bugs:
+upstream: released (6.8-rc2) [f546c4282673497a06ecb6190b50ae7f6c85b02f]
+6.7-upstream-stable: released (6.7.3) [34de0f04684ec00c093a0455648be055f0e8e24f]
+6.6-upstream-stable: released (6.6.15) [642b9c520ef2f104277ad1f902f8526edbe087fb]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26617 b/retired/CVE-2024-26617
new file mode 100644
index 00000000..25330b57
--- /dev/null
+++ b/retired/CVE-2024-26617
@@ -0,0 +1,16 @@
+Description: fs/proc/task_mmu: move mmu notification mechanism inside mm lock
+References:
+Notes:
+ carnil> Introduced in 52526ca7fdb9 ("fs/proc/task_mmu: implement IOCTL to get and
+ carnil> optionally clear info about PTEs"). Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.8-rc1) [4cccb6221cae6d020270606b9e52b1678fc8b71a]
+6.7-upstream-stable: released (6.7.3) [05509adf297924f51e1493aa86f9fcde1433ed80]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26619 b/retired/CVE-2024-26619
new file mode 100644
index 00000000..7540b1fe
--- /dev/null
+++ b/retired/CVE-2024-26619
@@ -0,0 +1,16 @@
+Description: riscv: Fix module loading free order
+References:
+Notes:
+ carnil> Introduced in d8792a5734b0 ("riscv: Safely remove entries from relocation
+ carnil> list"). Vulnerable versions: 6.7-rc5.
+Bugs:
+upstream: released (6.8-rc1) [78996eee79ebdfe8b6f0e54cb6dcc792d5129291]
+6.7-upstream-stable: released (6.7.3) [2fa79badf4bfeffda6b5032cf62b828486ec9a99]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26620 b/retired/CVE-2024-26620
new file mode 100644
index 00000000..fb844bf4
--- /dev/null
+++ b/retired/CVE-2024-26620
@@ -0,0 +1,16 @@
+Description: s390/vfio-ap: always filter entire AP matrix
+References:
+Notes:
+ carnil> Introduced in 48cae940c31d ("s390/vfio-ap: refresh guest's APCB by filtering AP
+ carnil> resources assigned to mdev"). Vulnerable versions: 6.0-rc1.
+Bugs:
+upstream: released (6.8-rc1) [850fb7fa8c684a4c6bf0e4b6978f4ddcc5d43d11]
+6.7-upstream-stable: released (6.7.3) [cdd134d56138302976685e6c7bc4755450b3880e]
+6.6-upstream-stable: released (6.6.15) [c69d821197611678533fb3eb784fc823b921349a]
+6.1-upstream-stable: released (6.1.76) [d6b8d034b576f406af920a7bee81606c027b24c6]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26623 b/retired/CVE-2024-26623
new file mode 100644
index 00000000..976c4485
--- /dev/null
+++ b/retired/CVE-2024-26623
@@ -0,0 +1,16 @@
+Description: pds_core: Prevent race issues involving the adminq
+References:
+Notes:
+ carnil> Introduced in 01ba61b55b20 ("pds_core: Add adminq processing and commands").
+ carnil> Vulnerable versions: 6.4-rc1.
+Bugs:
+upstream: released (6.8-rc3) [7e82a8745b951b1e794cc780d46f3fbee5e93447]
+6.7-upstream-stable: released (6.7.4) [5939feb63ea1f011027576c64b68b681cbad31ca]
+6.6-upstream-stable: released (6.6.16) [22cd6046eb2148b18990257505834dd45c672a1b]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26630 b/retired/CVE-2024-26630
new file mode 100644
index 00000000..078e8719
--- /dev/null
+++ b/retired/CVE-2024-26630
@@ -0,0 +1,16 @@
+Description: mm: cachestat: fix folio read-after-free in cache walk
+References:
+Notes:
+ carnil> Introduced in cf264e1329fb ("cachestat: implement cachestat syscall").
+ carnil> Vulnerable versions: 6.5-rc1.
+Bugs:
+upstream: released (6.8-rc7) [3a75cb05d53f4a6823a32deb078de1366954a804]
+6.7-upstream-stable: released (6.7.9) [fe7e008e0ce728252e4ec652cceebcc62211657c]
+6.6-upstream-stable: released (6.6.21) [ba60fdf75e89ea762bb617be578dc47f27655117]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.9-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26631 b/retired/CVE-2024-26631
new file mode 100644
index 00000000..c0c6aea8
--- /dev/null
+++ b/retired/CVE-2024-26631
@@ -0,0 +1,16 @@
+Description: ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work
+References:
+Notes:
+ carnil> Introduced in 2d9a93b4902b ("mld: convert from timer to delayed work").
+ carnil> Vulnerable versions: 5.13-rc1.
+Bugs:
+upstream: released (6.8-rc1) [2e7ef287f07c74985f1bf2858bedc62bd9ebf155]
+6.7-upstream-stable: released (6.7.2) [3bb5849675ae1d592929798a2b37ea450879c855]
+6.6-upstream-stable: released (6.6.14) [3cc283fd16fba72e2cefe3a6f48d7a36b0438900]
+6.1-upstream-stable: released (6.1.75) [380540bb06bb1d1b12bdc947d1b8f56cda6b5663]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26632 b/retired/CVE-2024-26632
new file mode 100644
index 00000000..7bbc26c5
--- /dev/null
+++ b/retired/CVE-2024-26632
@@ -0,0 +1,16 @@
+Description: block: Fix iterating over an empty bio with bio_for_each_folio_all
+References:
+Notes:
+ carnil> Introduced in 640d1930bef4 ("block: Add bio_for_each_folio_all()"). Vulnerable
+ carnil> versions: 5.17-rc1.
+Bugs:
+upstream: released (6.8-rc1) [7bed6f3d08b7af27b7015da8dc3acf2b9c1f21d7]
+6.7-upstream-stable: released (6.7.2) [ca3ede3f5893e2d26d4dbdef1eec28a8487fafde]
+6.6-upstream-stable: released (6.6.14) [a6bd8182137a12d22d3f2cee463271bdcb491659]
+6.1-upstream-stable: released (6.1.75) [c6350b5cb78e9024c49eaee6fdb914ad2903a5fe]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26634 b/retired/CVE-2024-26634
new file mode 100644
index 00000000..cfd29950
--- /dev/null
+++ b/retired/CVE-2024-26634
@@ -0,0 +1,16 @@
+Description: net: fix removing a namespace with conflicting altnames
+References:
+Notes:
+ carnil> Introduced in 7663d522099e ("net: check for altname conflicts when changing
+ carnil> netdev's netns"). Vulnerable versions: 6.1.60 6.5.9 6.6-rc7.
+Bugs:
+upstream: released (6.8-rc2) [d09486a04f5da0a812c26217213b89a3b1acf836]
+6.7-upstream-stable: released (6.7.3) [8072699aa9e67d1727692cfb3c347263bb627fb9]
+6.6-upstream-stable: released (6.6.15) [e855dded4b70d1975ee7b9fed0c700391e3c8ea6]
+6.1-upstream-stable: released (6.1.76) [a2232f29bf52c24f827865b3c90829c44b6c695b]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26637 b/retired/CVE-2024-26637
new file mode 100644
index 00000000..2549f401
--- /dev/null
+++ b/retired/CVE-2024-26637
@@ -0,0 +1,16 @@
+Description: wifi: ath11k: rely on mac80211 debugfs handling for vif
+References:
+Notes:
+ carnil> Introduced in 0a3d898ee9a8 ("wifi: mac80211: add/remove driver debugfs entries
+ carnil> as appropriate"). Vulnerable versions: 6.7.
+Bugs:
+upstream: released (6.8-rc2) [556857aa1d0855aba02b1c63bc52b91ec63fc2cc]
+6.7-upstream-stable: released (6.7.3) [aa74ce30a8a40d19a4256de4ae5322e71344a274]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26638 b/retired/CVE-2024-26638
new file mode 100644
index 00000000..f4c823c6
--- /dev/null
+++ b/retired/CVE-2024-26638
@@ -0,0 +1,16 @@
+Description: nbd: always initialize struct msghdr completely
+References:
+Notes:
+ carnil> Introduced in f94fd25cb0aa ("tcp: pass back data left in socket after
+ carnil> receive"). Vulnerable versions: 5.19-rc1.
+Bugs:
+upstream: released (6.8-rc1) [78fbb92af27d0982634116c7a31065f24d092826]
+6.7-upstream-stable: released (6.7.3) [b0028f333420a65a53a63978522db680b37379dd]
+6.6-upstream-stable: released (6.6.15) [1960f2b534da1e6c65fb96f9e98bda773495f406]
+6.1-upstream-stable: released (6.1.76) [d9c54763e5cdbbd3f81868597fe8aca3c96e6387]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26649 b/retired/CVE-2024-26649
new file mode 100644
index 00000000..d5f2f115
--- /dev/null
+++ b/retired/CVE-2024-26649
@@ -0,0 +1,16 @@
+Description: drm/amdgpu: Fix the null pointer when load rlc firmware
+References:
+Notes:
+ carnil> Introduced in 3da9b71563cb ("drm/amd: Use `amdgpu_ucode_*` helpers for GFX10").
+ carnil> Vulnerable versions: 6.3-rc1.
+Bugs:
+upstream: released (6.8-rc1) [bc03c02cc1991a066b23e69bbcc0f66e8f1f7453]
+6.7-upstream-stable: released (6.7.3) [d3887448486caeef9687fb5dfebd4ff91e0f25aa]
+6.6-upstream-stable: released (6.6.15) [8b5bacce2d13dbe648f0bfd3f738ecce8db4978c]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26650 b/retired/CVE-2024-26650
new file mode 100644
index 00000000..403b2741
--- /dev/null
+++ b/retired/CVE-2024-26650
@@ -0,0 +1,16 @@
+Description: platform/x86: p2sb: Allow p2sb_bar() calls during PCI device probe
+References:
+Notes:
+ carnil> Introduced in 9745fb07474f ("platform/x86/intel: Add Primary to Sideband (P2SB)
+ carnil> bridge support"). Vulnerable versions: 6.0-rc1.
+Bugs:
+upstream: released (6.8-rc2) [5913320eb0b3ec88158cfcb0fa5e996bf4ef681b]
+6.7-upstream-stable: released (6.7.3) [d281ac9a987c553d93211b90fd4fe97d8eca32cd]
+6.6-upstream-stable: released (6.6.15) [847e1eb30e269a094da046c08273abe3f3361cf2]
+6.1-upstream-stable: released (6.1.76) [2841631a03652f32b595c563695d0461072e0de4]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/scripts/filter-active.py b/scripts/filter-active.py
index dd164ab0..943b3bb1 100755
--- a/scripts/filter-active.py
+++ b/scripts/filter-active.py
@@ -104,7 +104,7 @@ if __name__ == '__main__':
sys.stdout.write("%*s:" % (name_width, i.name))
for release in list_releases:
status = i.status(release) or "unknown"
- status_short = status.split(' ')[0]
+ status_short = parse_status(status)['state']
if options.color and status_short in status_color:
color_on = status_color[status_short]
else:
diff --git a/scripts/issue.py b/scripts/issue.py
index a7587e6d..ee8a1c59 100644
--- a/scripts/issue.py
+++ b/scripts/issue.py
@@ -1,6 +1,7 @@
from debian import deb822
import os.path
import re
+import sys
class issue(deb822.Deb822):
@@ -65,17 +66,53 @@ def get_issues(dir):
return [ issue(os.path.join(dir, f)) for f in L ]
+_status_re = re.compile(
+ r'\s*(\S*)'
+ r'(?:\s*\([^\s)]+\))?' # optional version
+ r'(?:\s*\[[^]]+\])?' # optional changerefs
+ r'(?:\s*"[^"]+")?' # optional comment
+ )
+
+
+_comma_re = re.compile(r'\s*,\s*')
+
+
+def _coalesce_state(old_state, new_state):
+ if old_state is None:
+ return new_state
+ # "needed" overrides everything else
+ if 'needed' in [old_state, new_state]:
+ return 'needed'
+ # "pendng" overrides everything but "needed"
+ if 'pending' in [old_state, new_state]:
+ return 'pending'
+ # We don't expect to use more than one of "released", "ignored",
+ # or "N/A" and it's not clear which should override which
+ if old_state != new_state:
+ print(f'W: Not sure how to coalesce status {old_state} and {new_state}',
+ file=sys.stderr)
+ return old_state
+
+
def parse_status(s):
- ws = '\s*'
- versions = '(?P<versions>\((\S*,\s*)*\S*\s*\))'
- changerefs = '(?P<changerefs>\[(\S*,\s*)*\S*\s*\])'
- state = '(?P<state>\S*)'
-
- statusre = re.compile(ws + state + ws +
- '(' + versions + '?)' +
- '(' + changerefs + '?)')
- m = statusre.match(s)
- if not m:
- raise SyntaxError
- else:
- return m.groupdict()
+ state = None
+ start = 0
+
+ while True:
+ m = _status_re.match(s[start:])
+ if not m:
+ raise SyntaxError(f'bad status {s[start:]}')
+ start += m.end()
+
+ # Coalesce with last status
+ state = _coalesce_state(state, m.group(1))
+
+ # End of field?
+ if start == len(s) or s[start:].isspace():
+ return {'state': state}
+
+ # No, must be followed by a comma separator
+ m = _comma_re.match(s[start:])
+ if not m:
+ raise SyntaxError(f'missing separator in{s[start:]}')
+ start += m.end()

© 2014-2024 Faster IT GmbH | imprint | privacy policy