From 6bea8c212f9d76f31174dbc13ccbc5456003d28c Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Thu, 18 Aug 2022 16:52:26 +0200 Subject: Retire CVE-2022-20158 --- active/CVE-2022-20158 | 24 ------------------------ retired/CVE-2022-20158 | 24 ++++++++++++++++++++++++ 2 files changed, 24 insertions(+), 24 deletions(-) delete mode 100644 active/CVE-2022-20158 create mode 100644 retired/CVE-2022-20158 diff --git a/active/CVE-2022-20158 b/active/CVE-2022-20158 deleted file mode 100644 index 98f2cd51..00000000 --- a/active/CVE-2022-20158 +++ /dev/null @@ -1,24 +0,0 @@ -Description: -References: - https://source.android.com/security/bulletin/pixel/2022-08-01 - https://android.googlesource.com/kernel/common/+/69e8f03c5ced3e4e6fb4181f4dac185104e3420b - https://android.googlesource.com/kernel/common/+/80d91b86a199798ee2321a0ab0f09e6e12764678 - https://lore.kernel.org/all/420a6c4a-e526-4e8b-d5bd-563c40aa94e1@huaweicloud.com/ - https://lore.kernel.org/all/YvYAmmaJgvydex4p@google.com/ -Notes: - carnil> The second commit is 0b3ea0926afb ("fs: explicitly unregister - carnil> per-superblock BDIs") in 5.16-rc1. - carnil> Is this an Android specific issue? 5.16-rc1 contains as well - carnil> 702f2d1e3b33 ("mm: don't automatically unregister bdis") as - carnil> "All BDI users now unregister explicitly" at that point. - carnil> Lee Jones clarified that the issue is specific to Android - carnil> released kernel versions which had an internal, device specific - carnil> commit, causing the issue. This does not affect upstream or - carnil> stable kernels accordingly. -Bugs: -upstream: N/A "Vulnerable code not present; issue specific to Android kernel" -5.10-upstream-stable: N/A "Vulnerable code not present; issue specific to Android kernel" -4.19-upstream-stable: N/A "Vulnerable code not present; issue specific to Android kernel" -sid: N/A "Vulnerable code not present; issue specific to Android kernel" -5.10-bullseye-security: N/A "Vulnerable code not present; issue specific to Android kernel" -4.19-buster-security: N/A "Vulnerable code not present; issue specific to Android kernel" diff --git a/retired/CVE-2022-20158 b/retired/CVE-2022-20158 new file mode 100644 index 00000000..98f2cd51 --- /dev/null +++ b/retired/CVE-2022-20158 @@ -0,0 +1,24 @@ +Description: +References: + https://source.android.com/security/bulletin/pixel/2022-08-01 + https://android.googlesource.com/kernel/common/+/69e8f03c5ced3e4e6fb4181f4dac185104e3420b + https://android.googlesource.com/kernel/common/+/80d91b86a199798ee2321a0ab0f09e6e12764678 + https://lore.kernel.org/all/420a6c4a-e526-4e8b-d5bd-563c40aa94e1@huaweicloud.com/ + https://lore.kernel.org/all/YvYAmmaJgvydex4p@google.com/ +Notes: + carnil> The second commit is 0b3ea0926afb ("fs: explicitly unregister + carnil> per-superblock BDIs") in 5.16-rc1. + carnil> Is this an Android specific issue? 5.16-rc1 contains as well + carnil> 702f2d1e3b33 ("mm: don't automatically unregister bdis") as + carnil> "All BDI users now unregister explicitly" at that point. + carnil> Lee Jones clarified that the issue is specific to Android + carnil> released kernel versions which had an internal, device specific + carnil> commit, causing the issue. This does not affect upstream or + carnil> stable kernels accordingly. +Bugs: +upstream: N/A "Vulnerable code not present; issue specific to Android kernel" +5.10-upstream-stable: N/A "Vulnerable code not present; issue specific to Android kernel" +4.19-upstream-stable: N/A "Vulnerable code not present; issue specific to Android kernel" +sid: N/A "Vulnerable code not present; issue specific to Android kernel" +5.10-bullseye-security: N/A "Vulnerable code not present; issue specific to Android kernel" +4.19-buster-security: N/A "Vulnerable code not present; issue specific to Android kernel" -- cgit v1.2.3