From 9cd139b64b8458e7934cf2d43a83d81e9a076e0f Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Thu, 11 Jun 2020 09:46:30 +0200 Subject: Retire several CVEs --- active/CVE-2015-8839 | 16 ---------------- active/CVE-2018-14610 | 16 ---------------- active/CVE-2018-14611 | 16 ---------------- active/CVE-2018-14612 | 18 ------------------ active/CVE-2018-14613 | 14 -------------- active/CVE-2019-19447 | 15 --------------- active/CVE-2019-19768 | 15 --------------- active/CVE-2019-20636 | 12 ------------ active/CVE-2019-20806 | 12 ------------ active/CVE-2019-20812 | 12 ------------ active/CVE-2019-2182 | 15 --------------- active/CVE-2019-3016 | 22 ---------------------- active/CVE-2019-5108 | 16 ---------------- active/CVE-2020-10711 | 18 ------------------ active/CVE-2020-10942 | 13 ------------- active/CVE-2020-11494 | 13 ------------- active/CVE-2020-11565 | 12 ------------ active/CVE-2020-11608 | 12 ------------ active/CVE-2020-11609 | 12 ------------ active/CVE-2020-11668 | 12 ------------ active/CVE-2020-12114 | 23 ----------------------- active/CVE-2020-12768 | 17 ----------------- active/CVE-2020-2732 | 18 ------------------ active/CVE-2020-8428 | 21 --------------------- active/CVE-2020-8647 | 13 ------------- active/CVE-2020-8648 | 14 -------------- active/CVE-2020-8649 | 13 ------------- active/CVE-2020-9383 | 12 ------------ retired/CVE-2015-8839 | 16 ++++++++++++++++ retired/CVE-2018-14610 | 16 ++++++++++++++++ retired/CVE-2018-14611 | 16 ++++++++++++++++ retired/CVE-2018-14612 | 18 ++++++++++++++++++ retired/CVE-2018-14613 | 14 ++++++++++++++ retired/CVE-2019-19447 | 15 +++++++++++++++ retired/CVE-2019-19768 | 15 +++++++++++++++ retired/CVE-2019-20636 | 12 ++++++++++++ retired/CVE-2019-20806 | 12 ++++++++++++ retired/CVE-2019-20812 | 12 ++++++++++++ retired/CVE-2019-2182 | 15 +++++++++++++++ retired/CVE-2019-3016 | 22 ++++++++++++++++++++++ retired/CVE-2019-5108 | 16 ++++++++++++++++ retired/CVE-2020-10711 | 18 ++++++++++++++++++ retired/CVE-2020-10942 | 13 +++++++++++++ retired/CVE-2020-11494 | 13 +++++++++++++ retired/CVE-2020-11565 | 12 ++++++++++++ retired/CVE-2020-11608 | 12 ++++++++++++ retired/CVE-2020-11609 | 12 ++++++++++++ retired/CVE-2020-11668 | 12 ++++++++++++ retired/CVE-2020-12114 | 23 +++++++++++++++++++++++ retired/CVE-2020-12768 | 17 +++++++++++++++++ retired/CVE-2020-2732 | 18 ++++++++++++++++++ retired/CVE-2020-8428 | 21 +++++++++++++++++++++ retired/CVE-2020-8647 | 13 +++++++++++++ retired/CVE-2020-8648 | 14 ++++++++++++++ retired/CVE-2020-8649 | 13 +++++++++++++ retired/CVE-2020-9383 | 12 ++++++++++++ 56 files changed, 422 insertions(+), 422 deletions(-) delete mode 100644 active/CVE-2015-8839 delete mode 100644 active/CVE-2018-14610 delete mode 100644 active/CVE-2018-14611 delete mode 100644 active/CVE-2018-14612 delete mode 100644 active/CVE-2018-14613 delete mode 100644 active/CVE-2019-19447 delete mode 100644 active/CVE-2019-19768 delete mode 100644 active/CVE-2019-20636 delete mode 100644 active/CVE-2019-20806 delete mode 100644 active/CVE-2019-20812 delete mode 100644 active/CVE-2019-2182 delete mode 100644 active/CVE-2019-3016 delete mode 100644 active/CVE-2019-5108 delete mode 100644 active/CVE-2020-10711 delete mode 100644 active/CVE-2020-10942 delete mode 100644 active/CVE-2020-11494 delete mode 100644 active/CVE-2020-11565 delete mode 100644 active/CVE-2020-11608 delete mode 100644 active/CVE-2020-11609 delete mode 100644 active/CVE-2020-11668 delete mode 100644 active/CVE-2020-12114 delete mode 100644 active/CVE-2020-12768 delete mode 100644 active/CVE-2020-2732 delete mode 100644 active/CVE-2020-8428 delete mode 100644 active/CVE-2020-8647 delete mode 100644 active/CVE-2020-8648 delete mode 100644 active/CVE-2020-8649 delete mode 100644 active/CVE-2020-9383 create mode 100644 retired/CVE-2015-8839 create mode 100644 retired/CVE-2018-14610 create mode 100644 retired/CVE-2018-14611 create mode 100644 retired/CVE-2018-14612 create mode 100644 retired/CVE-2018-14613 create mode 100644 retired/CVE-2019-19447 create mode 100644 retired/CVE-2019-19768 create mode 100644 retired/CVE-2019-20636 create mode 100644 retired/CVE-2019-20806 create mode 100644 retired/CVE-2019-20812 create mode 100644 retired/CVE-2019-2182 create mode 100644 retired/CVE-2019-3016 create mode 100644 retired/CVE-2019-5108 create mode 100644 retired/CVE-2020-10711 create mode 100644 retired/CVE-2020-10942 create mode 100644 retired/CVE-2020-11494 create mode 100644 retired/CVE-2020-11565 create mode 100644 retired/CVE-2020-11608 create mode 100644 retired/CVE-2020-11609 create mode 100644 retired/CVE-2020-11668 create mode 100644 retired/CVE-2020-12114 create mode 100644 retired/CVE-2020-12768 create mode 100644 retired/CVE-2020-2732 create mode 100644 retired/CVE-2020-8428 create mode 100644 retired/CVE-2020-8647 create mode 100644 retired/CVE-2020-8648 create mode 100644 retired/CVE-2020-8649 create mode 100644 retired/CVE-2020-9383 diff --git a/active/CVE-2015-8839 b/active/CVE-2015-8839 deleted file mode 100644 index de4c984e..00000000 --- a/active/CVE-2015-8839 +++ /dev/null @@ -1,16 +0,0 @@ -Description: ext4 data corruption due to punch hole races -References: -Notes: - bwh> Commit a46c68a318b0 "ext4: cleanup pagecache before swap i_data" also - bwh> depends on this. -Bugs: -upstream: released (4.5-rc1) [ea3d7209ca01da209cda6f0dea8be9cc4b7a933b, 17048e8a083fec7ad841d88ef0812707fbc7e39f, 32ebffd3bbb4162da5ff88f9a35dd32d0a28ea70, 011278485ecc3cd2a3954b5d4c73101d919bf1fa] -4.19-upstream-stable: N/A "Fixed before branch point" -4.9-upstream-stable: N/A "Fixed before branch point" -3.16-upstream-stable: released (3.16.83) [81a2281115c28be55d3489c3a79c84db294b722a, 5c72decb78daa9e21cf0cc4d00c1fdfa70233719, 8a76993a673d694c17cd6fd6d7d9fc323fe224d4, 6a293f46d3eaafcbc4a3316f2ac80de9b1398415] -3.2-upstream-stable: ignored "Too much work to backport" -sid: released (4.5.1-1) -4.19-buster-security: N/A "Fixed before branching point" -4.9-stretch-security: N/A "Fixed before branching point" -3.16-jessie-security: released (3.16.84-1) -3.2-wheezy-security: ignored "Too much work to backport" diff --git a/active/CVE-2018-14610 b/active/CVE-2018-14610 deleted file mode 100644 index a601af7d..00000000 --- a/active/CVE-2018-14610 +++ /dev/null @@ -1,16 +0,0 @@ -Description: out-of-bound access in write_extent_buffer() when mounting and operating a crafted btrfs image -References: - https://bugzilla.kernel.org/show_bug.cgi?id=199837 - https://patchwork.kernel.org/patch/10503415/ -Notes: - bwh> Upstream fix depends on (at least) commit fce466eab7ac - bwh> "btrfs: tree-checker: Verify block_group_item". -Bugs: -upstream: released (4.19-rc1) [514c7dca85a0bf40be984dab0b477403a6db901f] -4.19-upstream-stable: N/A "Fixed before branch point" -4.9-upstream-stable: released (4.9.144) [7a72f918825ddece7a4ed79583836f6f1e06e478] -3.16-upstream-stable: released (3.16.83) [5203a4d55c2c6a0c86a0ab21bfd071d407ca95a1] -sid: released (4.19.9-1) -4.19-buster-security: N/A "Fixed before branching point" -4.9-stretch-security: released (4.9.144-1) -3.16-jessie-security: released (3.16.84-1) diff --git a/active/CVE-2018-14611 b/active/CVE-2018-14611 deleted file mode 100644 index 8d5f139e..00000000 --- a/active/CVE-2018-14611 +++ /dev/null @@ -1,16 +0,0 @@ -Description: use-after-free in try_merge_free_space() when mounting a crafted btrfs image -References: - https://bugzilla.kernel.org/show_bug.cgi?id=199839 - https://patchwork.kernel.org/patch/10503099/ -Notes: - bwh> Upstream fix depends on (at least) commit e06cd3dd7cea - bwh> "Btrfs: add validadtion checks for chunk loading". -Bugs: -upstream: released (4.19-rc1) [315409b0098fb2651d86553f0436b70502b29bb2] -4.19-upstream-stable: N/A "Fixed before branch point" -4.9-upstream-stable: released (4.9.144) [3c77b07dc365a7ed2644ca0dd38e6e40a9652d57] -3.16-upstream-stable: released (3.16.83) [cdfef40f9557b91384c392a9150bf0bb2b3802c7] -sid: released (4.19.9-1) -4.19-buster-security: N/A "Fixed before branching point" -4.9-stretch-security: released (4.9.144-1) -3.16-jessie-security: released (3.16.84-1) diff --git a/active/CVE-2018-14612 b/active/CVE-2018-14612 deleted file mode 100644 index 320744e3..00000000 --- a/active/CVE-2018-14612 +++ /dev/null @@ -1,18 +0,0 @@ -Description: Invalid pointer dereference in btrfs_root_node() when mounting a crafted btrfs image -References: - https://bugzilla.kernel.org/show_bug.cgi?id=199847 - https://patchwork.kernel.org/patch/10503403/ - https://patchwork.kernel.org/patch/10503413/ -Notes: - carnil> For 4.18.x branch first commit landed in 4.18.8 but unsure - carnil> what happened for the second one, resp. not yet checked if - carnil> that applies. -Bugs: -upstream: released (4.19-rc1) [ba480dd4db9f1798541eb2d1c423fc95feee8d36, 7ef49515fa6727cb4b6f2f5b0ffbc5fc20a9f8c6] -4.19-upstream-stable: N/A "Fixed before branch point" -4.9-upstream-stable: released (4.9.144) [6f33d3d8dca8683a4df94e9944296a1a1a2a6f10, 23eb2f435a07e1e09d48ea10c4a22bc96e16fde6] -3.16-upstream-stable: released (3.16.83) [e3f6c37c31522cc99cea96e0f0f6f536026fb058, b84f82bdb43676854de8c5196bd8738805b892ee] -sid: released (4.18.8-1) -4.19-buster-security: N/A "Fixed before branching point" -4.9-stretch-security: released (4.9.144-1) -3.16-jessie-security: released (3.16.84-1) diff --git a/active/CVE-2018-14613 b/active/CVE-2018-14613 deleted file mode 100644 index 8715fea8..00000000 --- a/active/CVE-2018-14613 +++ /dev/null @@ -1,14 +0,0 @@ -Description: Invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image -References: - https://bugzilla.kernel.org/show_bug.cgi?id=199849 - https://patchwork.kernel.org/patch/10503147/ -Notes: -Bugs: -upstream: released (4.19-rc1) [fce466eab7ac6baa9d2dcd88abcf945be3d4a089] -4.19-upstream-stable: N/A "Fixed before branch point" -4.9-upstream-stable: released (4.9.144) [058e388e42c8dc5b6ce6248990c75a0459e20197] -3.16-upstream-stable: released (3.16.83) [df8ecef7a35de12986676edc45fd841e6d788ba8] -sid: released (4.19.9-1) -4.19-buster-security: N/A "Fixed before branching point" -4.9-stretch-security: released (4.9.144-1) -3.16-jessie-security: released (3.16.84-1) diff --git a/active/CVE-2019-19447 b/active/CVE-2019-19447 deleted file mode 100644 index 2644a296..00000000 --- a/active/CVE-2019-19447 +++ /dev/null @@ -1,15 +0,0 @@ -Description: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c -References: - https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19447 - https://bugzilla.kernel.org/show_bug.cgi?id=205433 - https://bugzilla.suse.com/show_bug.cgi?id=1158819 -Notes: -Bugs: -upstream: released (5.5-rc1) [c7df4a1ecb8579838ec8c56b2bb6a6716e974f37] -4.19-upstream-stable: released (4.19.90) [8e7a865366105b978eef4108f49a12100eea4299] -4.9-upstream-stable: released (4.9.208) [e1513b36319dff169e409979867f39eb55a9af03] -3.16-upstream-stable: released (3.16.82) [75b201c2fdfb3cecc3eb6a1dc85b87055de642e9] -sid: released (5.4.6-1) -4.19-buster-security: released (4.19.98-1) -4.9-stretch-security: released (4.9.210-1) -3.16-jessie-security: released (3.16.84-1) diff --git a/active/CVE-2019-19768 b/active/CVE-2019-19768 deleted file mode 100644 index 81eb018e..00000000 --- a/active/CVE-2019-19768 +++ /dev/null @@ -1,15 +0,0 @@ -Description: __blk_add_trace use-after-free -References: - https://bugzilla.kernel.org/show_bug.cgi?id=205711 -Notes: - bwh> Needs additional fix, commit 153031a301bb "blktrace: fix dereference - bwh> after null check". -Bugs: -upstream: released (5.6-rc4) [c780e86dd48ef6467a1146cf7d0fe1e05a635039] -4.19-upstream-stable: released (4.19.119) [473d7f5ed75b8c3750f0c6b442c8e23090d6da8f] -4.9-upstream-stable: released (4.9.224) [284dba674c063ac5cab9ffc1ea07f7b199aeb62f] -3.16-upstream-stable: released (3.16.83) [4398bce1bdf258f7d67bcc38c46f5fa9546448bd] -sid: released (5.5.13-1) -4.19-buster-security: released (4.19.118-1) [bugfix/all/blktrace-protect-q-blk_trace-with-rcu.patch] -4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/blktrace-protect-q-blk_trace-with-rcu.patch] -3.16-jessie-security: released (3.16.84-1) diff --git a/active/CVE-2019-20636 b/active/CVE-2019-20636 deleted file mode 100644 index ee0955a8..00000000 --- a/active/CVE-2019-20636 +++ /dev/null @@ -1,12 +0,0 @@ -Description: Input: add safety guards to input_set_keycode() -References: -Notes: -Bugs: -upstream: released (5.5-rc6) [cb222aed03d798fc074be55e59d9a112338ee784] -4.19-upstream-stable: released (4.19.96) [f5b9bfbe94a042a2e3806efa4c6e1b6ddb4292c4] -4.9-upstream-stable: released (4.9.210) [5f27f97dfed4aa29fb95b98bf5911763bd3ef038] -3.16-upstream-stable: released (3.16.83) [4af47d3cc875e43a523f6d3b3edef2ca785ccf27] -sid: released (5.4.13-1) -4.19-buster-security: released (4.19.98-1) -4.9-stretch-security: released (4.9.210-1) -3.16-jessie-security: released (3.16.84-1) diff --git a/active/CVE-2019-20806 b/active/CVE-2019-20806 deleted file mode 100644 index 5f50a8d9..00000000 --- a/active/CVE-2019-20806 +++ /dev/null @@ -1,12 +0,0 @@ -Description: media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame -References: -Notes: -Bugs: -upstream: released (5.2-rc1) [2e7682ebfc750177a4944eeb56e97a3f05734528] -4.19-upstream-stable: released (4.19.99) [30fd5b16c9081afebe74d4d614fe582ff84ef6b2] -4.9-upstream-stable: released (4.9.212) [e4188ad85032f130b84702d39755840afec4b9b4] -3.16-upstream-stable: N/A "Vulnerable code introduced later" -sid: released (5.2.6-1) -4.19-buster-security: released (4.19.118-1) -4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/media-tw5864-fix-possible-null-pointer-dereference-i.patch] -3.16-jessie-security: N/A "Vulnerable code introduced later" diff --git a/active/CVE-2019-20812 b/active/CVE-2019-20812 deleted file mode 100644 index b79695a3..00000000 --- a/active/CVE-2019-20812 +++ /dev/null @@ -1,12 +0,0 @@ -Description: af_packet: set defaule value for tmo -References: -Notes: -Bugs: -upstream: released (5.5-rc3) [b43d1f9f7067c6759b1051e8ecb84e82cef569fe] -4.19-upstream-stable: released (4.19.92) [e99af2cb552e3fe1ec6157fc15856a89a6388886] -4.9-upstream-stable: released (4.9.208) [43c0e119316896fb895f0d059734e4ada480eb71] -3.16-upstream-stable: released (3.16.83) [8c1a8e6dba6a09d65ec7eef54ac13e36b7be9536] -sid: released (5.4.8-1) -4.19-buster-security: released (4.19.98-1) -4.9-stretch-security: released (4.9.210-1) -3.16-jessie-security: released (3.16.84-1) diff --git a/active/CVE-2019-2182 b/active/CVE-2019-2182 deleted file mode 100644 index eb169568..00000000 --- a/active/CVE-2019-2182 +++ /dev/null @@ -1,15 +0,0 @@ -Description: arm64: Enforce BBM for huge IO/VMAP mappings -References: - https://source.android.com/security/bulletin/pixel/2019-09-01 -Notes: - carnil> Commit fixes 324420bf91f6 ("arm64: add support for ioremap() - carnil> block mappings") which is in 4.6-rc1. -Bugs: -upstream: released (4.16-rc3) [15122ee2c515a253b0c66a3e618bc7ebe35105eb] -4.19-upstream-stable: N/A "Fixed before branching point" -4.9-upstream-stable: released (4.9.211) [4f45a0a170355546cc47ba7bbf3973fe187d05cf] -3.16-upstream-stable: N/A "Vulnerable code not present" -sid: released (4.16.5-1) -4.19-buster-security: N/A "Fixed before branching point" -4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/arm64/arm64-enforce-bbm-for-huge-io-vmap-mappings.patch] -3.16-jessie-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2019-3016 b/active/CVE-2019-3016 deleted file mode 100644 index 1804b677..00000000 --- a/active/CVE-2019-3016 +++ /dev/null @@ -1,22 +0,0 @@ -Description: information leak within a KVM guest -References: - https://www.openwall.com/lists/oss-security/2020/01/30/4 -Notes: - carnil> Issue present since 0b9f6c4615c99 ("x86/kvm: Support the vCPU - carnil> preemption check") in 4.10-rc1. But might need double-check. - carnil> Fixed as well in 5.4.19. For 4.19.103 only one commit was - carnil> backported, is this already sufficient? - bwh> I think it was introduced by 858a43aae236 ("KVM: X86: use - bwh> paravirtualized TLB Shootdown", as that introduced the second - bwh> flag in kvm_steal_time::preempted which is being cleared. - bwh> I believe the additional fixes *are* needed for 4.19. - carnil> The additional commits were added for 4.19.x in 4.19.119. -Bugs: -upstream: released (5.6-rc1) [8c6de56a42e0c657955e12b882a81ef07d1d073e, 1eff70a9abd46f175defafd29bc17ad456f398a7, 917248144db5d7320655dbb41d3af0b8a0f3d589, b043138246a41064527cf019a3d51d9f015e9796, a6bd811f1209fe1c64c9f6fd578101d6436c6b6e] -4.19-upstream-stable: released (4.19.119) [25a7898937f4a9f32ca2d1e9b7f5f07176af8037, e36d68ec5090599058650152547d4a58ef3d79a0, ccfc73e56da7c8e68ab6a543c5b8cd0b83c9e9bb, b5b79c757e6f22f17d8ddf2979abb7bf231bb327, c434092ef8172ed027f2bd9afcd42c0ee5002b85] -4.9-upstream-stable: N/A "Vulnerability introduced later" -3.16-upstream-stable: N/A "Vulnerability introduced later" -sid: released (5.4.19-1) -4.19-buster-security: released (4.19.118-2+deb10u1) [bugfix/x86/x86-kvm-Introduce-kvm_-un-map_gfn.patch, bugfix/x86/x86-kvm-Cache-gfn-to-pfn-translation.patch, bugfix/x86/x86-KVM-Make-sure-KVM_VCPU_FLUSH_TLB-flag-is-not-mis.patch, bugfix/x86/x86-KVM-Clean-up-host-s-steal-time-structure.patch] -4.9-stretch-security: N/A "Vulnerability introduced later" -3.16-jessie-security: N/A "Vulnerability introduced later" diff --git a/active/CVE-2019-5108 b/active/CVE-2019-5108 deleted file mode 100644 index 5145999c..00000000 --- a/active/CVE-2019-5108 +++ /dev/null @@ -1,16 +0,0 @@ -Description: CAM table denial-of-service vulnerability -References: - https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900 -Notes: - carnil> The Cisco TALOS report talks about "prior to mainline 5.3" but - carnil> unclear yet (to me) where the issue has been fixed or if that - carnil> only reflects the state when the advisory was written. -Bugs: -upstream: released (5.3) [3e493173b7841259a08c5c8e5cbe90adb349da7e] -4.19-upstream-stable: released (4.19.97) [8f483142b0bb278f67eabccbe3d6a0e8c45284ad] -4.9-upstream-stable: released (4.9.211) [ca60f42d7965af9f22392caa4074ab0f58c7e1fe] -3.16-upstream-stable: released (3.16.83) [93864704f211e55eddec0c03ca300b1cf6414d8c] -sid: released (5.3.7-1) -4.19-buster-security: released (4.19.98-1) -4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/mac80211-do-not-send-layer-2-update-frame-before-aut.patch] -3.16-jessie-security: released (3.16.84-1) diff --git a/active/CVE-2020-10711 b/active/CVE-2020-10711 deleted file mode 100644 index 5006f45e..00000000 --- a/active/CVE-2020-10711 +++ /dev/null @@ -1,18 +0,0 @@ -Description: NetLabel: null pointer dereference while receiving CIPSO packet with null category -References: - https://www.openwall.com/lists/oss-security/2020/05/12/2 - https://lore.kernel.org/netdev/07d99ae197bfdb2964931201db67b6cd0b38db5b.1589276729.git.pabeni@redhat.com/ -Notes: - carnil> Introduced in 4b8feff251da ("netlabel: fix the horribly broken - carnil> catmap functions") in 3.17-rc1 and ceba1832b1b2 ("calipso: Set - carnil> the calipso socket label to match the secattr.") in 4.8. We - carnil> enabled furthermore CONFIG_NETLABEL only starting in 5.6.7-1. -Bugs: -upstream: released (5.7-rc6) [eead1c2ea2509fd754c6da893a94f0e69e83ebe4] -4.19-upstream-stable: released (4.19.124) [caf6c20c6421ca687751d27b96c8021c655e56e6] -4.9-upstream-stable: released (4.9.224) [9232577ef3e10775eefe7f2689cbf851c8b13d80] -3.16-upstream-stable: N/A "Vulnerability introduced later" -sid: released (5.6.14-1) -4.19-buster-security: released (4.19.118-2+deb10u1) [bugfix/all/netlabel-cope-with-NULL-catmap.patch] -4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/netlabel-cope-with-NULL-catmap.patch] -3.16-jessie-security: N/A "Vulnerability introduced later" diff --git a/active/CVE-2020-10942 b/active/CVE-2020-10942 deleted file mode 100644 index e25bad69..00000000 --- a/active/CVE-2020-10942 +++ /dev/null @@ -1,13 +0,0 @@ -Description: vhost: Check docket sk_family instead of call getname -References: - https://lkml.org/lkml/2020/2/15/125 -Notes: -Bugs: -upstream: released (5.6-rc4) [42d84c8490f9f0931786f1623191fcab397c3d64] -4.19-upstream-stable: released (4.19.108) [ad598a48fe61c6c2407f08a807cb7a2ea83386b3] -4.9-upstream-stable: released (4.9.216) [7f574e92e4474f1b33425c4ee9ba48cd4fbe7d75] -3.16-upstream-stable: released (3.16.83) [e4d98e5299b19e1caad03f0b38fd41b046d0de56] -sid: released (5.5.13-1) -4.19-buster-security: released (4.19.98-1+deb10u1) [bugfix/all/vhost-Check-docket-sk_family-instead-of-call-getname.patch] -4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/vhost-check-docket-sk_family-instead-of-call-getname.patch] -3.16-jessie-security: released (3.16.84-1) diff --git a/active/CVE-2020-11494 b/active/CVE-2020-11494 deleted file mode 100644 index 4cb5b5e7..00000000 --- a/active/CVE-2020-11494 +++ /dev/null @@ -1,13 +0,0 @@ -Description: slcan: Don't transmit uninitialized stack data in padding -References: - https://lore.kernel.org/netdev/20200401100639.20199-1-rpalethorpe@suse.com/ -Notes: -Bugs: -upstream: released (5.7-rc1) [b9258a2cece4ec1f020715fe3554bc2e360f6264] -4.19-upstream-stable: released (4.19.115) [b774578329afb238ccd504477731129aa15e9ec2] -4.9-upstream-stable: released (4.9.219) [925c631e84d77a72188101258878ac58a646d540] -3.16-upstream-stable: released (3.16.83) [08fadc32ce6239dc75fd5e869590e29bc62bbc28] -sid: released (5.5.17-1) -4.19-buster-security: released (4.19.118-1) -4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/slcan-don-t-transmit-uninitialized-stack-data-in-pad.patch] -3.16-jessie-security: released (3.16.84-1) diff --git a/active/CVE-2020-11565 b/active/CVE-2020-11565 deleted file mode 100644 index a7a5197c..00000000 --- a/active/CVE-2020-11565 +++ /dev/null @@ -1,12 +0,0 @@ -Description: mm: mempolicy: require at least one nodeid for MPOL_PREFERRED -References: -Notes: -Bugs: -upstream: released (5.7-rc1) [aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd] -4.19-upstream-stable: released (4.19.115) [fa138035f104ae14651ee3217d81fc16cd3aba4d] -4.9-upstream-stable: released (4.9.219) [c5544e72014cdb0a739f6971fb3dd4fb641b392c] -3.16-upstream-stable: released (3.16.83) [7ca9aeb9a22b50841c401164703c5b0a4a510aff] -sid: released (5.5.17-1) -4.19-buster-security: released (4.19.98-1+deb10u1) [bugfix/all/mm-mempolicy-require-at-least-one-nodeid-for-MPOL_PR.patch] -4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/mm-mempolicy-require-at-least-one-nodeid-for-mpol_pr.patch] -3.16-jessie-security: released (3.16.84-1) diff --git a/active/CVE-2020-11608 b/active/CVE-2020-11608 deleted file mode 100644 index 08da6006..00000000 --- a/active/CVE-2020-11608 +++ /dev/null @@ -1,12 +0,0 @@ -Description: media: ov519: add missing endpoint sanity checks -References: -Notes: -Bugs: -upstream: released (5.7-rc1) [998912346c0da53a6dbb71fab3a138586b596b30] -4.19-upstream-stable: released (4.19.114) [747a7431661ab3c22ad1e721558bdf9e3d53d4a6] -4.9-upstream-stable: released (4.9.218) [03e73c3ef017580482d8e4de2db2bac9505facca] -3.16-upstream-stable: released (3.16.83) [39a4c51860e9695369b640962be4eb6984175384] -sid: released (5.5.17-1) -4.19-buster-security: released (4.19.118-1) -4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/media-ov519-add-missing-endpoint-sanity-checks.patch] -3.16-jessie-security: released (3.16.84-1) diff --git a/active/CVE-2020-11609 b/active/CVE-2020-11609 deleted file mode 100644 index 4aa1aa54..00000000 --- a/active/CVE-2020-11609 +++ /dev/null @@ -1,12 +0,0 @@ -Description: media: stv06xx: add missing descriptor sanity checks -References: -Notes: -Bugs: -upstream: released (5.7-rc1) [485b06aadb933190f4bc44e006076bc27a23f205] -4.19-upstream-stable: released (4.19.114) [70764334b2bcb15c67dfbd912d9a9f7076f6d0df] -4.9-upstream-stable: released (4.9.218) [be6fdd999bcc66cbfde80efbdc16cfd8a3290e38] -3.16-upstream-stable: released (3.16.83) [98d33c0103b16e64a6a4788cf81e22baf229f48e] -sid: released (5.5.17-1) -4.19-buster-security: released (4.19.118-1) -4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/media-stv06xx-add-missing-descriptor-sanity-checks.patch] -3.16-jessie-security: released (3.16.84-1) diff --git a/active/CVE-2020-11668 b/active/CVE-2020-11668 deleted file mode 100644 index 84f7bf25..00000000 --- a/active/CVE-2020-11668 +++ /dev/null @@ -1,12 +0,0 @@ -Description: media: xirlink_cit: add missing descriptor sanity checks -References: -Notes: -Bugs: -upstream: released (5.7-rc1) [a246b4d547708f33ff4d4b9a7a5dbac741dc89d8] -4.19-upstream-stable: released (4.19.114) [5d064d7f0327d9425c5f63fa96efc70a74032d8b] -4.9-upstream-stable: released (4.9.218) [8f08a2bb2199a4511bea29e9a130b449f8c1a581] -3.16-upstream-stable: released (3.16.83) [9e236e2465ff5858bed537b94b15134e3ba55e75] -sid: released (5.5.17-1) -4.19-buster-security: released (4.19.118-1) -4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/media-xirlink_cit-add-missing-descriptor-sanity-chec.patch] -3.16-jessie-security: released (3.16.84-1) diff --git a/active/CVE-2020-12114 b/active/CVE-2020-12114 deleted file mode 100644 index f8fb919f..00000000 --- a/active/CVE-2020-12114 +++ /dev/null @@ -1,23 +0,0 @@ -Description: fs/namespace.c: fix mountpoint reference counter race -References: - https://www.openwall.com/lists/oss-security/2020/05/04/2 -Notes: - carnil> According to the commit message this race condition between - carnil> threads updating mountpoint reference counter affects longterm - carnil> releases 4.4.220, 4.9.220, 4.14.177 and 4.19.118. and got fixed - carnil> in 4.4.221, 4.9.221, 4.14.178 and 4.19.119. This was fixed - carnil> upstream along with 4edbe133f851 ("make struct mountpoint bear - carnil> the dentry reference to mountpoint, not struct mount") in - carnil> 5.3-rc1. Similar issue (but not covered by the CVE) is adressed - carnil> in b0d3869ce9ee ("propagate_one(): mnt_set_mountpoint() needs - carnil> mount_lock"). This was adressed as well in 4.4.221, 4.9.221, - carnil> 4.14.178 and 4.19.120. Additionally in 5.4.37 and 5.6.9. -Bugs: -upstream: released (5.3-rc1) [4edbe133f851c9e3a2f2a1db367e826b01e72594] -4.19-upstream-stable: released (4.19.119) [f511dc75d22e0c000fc70b54f670c2c17f5fba9a] -4.9-upstream-stable: released (4.9.221) [91e997939dda1a866f23ddfb043dcd4a3ff57524] -3.16-upstream-stable: released (3.16.84) [172f22d527862eb5aa9dd767826f5d68562943db] -sid: released (5.3.7-1) -4.19-buster-security: released (4.19.118-2+deb10u1) [bugfix/all/fs-namespace.c-fix-mountpoint-reference-counter-race.patch] -4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/fs-namespace.c-fix-mountpoint-reference-counter-race.patch] -3.16-jessie-security: released (3.16.84-1) diff --git a/active/CVE-2020-12768 b/active/CVE-2020-12768 deleted file mode 100644 index 892d0fc5..00000000 --- a/active/CVE-2020-12768 +++ /dev/null @@ -1,17 +0,0 @@ -Description: KVM: SVM: Fix potential memory leak in svm_cpu_init() -References: - https://bugzilla.suse.com/show_bug.cgi?id=1171736#c3 -Notes: - carnil> One-time leak at boot, so has at most a negligible security - carnil> impact at all. - bwh> Introduced in 4.16 by commit 70cd94e60c73 "KVM: SVM: VMRUN should - bwh> use associated ASID when SEV is enabled" -Bugs: -upstream: released (5.6-rc4) [d80b64ff297e40c2b6f7d7abc1b3eba70d22a068] -4.19-upstream-stable: released (4.19.125) [008708152ebb229c29e065135599984fa9c4a51c] -4.9-upstream-stable: N/A "Vulnerability introduced later" -3.16-upstream-stable: N/A "Vulnerability introduced later" -sid: released (5.6.7-1) -4.19-buster-security: released (4.19.118-2+deb10u1) [bugfix/x86/kvm-svm-fix-potential-memory-leak-in-svm_cpu_init.patch] -4.9-stretch-security: N/A "Vulnerability introduced later" -3.16-jessie-security: N/A "Vulnerability introduced later" diff --git a/active/CVE-2020-2732 b/active/CVE-2020-2732 deleted file mode 100644 index 4d7e9af8..00000000 --- a/active/CVE-2020-2732 +++ /dev/null @@ -1,18 +0,0 @@ -Description: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources -References: - https://bugzilla.redhat.com/show_bug.cgi?id=1805135 - https://www.spinics.net/lists/kvm/msg208259.html - https://lore.kernel.org/stable/20200304085113.GA1419475@kroah.com/ -Notes: - carnil> Only the patch which was Cc'ed to stable@vger.kernel.org is - carnil> strictly needed to adress the CVE, see - carnil> https://lore.kernel.org/stable/20200304085113.GA1419475@kroah.com/ -Bugs: -upstream: released (5.6-rc4) [07721feee46b4b248402133228235318199b05ec, 35a571346a94fb93b5b3b6a599675ef3384bc75c, e71237d3ff1abf9f3388337cfebf53b96df2020d] -4.19-upstream-stable: released (4.19.107) [ed9e97c35b454ceb1da4f65c318015a7ab298dae, 85dd0eb771e8cef7839dbd4cb61acde0b86ecd9e, e5c0857bd5ccf34d93b5b1ea858ab3d81a685b08] -4.9-upstream-stable: released (4.9.215) [86dc39e580d8e3ffa42c8157d3e28249fd9a12c5, f3e0dfb310e6a6f0190dbb3d6b337513b548507b, 35523a2d9918e36ad4fa6c9c0176279d7c1f4291] -3.16-upstream-stable: released (3.16.83) [5d7476c40cd352ec82aec26f6c6d8c413eb2b17b] -sid: released (5.5.13-1) -4.19-buster-security: released (4.19.98-1+deb10u1) [bugfix/x86/KVM-nVMX-Don-t-emulate-instructions-in-guest-mode.patch] -4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/x86/kvm-nvmx-don-t-emulate-instructions-in-guest-mode.patch, bugfix/x86/kvm-nvmx-refactor-io-bitmap-checks-into-helper-funct.patch, bugfix/x86/kvm-nvmx-check-io-instruction-vm-exit-conditions.patch] -3.16-jessie-security: released (3.16.84-1) diff --git a/active/CVE-2020-8428 b/active/CVE-2020-8428 deleted file mode 100644 index f279f37c..00000000 --- a/active/CVE-2020-8428 +++ /dev/null @@ -1,21 +0,0 @@ -Description: user-triggerable read-after-free crash or 1-bit infoleak oracle in open(2) -References: - https://www.openwall.com/lists/oss-security/2020/01/28/2 -Notes: - carnil> The issue go introduced with 30aba6656f61 ("namei: allow - carnil> restricted O_CREAT of FIFOs and regular files") in 4.19-rc1 - carnil> which got backported to 4.4.166, 4.9.142 and 4.14.85. - carnil> Needs a regression update: - carnil> https://lore.kernel.org/lkml/20200201162645.GJ23230@ZenIV.linux.org.uk/ - carnil> which is applied in mainline as 6404674acd59 ("vfs: fix - carnil> do_last() regression"). See: - carnil> https://syzkaller.appspot.com/bug?extid=190005201ced78a74ad6 -Bugs: -upstream: released (5.5) [d0cb50185ae942b03c4327be322055d622dc79f6] -4.19-upstream-stable: released (4.19.100) [752f72edea55f9b7c6fd019e71365def13a0f2b6] -4.9-upstream-stable: released (4.9.212) [51772996274874a6bccda05b827f92582ce7b565] -3.16-upstream-stable: N/A "Vulnerable code introduced later with 30aba6656f61" -sid: released (5.4.19-1) -4.19-buster-security: released (4.19.98-1+deb10u1) [bugfix/all/do_last-fetch-directory-i_mode-and-i_uid-before-it-s.patch] -4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/do_last-fetch-directory-i_mode-and-i_uid-before-it-s.patch] -3.16-jessie-security: N/A "Vulnerable code introduced later" diff --git a/active/CVE-2020-8647 b/active/CVE-2020-8647 deleted file mode 100644 index b84d5494..00000000 --- a/active/CVE-2020-8647 +++ /dev/null @@ -1,13 +0,0 @@ -Description: vc_do_resize use-after-free -References: - https://bugzilla.kernel.org/show_bug.cgi?id=206359 -Notes: -Bugs: -upstream: released (5.6-rc5) [513dc792d6060d5ef572e43852683097a8420f56] -4.19-upstream-stable: released (4.19.109) [7abe1e0a874418b07524c9e07225df1cbb421ce9] -4.9-upstream-stable: released (4.9.216) 1f04adb4d691ed703b1fbc55d99f622b96cedecc] -3.16-upstream-stable: released (3.16.83) [bca2e2e83484ff63ca82c9c2c905d4e580f1a35a] -sid: released (5.5.13-1) -4.19-buster-security: released (4.19.118-1) -4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/vgacon-fix-a-uaf-in-vgacon_invert_region.patch] -3.16-jessie-security: released (3.16.84-1) diff --git a/active/CVE-2020-8648 b/active/CVE-2020-8648 deleted file mode 100644 index 67eb1a7b..00000000 --- a/active/CVE-2020-8648 +++ /dev/null @@ -1,14 +0,0 @@ -Description: n_tty_receive_buf_common use-after-free -References: - https://bugzilla.kernel.org/show_bug.cgi?id=206361 - https://lore.kernel.org/lkml/20200210081131.23572-2-jslaby@suse.cz/ -Notes: -Bugs: -upstream: released (5.6-rc3) [07e6124a1a46b4b5a9b3cacc0c306b50da87abf5, 4b70dd57a15d2f4685ac6e38056bad93e81e982f, 07e6124a1a46b4b5a9b3cacc0c306b50da87abf5] -4.19-upstream-stable: released (4.19.109) [31559b59040fc0e6ad363642112d4eb03ad4ebb7, efaef8463e1a9c20aa19c3de2b2d19f885e0315e, b4492f1e7456bd162714c0ec2815c2749d930844] -4.9-upstream-stable: released (4.9.216) [290a9381ccc16131c6ccc19940589141985db6b1, ccd35863147dd447110b726a0d4911ab686aade9, e5be0e24ffc7f5783a3864b5b958088ed15be9e8] -3.16-upstream-stable: released (3.16.83) [a93c3b40fc3d2264b1b11c469319c7cbefb80c46, f443603c73b85db566373875ca8890ef0910f083, a93c3b40fc3d2264b1b11c469319c7cbefb80c46] -sid: released (5.5.13-1) -4.19-buster-security: released (4.19.118-1) -4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/vt-selection-close-sel_buffer-race.patch, bugfix/all/vt-selection-push-console-lock-down.patch, bugfix/all/vt-selection-push-sel_lock-up.patch] -3.16-jessie-security: released (3.16.84-1) diff --git a/active/CVE-2020-8649 b/active/CVE-2020-8649 deleted file mode 100644 index b67bac59..00000000 --- a/active/CVE-2020-8649 +++ /dev/null @@ -1,13 +0,0 @@ -Description: vgacon_invert_region use-after-free -References: - https://bugzilla.kernel.org/show_bug.cgi?id=206357 -Notes: -Bugs: -upstream: released (5.6-rc5) [513dc792d6060d5ef572e43852683097a8420f56] -4.19-upstream-stable: released (4.19.109) [7abe1e0a874418b07524c9e07225df1cbb421ce9] -4.9-upstream-stable: released (4.9.216) [1f04adb4d691ed703b1fbc55d99f622b96cedecc] -3.16-upstream-stable: released (3.16.83) [bca2e2e83484ff63ca82c9c2c905d4e580f1a35a] -sid: released (5.5.13-1) -4.19-buster-security: released (4.19.118-1) -4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/vgacon-fix-a-uaf-in-vgacon_invert_region.patch] -3.16-jessie-security: released (3.16.84-1) diff --git a/active/CVE-2020-9383 b/active/CVE-2020-9383 deleted file mode 100644 index 450437b7..00000000 --- a/active/CVE-2020-9383 +++ /dev/null @@ -1,12 +0,0 @@ -Description: floppy: check FDC index for errors before assigning it -References: -Notes: -Bugs: -upstream: released (5.6-rc4) [2e90ca68b0d2f5548804f22f0dd61145516171e3] -4.19-upstream-stable: released (4.19.107) [c8fd87c53a1509162b910cec91c0c46753c58f9a] -4.9-upstream-stable: released (4.9.215) [5fbaa66c2a51c2260add842bd12cbc79715c5249] -3.16-upstream-stable: released (3.16.83) [2f9ac30a54dc0181ddac3705cdcf4775d863c530] -sid: released (5.5.13-1) -4.19-buster-security: released (4.19.118-1) -4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/floppy-check-fdc-index-for-errors-before-assigning-i.patch] -3.16-jessie-security: released (3.16.84-1) diff --git a/retired/CVE-2015-8839 b/retired/CVE-2015-8839 new file mode 100644 index 00000000..de4c984e --- /dev/null +++ b/retired/CVE-2015-8839 @@ -0,0 +1,16 @@ +Description: ext4 data corruption due to punch hole races +References: +Notes: + bwh> Commit a46c68a318b0 "ext4: cleanup pagecache before swap i_data" also + bwh> depends on this. +Bugs: +upstream: released (4.5-rc1) [ea3d7209ca01da209cda6f0dea8be9cc4b7a933b, 17048e8a083fec7ad841d88ef0812707fbc7e39f, 32ebffd3bbb4162da5ff88f9a35dd32d0a28ea70, 011278485ecc3cd2a3954b5d4c73101d919bf1fa] +4.19-upstream-stable: N/A "Fixed before branch point" +4.9-upstream-stable: N/A "Fixed before branch point" +3.16-upstream-stable: released (3.16.83) [81a2281115c28be55d3489c3a79c84db294b722a, 5c72decb78daa9e21cf0cc4d00c1fdfa70233719, 8a76993a673d694c17cd6fd6d7d9fc323fe224d4, 6a293f46d3eaafcbc4a3316f2ac80de9b1398415] +3.2-upstream-stable: ignored "Too much work to backport" +sid: released (4.5.1-1) +4.19-buster-security: N/A "Fixed before branching point" +4.9-stretch-security: N/A "Fixed before branching point" +3.16-jessie-security: released (3.16.84-1) +3.2-wheezy-security: ignored "Too much work to backport" diff --git a/retired/CVE-2018-14610 b/retired/CVE-2018-14610 new file mode 100644 index 00000000..a601af7d --- /dev/null +++ b/retired/CVE-2018-14610 @@ -0,0 +1,16 @@ +Description: out-of-bound access in write_extent_buffer() when mounting and operating a crafted btrfs image +References: + https://bugzilla.kernel.org/show_bug.cgi?id=199837 + https://patchwork.kernel.org/patch/10503415/ +Notes: + bwh> Upstream fix depends on (at least) commit fce466eab7ac + bwh> "btrfs: tree-checker: Verify block_group_item". +Bugs: +upstream: released (4.19-rc1) [514c7dca85a0bf40be984dab0b477403a6db901f] +4.19-upstream-stable: N/A "Fixed before branch point" +4.9-upstream-stable: released (4.9.144) [7a72f918825ddece7a4ed79583836f6f1e06e478] +3.16-upstream-stable: released (3.16.83) [5203a4d55c2c6a0c86a0ab21bfd071d407ca95a1] +sid: released (4.19.9-1) +4.19-buster-security: N/A "Fixed before branching point" +4.9-stretch-security: released (4.9.144-1) +3.16-jessie-security: released (3.16.84-1) diff --git a/retired/CVE-2018-14611 b/retired/CVE-2018-14611 new file mode 100644 index 00000000..8d5f139e --- /dev/null +++ b/retired/CVE-2018-14611 @@ -0,0 +1,16 @@ +Description: use-after-free in try_merge_free_space() when mounting a crafted btrfs image +References: + https://bugzilla.kernel.org/show_bug.cgi?id=199839 + https://patchwork.kernel.org/patch/10503099/ +Notes: + bwh> Upstream fix depends on (at least) commit e06cd3dd7cea + bwh> "Btrfs: add validadtion checks for chunk loading". +Bugs: +upstream: released (4.19-rc1) [315409b0098fb2651d86553f0436b70502b29bb2] +4.19-upstream-stable: N/A "Fixed before branch point" +4.9-upstream-stable: released (4.9.144) [3c77b07dc365a7ed2644ca0dd38e6e40a9652d57] +3.16-upstream-stable: released (3.16.83) [cdfef40f9557b91384c392a9150bf0bb2b3802c7] +sid: released (4.19.9-1) +4.19-buster-security: N/A "Fixed before branching point" +4.9-stretch-security: released (4.9.144-1) +3.16-jessie-security: released (3.16.84-1) diff --git a/retired/CVE-2018-14612 b/retired/CVE-2018-14612 new file mode 100644 index 00000000..320744e3 --- /dev/null +++ b/retired/CVE-2018-14612 @@ -0,0 +1,18 @@ +Description: Invalid pointer dereference in btrfs_root_node() when mounting a crafted btrfs image +References: + https://bugzilla.kernel.org/show_bug.cgi?id=199847 + https://patchwork.kernel.org/patch/10503403/ + https://patchwork.kernel.org/patch/10503413/ +Notes: + carnil> For 4.18.x branch first commit landed in 4.18.8 but unsure + carnil> what happened for the second one, resp. not yet checked if + carnil> that applies. +Bugs: +upstream: released (4.19-rc1) [ba480dd4db9f1798541eb2d1c423fc95feee8d36, 7ef49515fa6727cb4b6f2f5b0ffbc5fc20a9f8c6] +4.19-upstream-stable: N/A "Fixed before branch point" +4.9-upstream-stable: released (4.9.144) [6f33d3d8dca8683a4df94e9944296a1a1a2a6f10, 23eb2f435a07e1e09d48ea10c4a22bc96e16fde6] +3.16-upstream-stable: released (3.16.83) [e3f6c37c31522cc99cea96e0f0f6f536026fb058, b84f82bdb43676854de8c5196bd8738805b892ee] +sid: released (4.18.8-1) +4.19-buster-security: N/A "Fixed before branching point" +4.9-stretch-security: released (4.9.144-1) +3.16-jessie-security: released (3.16.84-1) diff --git a/retired/CVE-2018-14613 b/retired/CVE-2018-14613 new file mode 100644 index 00000000..8715fea8 --- /dev/null +++ b/retired/CVE-2018-14613 @@ -0,0 +1,14 @@ +Description: Invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image +References: + https://bugzilla.kernel.org/show_bug.cgi?id=199849 + https://patchwork.kernel.org/patch/10503147/ +Notes: +Bugs: +upstream: released (4.19-rc1) [fce466eab7ac6baa9d2dcd88abcf945be3d4a089] +4.19-upstream-stable: N/A "Fixed before branch point" +4.9-upstream-stable: released (4.9.144) [058e388e42c8dc5b6ce6248990c75a0459e20197] +3.16-upstream-stable: released (3.16.83) [df8ecef7a35de12986676edc45fd841e6d788ba8] +sid: released (4.19.9-1) +4.19-buster-security: N/A "Fixed before branching point" +4.9-stretch-security: released (4.9.144-1) +3.16-jessie-security: released (3.16.84-1) diff --git a/retired/CVE-2019-19447 b/retired/CVE-2019-19447 new file mode 100644 index 00000000..2644a296 --- /dev/null +++ b/retired/CVE-2019-19447 @@ -0,0 +1,15 @@ +Description: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c +References: + https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19447 + https://bugzilla.kernel.org/show_bug.cgi?id=205433 + https://bugzilla.suse.com/show_bug.cgi?id=1158819 +Notes: +Bugs: +upstream: released (5.5-rc1) [c7df4a1ecb8579838ec8c56b2bb6a6716e974f37] +4.19-upstream-stable: released (4.19.90) [8e7a865366105b978eef4108f49a12100eea4299] +4.9-upstream-stable: released (4.9.208) [e1513b36319dff169e409979867f39eb55a9af03] +3.16-upstream-stable: released (3.16.82) [75b201c2fdfb3cecc3eb6a1dc85b87055de642e9] +sid: released (5.4.6-1) +4.19-buster-security: released (4.19.98-1) +4.9-stretch-security: released (4.9.210-1) +3.16-jessie-security: released (3.16.84-1) diff --git a/retired/CVE-2019-19768 b/retired/CVE-2019-19768 new file mode 100644 index 00000000..81eb018e --- /dev/null +++ b/retired/CVE-2019-19768 @@ -0,0 +1,15 @@ +Description: __blk_add_trace use-after-free +References: + https://bugzilla.kernel.org/show_bug.cgi?id=205711 +Notes: + bwh> Needs additional fix, commit 153031a301bb "blktrace: fix dereference + bwh> after null check". +Bugs: +upstream: released (5.6-rc4) [c780e86dd48ef6467a1146cf7d0fe1e05a635039] +4.19-upstream-stable: released (4.19.119) [473d7f5ed75b8c3750f0c6b442c8e23090d6da8f] +4.9-upstream-stable: released (4.9.224) [284dba674c063ac5cab9ffc1ea07f7b199aeb62f] +3.16-upstream-stable: released (3.16.83) [4398bce1bdf258f7d67bcc38c46f5fa9546448bd] +sid: released (5.5.13-1) +4.19-buster-security: released (4.19.118-1) [bugfix/all/blktrace-protect-q-blk_trace-with-rcu.patch] +4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/blktrace-protect-q-blk_trace-with-rcu.patch] +3.16-jessie-security: released (3.16.84-1) diff --git a/retired/CVE-2019-20636 b/retired/CVE-2019-20636 new file mode 100644 index 00000000..ee0955a8 --- /dev/null +++ b/retired/CVE-2019-20636 @@ -0,0 +1,12 @@ +Description: Input: add safety guards to input_set_keycode() +References: +Notes: +Bugs: +upstream: released (5.5-rc6) [cb222aed03d798fc074be55e59d9a112338ee784] +4.19-upstream-stable: released (4.19.96) [f5b9bfbe94a042a2e3806efa4c6e1b6ddb4292c4] +4.9-upstream-stable: released (4.9.210) [5f27f97dfed4aa29fb95b98bf5911763bd3ef038] +3.16-upstream-stable: released (3.16.83) [4af47d3cc875e43a523f6d3b3edef2ca785ccf27] +sid: released (5.4.13-1) +4.19-buster-security: released (4.19.98-1) +4.9-stretch-security: released (4.9.210-1) +3.16-jessie-security: released (3.16.84-1) diff --git a/retired/CVE-2019-20806 b/retired/CVE-2019-20806 new file mode 100644 index 00000000..5f50a8d9 --- /dev/null +++ b/retired/CVE-2019-20806 @@ -0,0 +1,12 @@ +Description: media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame +References: +Notes: +Bugs: +upstream: released (5.2-rc1) [2e7682ebfc750177a4944eeb56e97a3f05734528] +4.19-upstream-stable: released (4.19.99) [30fd5b16c9081afebe74d4d614fe582ff84ef6b2] +4.9-upstream-stable: released (4.9.212) [e4188ad85032f130b84702d39755840afec4b9b4] +3.16-upstream-stable: N/A "Vulnerable code introduced later" +sid: released (5.2.6-1) +4.19-buster-security: released (4.19.118-1) +4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/media-tw5864-fix-possible-null-pointer-dereference-i.patch] +3.16-jessie-security: N/A "Vulnerable code introduced later" diff --git a/retired/CVE-2019-20812 b/retired/CVE-2019-20812 new file mode 100644 index 00000000..b79695a3 --- /dev/null +++ b/retired/CVE-2019-20812 @@ -0,0 +1,12 @@ +Description: af_packet: set defaule value for tmo +References: +Notes: +Bugs: +upstream: released (5.5-rc3) [b43d1f9f7067c6759b1051e8ecb84e82cef569fe] +4.19-upstream-stable: released (4.19.92) [e99af2cb552e3fe1ec6157fc15856a89a6388886] +4.9-upstream-stable: released (4.9.208) [43c0e119316896fb895f0d059734e4ada480eb71] +3.16-upstream-stable: released (3.16.83) [8c1a8e6dba6a09d65ec7eef54ac13e36b7be9536] +sid: released (5.4.8-1) +4.19-buster-security: released (4.19.98-1) +4.9-stretch-security: released (4.9.210-1) +3.16-jessie-security: released (3.16.84-1) diff --git a/retired/CVE-2019-2182 b/retired/CVE-2019-2182 new file mode 100644 index 00000000..eb169568 --- /dev/null +++ b/retired/CVE-2019-2182 @@ -0,0 +1,15 @@ +Description: arm64: Enforce BBM for huge IO/VMAP mappings +References: + https://source.android.com/security/bulletin/pixel/2019-09-01 +Notes: + carnil> Commit fixes 324420bf91f6 ("arm64: add support for ioremap() + carnil> block mappings") which is in 4.6-rc1. +Bugs: +upstream: released (4.16-rc3) [15122ee2c515a253b0c66a3e618bc7ebe35105eb] +4.19-upstream-stable: N/A "Fixed before branching point" +4.9-upstream-stable: released (4.9.211) [4f45a0a170355546cc47ba7bbf3973fe187d05cf] +3.16-upstream-stable: N/A "Vulnerable code not present" +sid: released (4.16.5-1) +4.19-buster-security: N/A "Fixed before branching point" +4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/arm64/arm64-enforce-bbm-for-huge-io-vmap-mappings.patch] +3.16-jessie-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2019-3016 b/retired/CVE-2019-3016 new file mode 100644 index 00000000..1804b677 --- /dev/null +++ b/retired/CVE-2019-3016 @@ -0,0 +1,22 @@ +Description: information leak within a KVM guest +References: + https://www.openwall.com/lists/oss-security/2020/01/30/4 +Notes: + carnil> Issue present since 0b9f6c4615c99 ("x86/kvm: Support the vCPU + carnil> preemption check") in 4.10-rc1. But might need double-check. + carnil> Fixed as well in 5.4.19. For 4.19.103 only one commit was + carnil> backported, is this already sufficient? + bwh> I think it was introduced by 858a43aae236 ("KVM: X86: use + bwh> paravirtualized TLB Shootdown", as that introduced the second + bwh> flag in kvm_steal_time::preempted which is being cleared. + bwh> I believe the additional fixes *are* needed for 4.19. + carnil> The additional commits were added for 4.19.x in 4.19.119. +Bugs: +upstream: released (5.6-rc1) [8c6de56a42e0c657955e12b882a81ef07d1d073e, 1eff70a9abd46f175defafd29bc17ad456f398a7, 917248144db5d7320655dbb41d3af0b8a0f3d589, b043138246a41064527cf019a3d51d9f015e9796, a6bd811f1209fe1c64c9f6fd578101d6436c6b6e] +4.19-upstream-stable: released (4.19.119) [25a7898937f4a9f32ca2d1e9b7f5f07176af8037, e36d68ec5090599058650152547d4a58ef3d79a0, ccfc73e56da7c8e68ab6a543c5b8cd0b83c9e9bb, b5b79c757e6f22f17d8ddf2979abb7bf231bb327, c434092ef8172ed027f2bd9afcd42c0ee5002b85] +4.9-upstream-stable: N/A "Vulnerability introduced later" +3.16-upstream-stable: N/A "Vulnerability introduced later" +sid: released (5.4.19-1) +4.19-buster-security: released (4.19.118-2+deb10u1) [bugfix/x86/x86-kvm-Introduce-kvm_-un-map_gfn.patch, bugfix/x86/x86-kvm-Cache-gfn-to-pfn-translation.patch, bugfix/x86/x86-KVM-Make-sure-KVM_VCPU_FLUSH_TLB-flag-is-not-mis.patch, bugfix/x86/x86-KVM-Clean-up-host-s-steal-time-structure.patch] +4.9-stretch-security: N/A "Vulnerability introduced later" +3.16-jessie-security: N/A "Vulnerability introduced later" diff --git a/retired/CVE-2019-5108 b/retired/CVE-2019-5108 new file mode 100644 index 00000000..5145999c --- /dev/null +++ b/retired/CVE-2019-5108 @@ -0,0 +1,16 @@ +Description: CAM table denial-of-service vulnerability +References: + https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900 +Notes: + carnil> The Cisco TALOS report talks about "prior to mainline 5.3" but + carnil> unclear yet (to me) where the issue has been fixed or if that + carnil> only reflects the state when the advisory was written. +Bugs: +upstream: released (5.3) [3e493173b7841259a08c5c8e5cbe90adb349da7e] +4.19-upstream-stable: released (4.19.97) [8f483142b0bb278f67eabccbe3d6a0e8c45284ad] +4.9-upstream-stable: released (4.9.211) [ca60f42d7965af9f22392caa4074ab0f58c7e1fe] +3.16-upstream-stable: released (3.16.83) [93864704f211e55eddec0c03ca300b1cf6414d8c] +sid: released (5.3.7-1) +4.19-buster-security: released (4.19.98-1) +4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/mac80211-do-not-send-layer-2-update-frame-before-aut.patch] +3.16-jessie-security: released (3.16.84-1) diff --git a/retired/CVE-2020-10711 b/retired/CVE-2020-10711 new file mode 100644 index 00000000..5006f45e --- /dev/null +++ b/retired/CVE-2020-10711 @@ -0,0 +1,18 @@ +Description: NetLabel: null pointer dereference while receiving CIPSO packet with null category +References: + https://www.openwall.com/lists/oss-security/2020/05/12/2 + https://lore.kernel.org/netdev/07d99ae197bfdb2964931201db67b6cd0b38db5b.1589276729.git.pabeni@redhat.com/ +Notes: + carnil> Introduced in 4b8feff251da ("netlabel: fix the horribly broken + carnil> catmap functions") in 3.17-rc1 and ceba1832b1b2 ("calipso: Set + carnil> the calipso socket label to match the secattr.") in 4.8. We + carnil> enabled furthermore CONFIG_NETLABEL only starting in 5.6.7-1. +Bugs: +upstream: released (5.7-rc6) [eead1c2ea2509fd754c6da893a94f0e69e83ebe4] +4.19-upstream-stable: released (4.19.124) [caf6c20c6421ca687751d27b96c8021c655e56e6] +4.9-upstream-stable: released (4.9.224) [9232577ef3e10775eefe7f2689cbf851c8b13d80] +3.16-upstream-stable: N/A "Vulnerability introduced later" +sid: released (5.6.14-1) +4.19-buster-security: released (4.19.118-2+deb10u1) [bugfix/all/netlabel-cope-with-NULL-catmap.patch] +4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/netlabel-cope-with-NULL-catmap.patch] +3.16-jessie-security: N/A "Vulnerability introduced later" diff --git a/retired/CVE-2020-10942 b/retired/CVE-2020-10942 new file mode 100644 index 00000000..e25bad69 --- /dev/null +++ b/retired/CVE-2020-10942 @@ -0,0 +1,13 @@ +Description: vhost: Check docket sk_family instead of call getname +References: + https://lkml.org/lkml/2020/2/15/125 +Notes: +Bugs: +upstream: released (5.6-rc4) [42d84c8490f9f0931786f1623191fcab397c3d64] +4.19-upstream-stable: released (4.19.108) [ad598a48fe61c6c2407f08a807cb7a2ea83386b3] +4.9-upstream-stable: released (4.9.216) [7f574e92e4474f1b33425c4ee9ba48cd4fbe7d75] +3.16-upstream-stable: released (3.16.83) [e4d98e5299b19e1caad03f0b38fd41b046d0de56] +sid: released (5.5.13-1) +4.19-buster-security: released (4.19.98-1+deb10u1) [bugfix/all/vhost-Check-docket-sk_family-instead-of-call-getname.patch] +4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/vhost-check-docket-sk_family-instead-of-call-getname.patch] +3.16-jessie-security: released (3.16.84-1) diff --git a/retired/CVE-2020-11494 b/retired/CVE-2020-11494 new file mode 100644 index 00000000..4cb5b5e7 --- /dev/null +++ b/retired/CVE-2020-11494 @@ -0,0 +1,13 @@ +Description: slcan: Don't transmit uninitialized stack data in padding +References: + https://lore.kernel.org/netdev/20200401100639.20199-1-rpalethorpe@suse.com/ +Notes: +Bugs: +upstream: released (5.7-rc1) [b9258a2cece4ec1f020715fe3554bc2e360f6264] +4.19-upstream-stable: released (4.19.115) [b774578329afb238ccd504477731129aa15e9ec2] +4.9-upstream-stable: released (4.9.219) [925c631e84d77a72188101258878ac58a646d540] +3.16-upstream-stable: released (3.16.83) [08fadc32ce6239dc75fd5e869590e29bc62bbc28] +sid: released (5.5.17-1) +4.19-buster-security: released (4.19.118-1) +4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/slcan-don-t-transmit-uninitialized-stack-data-in-pad.patch] +3.16-jessie-security: released (3.16.84-1) diff --git a/retired/CVE-2020-11565 b/retired/CVE-2020-11565 new file mode 100644 index 00000000..a7a5197c --- /dev/null +++ b/retired/CVE-2020-11565 @@ -0,0 +1,12 @@ +Description: mm: mempolicy: require at least one nodeid for MPOL_PREFERRED +References: +Notes: +Bugs: +upstream: released (5.7-rc1) [aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd] +4.19-upstream-stable: released (4.19.115) [fa138035f104ae14651ee3217d81fc16cd3aba4d] +4.9-upstream-stable: released (4.9.219) [c5544e72014cdb0a739f6971fb3dd4fb641b392c] +3.16-upstream-stable: released (3.16.83) [7ca9aeb9a22b50841c401164703c5b0a4a510aff] +sid: released (5.5.17-1) +4.19-buster-security: released (4.19.98-1+deb10u1) [bugfix/all/mm-mempolicy-require-at-least-one-nodeid-for-MPOL_PR.patch] +4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/mm-mempolicy-require-at-least-one-nodeid-for-mpol_pr.patch] +3.16-jessie-security: released (3.16.84-1) diff --git a/retired/CVE-2020-11608 b/retired/CVE-2020-11608 new file mode 100644 index 00000000..08da6006 --- /dev/null +++ b/retired/CVE-2020-11608 @@ -0,0 +1,12 @@ +Description: media: ov519: add missing endpoint sanity checks +References: +Notes: +Bugs: +upstream: released (5.7-rc1) [998912346c0da53a6dbb71fab3a138586b596b30] +4.19-upstream-stable: released (4.19.114) [747a7431661ab3c22ad1e721558bdf9e3d53d4a6] +4.9-upstream-stable: released (4.9.218) [03e73c3ef017580482d8e4de2db2bac9505facca] +3.16-upstream-stable: released (3.16.83) [39a4c51860e9695369b640962be4eb6984175384] +sid: released (5.5.17-1) +4.19-buster-security: released (4.19.118-1) +4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/media-ov519-add-missing-endpoint-sanity-checks.patch] +3.16-jessie-security: released (3.16.84-1) diff --git a/retired/CVE-2020-11609 b/retired/CVE-2020-11609 new file mode 100644 index 00000000..4aa1aa54 --- /dev/null +++ b/retired/CVE-2020-11609 @@ -0,0 +1,12 @@ +Description: media: stv06xx: add missing descriptor sanity checks +References: +Notes: +Bugs: +upstream: released (5.7-rc1) [485b06aadb933190f4bc44e006076bc27a23f205] +4.19-upstream-stable: released (4.19.114) [70764334b2bcb15c67dfbd912d9a9f7076f6d0df] +4.9-upstream-stable: released (4.9.218) [be6fdd999bcc66cbfde80efbdc16cfd8a3290e38] +3.16-upstream-stable: released (3.16.83) [98d33c0103b16e64a6a4788cf81e22baf229f48e] +sid: released (5.5.17-1) +4.19-buster-security: released (4.19.118-1) +4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/media-stv06xx-add-missing-descriptor-sanity-checks.patch] +3.16-jessie-security: released (3.16.84-1) diff --git a/retired/CVE-2020-11668 b/retired/CVE-2020-11668 new file mode 100644 index 00000000..84f7bf25 --- /dev/null +++ b/retired/CVE-2020-11668 @@ -0,0 +1,12 @@ +Description: media: xirlink_cit: add missing descriptor sanity checks +References: +Notes: +Bugs: +upstream: released (5.7-rc1) [a246b4d547708f33ff4d4b9a7a5dbac741dc89d8] +4.19-upstream-stable: released (4.19.114) [5d064d7f0327d9425c5f63fa96efc70a74032d8b] +4.9-upstream-stable: released (4.9.218) [8f08a2bb2199a4511bea29e9a130b449f8c1a581] +3.16-upstream-stable: released (3.16.83) [9e236e2465ff5858bed537b94b15134e3ba55e75] +sid: released (5.5.17-1) +4.19-buster-security: released (4.19.118-1) +4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/media-xirlink_cit-add-missing-descriptor-sanity-chec.patch] +3.16-jessie-security: released (3.16.84-1) diff --git a/retired/CVE-2020-12114 b/retired/CVE-2020-12114 new file mode 100644 index 00000000..f8fb919f --- /dev/null +++ b/retired/CVE-2020-12114 @@ -0,0 +1,23 @@ +Description: fs/namespace.c: fix mountpoint reference counter race +References: + https://www.openwall.com/lists/oss-security/2020/05/04/2 +Notes: + carnil> According to the commit message this race condition between + carnil> threads updating mountpoint reference counter affects longterm + carnil> releases 4.4.220, 4.9.220, 4.14.177 and 4.19.118. and got fixed + carnil> in 4.4.221, 4.9.221, 4.14.178 and 4.19.119. This was fixed + carnil> upstream along with 4edbe133f851 ("make struct mountpoint bear + carnil> the dentry reference to mountpoint, not struct mount") in + carnil> 5.3-rc1. Similar issue (but not covered by the CVE) is adressed + carnil> in b0d3869ce9ee ("propagate_one(): mnt_set_mountpoint() needs + carnil> mount_lock"). This was adressed as well in 4.4.221, 4.9.221, + carnil> 4.14.178 and 4.19.120. Additionally in 5.4.37 and 5.6.9. +Bugs: +upstream: released (5.3-rc1) [4edbe133f851c9e3a2f2a1db367e826b01e72594] +4.19-upstream-stable: released (4.19.119) [f511dc75d22e0c000fc70b54f670c2c17f5fba9a] +4.9-upstream-stable: released (4.9.221) [91e997939dda1a866f23ddfb043dcd4a3ff57524] +3.16-upstream-stable: released (3.16.84) [172f22d527862eb5aa9dd767826f5d68562943db] +sid: released (5.3.7-1) +4.19-buster-security: released (4.19.118-2+deb10u1) [bugfix/all/fs-namespace.c-fix-mountpoint-reference-counter-race.patch] +4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/fs-namespace.c-fix-mountpoint-reference-counter-race.patch] +3.16-jessie-security: released (3.16.84-1) diff --git a/retired/CVE-2020-12768 b/retired/CVE-2020-12768 new file mode 100644 index 00000000..892d0fc5 --- /dev/null +++ b/retired/CVE-2020-12768 @@ -0,0 +1,17 @@ +Description: KVM: SVM: Fix potential memory leak in svm_cpu_init() +References: + https://bugzilla.suse.com/show_bug.cgi?id=1171736#c3 +Notes: + carnil> One-time leak at boot, so has at most a negligible security + carnil> impact at all. + bwh> Introduced in 4.16 by commit 70cd94e60c73 "KVM: SVM: VMRUN should + bwh> use associated ASID when SEV is enabled" +Bugs: +upstream: released (5.6-rc4) [d80b64ff297e40c2b6f7d7abc1b3eba70d22a068] +4.19-upstream-stable: released (4.19.125) [008708152ebb229c29e065135599984fa9c4a51c] +4.9-upstream-stable: N/A "Vulnerability introduced later" +3.16-upstream-stable: N/A "Vulnerability introduced later" +sid: released (5.6.7-1) +4.19-buster-security: released (4.19.118-2+deb10u1) [bugfix/x86/kvm-svm-fix-potential-memory-leak-in-svm_cpu_init.patch] +4.9-stretch-security: N/A "Vulnerability introduced later" +3.16-jessie-security: N/A "Vulnerability introduced later" diff --git a/retired/CVE-2020-2732 b/retired/CVE-2020-2732 new file mode 100644 index 00000000..4d7e9af8 --- /dev/null +++ b/retired/CVE-2020-2732 @@ -0,0 +1,18 @@ +Description: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources +References: + https://bugzilla.redhat.com/show_bug.cgi?id=1805135 + https://www.spinics.net/lists/kvm/msg208259.html + https://lore.kernel.org/stable/20200304085113.GA1419475@kroah.com/ +Notes: + carnil> Only the patch which was Cc'ed to stable@vger.kernel.org is + carnil> strictly needed to adress the CVE, see + carnil> https://lore.kernel.org/stable/20200304085113.GA1419475@kroah.com/ +Bugs: +upstream: released (5.6-rc4) [07721feee46b4b248402133228235318199b05ec, 35a571346a94fb93b5b3b6a599675ef3384bc75c, e71237d3ff1abf9f3388337cfebf53b96df2020d] +4.19-upstream-stable: released (4.19.107) [ed9e97c35b454ceb1da4f65c318015a7ab298dae, 85dd0eb771e8cef7839dbd4cb61acde0b86ecd9e, e5c0857bd5ccf34d93b5b1ea858ab3d81a685b08] +4.9-upstream-stable: released (4.9.215) [86dc39e580d8e3ffa42c8157d3e28249fd9a12c5, f3e0dfb310e6a6f0190dbb3d6b337513b548507b, 35523a2d9918e36ad4fa6c9c0176279d7c1f4291] +3.16-upstream-stable: released (3.16.83) [5d7476c40cd352ec82aec26f6c6d8c413eb2b17b] +sid: released (5.5.13-1) +4.19-buster-security: released (4.19.98-1+deb10u1) [bugfix/x86/KVM-nVMX-Don-t-emulate-instructions-in-guest-mode.patch] +4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/x86/kvm-nvmx-don-t-emulate-instructions-in-guest-mode.patch, bugfix/x86/kvm-nvmx-refactor-io-bitmap-checks-into-helper-funct.patch, bugfix/x86/kvm-nvmx-check-io-instruction-vm-exit-conditions.patch] +3.16-jessie-security: released (3.16.84-1) diff --git a/retired/CVE-2020-8428 b/retired/CVE-2020-8428 new file mode 100644 index 00000000..f279f37c --- /dev/null +++ b/retired/CVE-2020-8428 @@ -0,0 +1,21 @@ +Description: user-triggerable read-after-free crash or 1-bit infoleak oracle in open(2) +References: + https://www.openwall.com/lists/oss-security/2020/01/28/2 +Notes: + carnil> The issue go introduced with 30aba6656f61 ("namei: allow + carnil> restricted O_CREAT of FIFOs and regular files") in 4.19-rc1 + carnil> which got backported to 4.4.166, 4.9.142 and 4.14.85. + carnil> Needs a regression update: + carnil> https://lore.kernel.org/lkml/20200201162645.GJ23230@ZenIV.linux.org.uk/ + carnil> which is applied in mainline as 6404674acd59 ("vfs: fix + carnil> do_last() regression"). See: + carnil> https://syzkaller.appspot.com/bug?extid=190005201ced78a74ad6 +Bugs: +upstream: released (5.5) [d0cb50185ae942b03c4327be322055d622dc79f6] +4.19-upstream-stable: released (4.19.100) [752f72edea55f9b7c6fd019e71365def13a0f2b6] +4.9-upstream-stable: released (4.9.212) [51772996274874a6bccda05b827f92582ce7b565] +3.16-upstream-stable: N/A "Vulnerable code introduced later with 30aba6656f61" +sid: released (5.4.19-1) +4.19-buster-security: released (4.19.98-1+deb10u1) [bugfix/all/do_last-fetch-directory-i_mode-and-i_uid-before-it-s.patch] +4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/do_last-fetch-directory-i_mode-and-i_uid-before-it-s.patch] +3.16-jessie-security: N/A "Vulnerable code introduced later" diff --git a/retired/CVE-2020-8647 b/retired/CVE-2020-8647 new file mode 100644 index 00000000..b84d5494 --- /dev/null +++ b/retired/CVE-2020-8647 @@ -0,0 +1,13 @@ +Description: vc_do_resize use-after-free +References: + https://bugzilla.kernel.org/show_bug.cgi?id=206359 +Notes: +Bugs: +upstream: released (5.6-rc5) [513dc792d6060d5ef572e43852683097a8420f56] +4.19-upstream-stable: released (4.19.109) [7abe1e0a874418b07524c9e07225df1cbb421ce9] +4.9-upstream-stable: released (4.9.216) 1f04adb4d691ed703b1fbc55d99f622b96cedecc] +3.16-upstream-stable: released (3.16.83) [bca2e2e83484ff63ca82c9c2c905d4e580f1a35a] +sid: released (5.5.13-1) +4.19-buster-security: released (4.19.118-1) +4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/vgacon-fix-a-uaf-in-vgacon_invert_region.patch] +3.16-jessie-security: released (3.16.84-1) diff --git a/retired/CVE-2020-8648 b/retired/CVE-2020-8648 new file mode 100644 index 00000000..67eb1a7b --- /dev/null +++ b/retired/CVE-2020-8648 @@ -0,0 +1,14 @@ +Description: n_tty_receive_buf_common use-after-free +References: + https://bugzilla.kernel.org/show_bug.cgi?id=206361 + https://lore.kernel.org/lkml/20200210081131.23572-2-jslaby@suse.cz/ +Notes: +Bugs: +upstream: released (5.6-rc3) [07e6124a1a46b4b5a9b3cacc0c306b50da87abf5, 4b70dd57a15d2f4685ac6e38056bad93e81e982f, 07e6124a1a46b4b5a9b3cacc0c306b50da87abf5] +4.19-upstream-stable: released (4.19.109) [31559b59040fc0e6ad363642112d4eb03ad4ebb7, efaef8463e1a9c20aa19c3de2b2d19f885e0315e, b4492f1e7456bd162714c0ec2815c2749d930844] +4.9-upstream-stable: released (4.9.216) [290a9381ccc16131c6ccc19940589141985db6b1, ccd35863147dd447110b726a0d4911ab686aade9, e5be0e24ffc7f5783a3864b5b958088ed15be9e8] +3.16-upstream-stable: released (3.16.83) [a93c3b40fc3d2264b1b11c469319c7cbefb80c46, f443603c73b85db566373875ca8890ef0910f083, a93c3b40fc3d2264b1b11c469319c7cbefb80c46] +sid: released (5.5.13-1) +4.19-buster-security: released (4.19.118-1) +4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/vt-selection-close-sel_buffer-race.patch, bugfix/all/vt-selection-push-console-lock-down.patch, bugfix/all/vt-selection-push-sel_lock-up.patch] +3.16-jessie-security: released (3.16.84-1) diff --git a/retired/CVE-2020-8649 b/retired/CVE-2020-8649 new file mode 100644 index 00000000..b67bac59 --- /dev/null +++ b/retired/CVE-2020-8649 @@ -0,0 +1,13 @@ +Description: vgacon_invert_region use-after-free +References: + https://bugzilla.kernel.org/show_bug.cgi?id=206357 +Notes: +Bugs: +upstream: released (5.6-rc5) [513dc792d6060d5ef572e43852683097a8420f56] +4.19-upstream-stable: released (4.19.109) [7abe1e0a874418b07524c9e07225df1cbb421ce9] +4.9-upstream-stable: released (4.9.216) [1f04adb4d691ed703b1fbc55d99f622b96cedecc] +3.16-upstream-stable: released (3.16.83) [bca2e2e83484ff63ca82c9c2c905d4e580f1a35a] +sid: released (5.5.13-1) +4.19-buster-security: released (4.19.118-1) +4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/vgacon-fix-a-uaf-in-vgacon_invert_region.patch] +3.16-jessie-security: released (3.16.84-1) diff --git a/retired/CVE-2020-9383 b/retired/CVE-2020-9383 new file mode 100644 index 00000000..450437b7 --- /dev/null +++ b/retired/CVE-2020-9383 @@ -0,0 +1,12 @@ +Description: floppy: check FDC index for errors before assigning it +References: +Notes: +Bugs: +upstream: released (5.6-rc4) [2e90ca68b0d2f5548804f22f0dd61145516171e3] +4.19-upstream-stable: released (4.19.107) [c8fd87c53a1509162b910cec91c0c46753c58f9a] +4.9-upstream-stable: released (4.9.215) [5fbaa66c2a51c2260add842bd12cbc79715c5249] +3.16-upstream-stable: released (3.16.83) [2f9ac30a54dc0181ddac3705cdcf4775d863c530] +sid: released (5.5.13-1) +4.19-buster-security: released (4.19.118-1) +4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/floppy-check-fdc-index-for-errors-before-assigning-i.patch] +3.16-jessie-security: released (3.16.84-1) -- cgit v1.2.3