From bbbebfb9d7af4f12b4db87cc928e0b38a8e803cd Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Mon, 4 Jul 2022 10:36:50 +0200 Subject: retire multiple issues --- active/CVE-2022-1729 | 18 ------------------ active/CVE-2022-20166 | 21 --------------------- active/CVE-2022-21499 | 19 ------------------- active/CVE-2022-2153 | 21 --------------------- active/CVE-2022-23036 | 14 -------------- active/CVE-2022-23037 | 14 -------------- active/CVE-2022-23038 | 14 -------------- active/CVE-2022-23039 | 14 -------------- active/CVE-2022-23040 | 14 -------------- active/CVE-2022-23041 | 14 -------------- active/CVE-2022-23042 | 14 -------------- active/CVE-2022-23960 | 18 ------------------ active/CVE-2022-24958 | 13 ------------- active/CVE-2022-26490 | 17 ----------------- active/CVE-2022-26966 | 12 ------------ active/CVE-2022-27223 | 12 ------------ active/CVE-2022-27666 | 15 --------------- active/CVE-2022-28356 | 13 ------------- active/CVE-2022-28388 | 15 --------------- active/CVE-2022-28389 | 15 --------------- active/CVE-2022-28390 | 15 --------------- active/CVE-2022-29581 | 15 --------------- active/CVE-2022-30594 | 13 ------------- active/CVE-2022-32250 | 15 --------------- active/CVE-2022-32296 | 13 ------------- active/CVE-2022-32981 | 17 ----------------- active/CVE-2022-33981 | 14 -------------- retired/CVE-2022-1729 | 18 ++++++++++++++++++ retired/CVE-2022-20166 | 21 +++++++++++++++++++++ retired/CVE-2022-21499 | 19 +++++++++++++++++++ retired/CVE-2022-2153 | 21 +++++++++++++++++++++ retired/CVE-2022-23036 | 14 ++++++++++++++ retired/CVE-2022-23037 | 14 ++++++++++++++ retired/CVE-2022-23038 | 14 ++++++++++++++ retired/CVE-2022-23039 | 14 ++++++++++++++ retired/CVE-2022-23040 | 14 ++++++++++++++ retired/CVE-2022-23041 | 14 ++++++++++++++ retired/CVE-2022-23042 | 14 ++++++++++++++ retired/CVE-2022-23960 | 18 ++++++++++++++++++ retired/CVE-2022-24958 | 13 +++++++++++++ retired/CVE-2022-26490 | 17 +++++++++++++++++ retired/CVE-2022-26966 | 12 ++++++++++++ retired/CVE-2022-27223 | 12 ++++++++++++ retired/CVE-2022-27666 | 15 +++++++++++++++ retired/CVE-2022-28356 | 13 +++++++++++++ retired/CVE-2022-28388 | 15 +++++++++++++++ retired/CVE-2022-28389 | 15 +++++++++++++++ retired/CVE-2022-28390 | 15 +++++++++++++++ retired/CVE-2022-29581 | 15 +++++++++++++++ retired/CVE-2022-30594 | 13 +++++++++++++ retired/CVE-2022-32250 | 15 +++++++++++++++ retired/CVE-2022-32296 | 13 +++++++++++++ retired/CVE-2022-32981 | 17 +++++++++++++++++ retired/CVE-2022-33981 | 14 ++++++++++++++ 54 files changed, 409 insertions(+), 409 deletions(-) delete mode 100644 active/CVE-2022-1729 delete mode 100644 active/CVE-2022-20166 delete mode 100644 active/CVE-2022-21499 delete mode 100644 active/CVE-2022-2153 delete mode 100644 active/CVE-2022-23036 delete mode 100644 active/CVE-2022-23037 delete mode 100644 active/CVE-2022-23038 delete mode 100644 active/CVE-2022-23039 delete mode 100644 active/CVE-2022-23040 delete mode 100644 active/CVE-2022-23041 delete mode 100644 active/CVE-2022-23042 delete mode 100644 active/CVE-2022-23960 delete mode 100644 active/CVE-2022-24958 delete mode 100644 active/CVE-2022-26490 delete mode 100644 active/CVE-2022-26966 delete mode 100644 active/CVE-2022-27223 delete mode 100644 active/CVE-2022-27666 delete mode 100644 active/CVE-2022-28356 delete mode 100644 active/CVE-2022-28388 delete mode 100644 active/CVE-2022-28389 delete mode 100644 active/CVE-2022-28390 delete mode 100644 active/CVE-2022-29581 delete mode 100644 active/CVE-2022-30594 delete mode 100644 active/CVE-2022-32250 delete mode 100644 active/CVE-2022-32296 delete mode 100644 active/CVE-2022-32981 delete mode 100644 active/CVE-2022-33981 create mode 100644 retired/CVE-2022-1729 create mode 100644 retired/CVE-2022-20166 create mode 100644 retired/CVE-2022-21499 create mode 100644 retired/CVE-2022-2153 create mode 100644 retired/CVE-2022-23036 create mode 100644 retired/CVE-2022-23037 create mode 100644 retired/CVE-2022-23038 create mode 100644 retired/CVE-2022-23039 create mode 100644 retired/CVE-2022-23040 create mode 100644 retired/CVE-2022-23041 create mode 100644 retired/CVE-2022-23042 create mode 100644 retired/CVE-2022-23960 create mode 100644 retired/CVE-2022-24958 create mode 100644 retired/CVE-2022-26490 create mode 100644 retired/CVE-2022-26966 create mode 100644 retired/CVE-2022-27223 create mode 100644 retired/CVE-2022-27666 create mode 100644 retired/CVE-2022-28356 create mode 100644 retired/CVE-2022-28388 create mode 100644 retired/CVE-2022-28389 create mode 100644 retired/CVE-2022-28390 create mode 100644 retired/CVE-2022-29581 create mode 100644 retired/CVE-2022-30594 create mode 100644 retired/CVE-2022-32250 create mode 100644 retired/CVE-2022-32296 create mode 100644 retired/CVE-2022-32981 create mode 100644 retired/CVE-2022-33981 diff --git a/active/CVE-2022-1729 b/active/CVE-2022-1729 deleted file mode 100644 index b659f306..00000000 --- a/active/CVE-2022-1729 +++ /dev/null @@ -1,18 +0,0 @@ -Description: perf: Fix sys_perf_event_open() race against self -References: - https://lore.kernel.org/all/20220520183806.GV2578@worktop.programming.kicks-ass.net/T/#u - https://www.openwall.com/lists/oss-security/2022/05/20/2 - https://www.openwall.com/lists/oss-security/2022/06/30/2 -Notes: - carnil> Issue rendered harmless for exploition due to - carnil> kernel.perf_event_paranoid >= 3 setting. - carnil> For 5.17.y fixed as well in 5.17.10. -Bugs: -upstream: released (5.18) [3ac6487e584a1eb54071dbe1212e05b884136704] -5.10-upstream-stable: released (5.10.118) [3ee8e109c3c316073a3e0f83ec0769c7ee8a7375] -4.19-upstream-stable: released (4.19.245) [6cdd53a49aa7413e53c14ece27d826f0b628b18a] -4.9-upstream-stable: released (4.9.316) [a1466528d8ae5d9a3bb29781f0098fa3476e9e1c] -sid: released (5.17.11-1) -5.10-bullseye-security: released (5.10.120-1) -4.19-buster-security: released (4.19.249-1) -4.9-stretch-security: released (4.9.320-2) diff --git a/active/CVE-2022-20166 b/active/CVE-2022-20166 deleted file mode 100644 index 3c96d5de..00000000 --- a/active/CVE-2022-20166 +++ /dev/null @@ -1,21 +0,0 @@ -Description: drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions -References: - https://source.android.com/security/bulletin/pixel/2022-06-01 - https://android.googlesource.com/kernel/common/+/37c7c8d4f0856ca30c2583adead91f42711f9c2f%5E%21/ -Notes: - bwh> Based on the Android backport of this, the specific case where a - bwh> buffer overflow was possible must be in the name attribute of a - bwh> wakeup_source. This code was introduced in 5.4 by commit - bwh> c8377adfa781 "PM / wakeup: Show wakeup sources stats in sysfs". - bwh> If wakelocks are enabled (CONFIG_PM_WAKELOCKS=y) then user-space - bwh> can create a wakeup_source with an arbitrary name. However, we - bwh> never enabled this. -Bugs: -upstream: released (5.10-rc1) [aa838896d87af561a33ecefea1caa4c15a68bc47] -5.10-upstream-stable: N/A "Fixed before branching point" -4.19-upstream-stable: N/A "Vulnerable code not present" -4.9-upstream-stable: N/A "Vulnerable code not present" -sid: released (5.10.4-1) -5.10-bullseye-security: N/A "Fixed before branching point" -4.19-buster-security: N/A "Vulnerable code not present" -4.9-stretch-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2022-21499 b/active/CVE-2022-21499 deleted file mode 100644 index fe49bebb..00000000 --- a/active/CVE-2022-21499 +++ /dev/null @@ -1,19 +0,0 @@ -Description: lockdown: also lock down previous kgdb use -References: - https://www.openwall.com/lists/oss-security/2022/05/24/7 -Notes: - carnil> Lockdown firstly introduced upstream in 5.4-rc1. On the other - carnil> hand though, Debian ships since 4.11-1~exp1 the lockdown - carnil> patches (replaced from the securelevel patch). Issue possibly - carnil> as well present already in the securelevel patchset. - carnil> Fixed as well in 5.17.10 for 5.17.y. - bwh> I think we can ignore this since we don't enable kgdb. -Bugs: -upstream: released (5.19-rc1) [eadb2f47a3ced5c64b23b90fd2a3463f63726066] -5.10-upstream-stable: released (5.10.119) [a8f4d63142f947cd22fa615b8b3b8921cdaf4991] -4.19-upstream-stable: N/A "Vulnerable code not present" -4.9-upstream-stable: N/A "Vulnerable code not present" -sid: released (5.17.11-1) -5.10-bullseye-security: released (5.10.120-1) -4.19-buster-security: ignored "CONFIG_KGDB not enabled" -4.9-stretch-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2022-2153 b/active/CVE-2022-2153 deleted file mode 100644 index bace9fbb..00000000 --- a/active/CVE-2022-2153 +++ /dev/null @@ -1,21 +0,0 @@ -Description: KVM: NULL pointer dereference in kvm_irq_delivery_to_apic_fast() -References: - https://bugzilla.redhat.com/show_bug.cgi?id=2069736 - https://www.openwall.com/lists/oss-security/2022/06/22/1 -Notes: - carnil> Fixed as well in 5.16.19 for 5.16.y and 5.17.2 for 5.17.y. The - carnil> last commit of the series was as well backported to 5.10.110, - carnil> 4.19.238 and 4.9.311. - carnil> According to the oss-security reference the main fix seems to - carnil> be pin-pointed at 00b5f37189d2 ("KVM: x86: Avoid theoretical - carnil> NULL pointer dereference in kvm_irq_delivery_to_apic_fast()") - carnil> which would not yet be included in 5.10.y and older. -Bugs: -upstream: released (5.18-rc1) [7ec37d1cbe17d8189d9562178d8b29167fe1c31a, 00b5f37189d24ac3ed46cb7f11742094778c46ce, b1e34d325397a33d97d845e312d7cf2a8b646b44] -5.10-upstream-stable: released (5.10.110) [09c771c45c1243e295470225aaee726693fdc242] -4.19-upstream-stable: released (4.19.238) [2f4835b5188f3b73b2b048a761ae2553e845b027] -4.9-upstream-stable: released (4.9.311) [95d51d058680766130098287f680474bc55f1679] -sid: released (5.17.3-1) -5.10-bullseye-security: released (5.10.113-1) -4.19-buster-security: released (4.19.249-1) -4.9-stretch-security: released (4.9.320-2) diff --git a/active/CVE-2022-23036 b/active/CVE-2022-23036 deleted file mode 100644 index 4d6320c8..00000000 --- a/active/CVE-2022-23036 +++ /dev/null @@ -1,14 +0,0 @@ -Description: -References: - https://xenbits.xen.org/xsa/advisory-396.html -Notes: - carnil> Released as well in 5.16.14 for 5.16.y. -Bugs: -upstream: released (5.17-rc8) [6b1775f26a2da2b05a6dc8ec2b5d14e9a4701a1a, abf1fd5919d6238ee3bc5eb4a9b6c3947caa6638] -5.10-upstream-stable: released (5.10.105) [3d81e85f30a8f712c3e4f2a507553d9063a20ed6, 96219af4e504d0e96a231a0ba86062ec5b3af979] -4.19-upstream-stable: released (4.19.234) [17659846fe336366b1663194f5669d10f5947f53, 423a3a50dce9a48d10d2d2a70cd2f78064c13703] -4.9-upstream-stable: released (4.9.306) [73e1d9b33f2bd93ce30719dfc8990b6328243b7e, f306575016dcf47ed6cd40e1fe872a4d8c665a8b] -sid: released (5.16.14-1) -5.10-bullseye-security: released (5.10.106-1) -4.19-buster-security: released (4.19.235-1) -4.9-stretch-security: released (4.9.320-2) diff --git a/active/CVE-2022-23037 b/active/CVE-2022-23037 deleted file mode 100644 index 2f67473a..00000000 --- a/active/CVE-2022-23037 +++ /dev/null @@ -1,14 +0,0 @@ -Description: -References: - https://xenbits.xen.org/xsa/advisory-396.html -Notes: - carnil> Released as well in 5.16.14 for 5.16.y. -Bugs: -upstream: released (5.17-rc8) [31185df7e2b1d2fa1de4900247a12d7b9c7087eb] -5.10-upstream-stable: released (5.10.105) [f6690dd9446a2a4bd9b024f00f71dd827a98317f] -4.19-upstream-stable: released (4.19.234) [927e4eb8ddf4968b6a33be992b28063f84552c72] -4.9-upstream-stable: released (4.9.306) [1112bb311ec13e7e6e7045ae4a0b7091bedc6b7a] -sid: released (5.16.14-1) -5.10-bullseye-security: released (5.10.106-1) -4.19-buster-security: released (4.19.235-1) -4.9-stretch-security: released (4.9.320-2) diff --git a/active/CVE-2022-23038 b/active/CVE-2022-23038 deleted file mode 100644 index e5746e9e..00000000 --- a/active/CVE-2022-23038 +++ /dev/null @@ -1,14 +0,0 @@ -Description: -References: - https://xenbits.xen.org/xsa/advisory-396.html -Notes: - carnil> Released as well in 5.16.14 for 5.16.y. -Bugs: -upstream: released (5.17-rc8) [6b1775f26a2da2b05a6dc8ec2b5d14e9a4701a1a, 33172ab50a53578a95691310f49567c9266968b0] -5.10-upstream-stable: released (5.10.105) [3d81e85f30a8f712c3e4f2a507553d9063a20ed6, 3047255182774266950b22acc29c22a2d76e859e] -4.19-upstream-stable: released (4.19.234) [17659846fe336366b1663194f5669d10f5947f53, 62a696c15cfcfd32527f81ca3d94f2bde57475dc] -4.9-upstream-stable: released (4.9.306) [73e1d9b33f2bd93ce30719dfc8990b6328243b7e, 98bdfdf89e987406f4afdc7694cbdbb715383d8e] -sid: released (5.16.14-1) -5.10-bullseye-security: released (5.10.106-1) -4.19-buster-security: released (4.19.235-1) -4.9-stretch-security: released (4.9.320-2) diff --git a/active/CVE-2022-23039 b/active/CVE-2022-23039 deleted file mode 100644 index 111adac2..00000000 --- a/active/CVE-2022-23039 +++ /dev/null @@ -1,14 +0,0 @@ -Description: -References: - https://xenbits.xen.org/xsa/advisory-396.html -Notes: - carnil> Released as well in 5.16.14 for 5.16.y. -Bugs: -upstream: released (5.17-rc8) [d3b6372c5881cb54925212abb62c521df8ba4809] -5.10-upstream-stable: released (5.10.105) [5f36ae75b847e7f87e4144602f418a624ca074b7] -4.19-upstream-stable: released (4.19.234) [fbc57368ea527dcfa909908fc47a851a56e4e5ce] -4.9-upstream-stable: released (4.9.306) [97b835c6de03a24db79d374b02d532f0b562fd38] -sid: released (5.16.14-1) -5.10-bullseye-security: released (5.10.106-1) -4.19-buster-security: released (4.19.235-1) -4.9-stretch-security: released (4.9.320-2) diff --git a/active/CVE-2022-23040 b/active/CVE-2022-23040 deleted file mode 100644 index 54b1f9b6..00000000 --- a/active/CVE-2022-23040 +++ /dev/null @@ -1,14 +0,0 @@ -Description: -References: - https://xenbits.xen.org/xsa/advisory-396.html -Notes: - carnil> Released as well in 5.16.14 for 5.16.y. -Bugs: -upstream: released (5.17-rc8) [3777ea7bac3113005b7180e6b9dadf16d19a5827] -5.10-upstream-stable: released (5.10.105) [5c600371b8fd02cbbb0eb83a9f664e3f0b75c28e] -4.19-upstream-stable: released (4.19.234) [8d521d960aef22781ff499e16899c30af899de8d] -4.9-upstream-stable: released (4.9.306) [8f80d12f6946a6fe7c64bfc204c062a57f83c7f8] -sid: released (5.16.14-1) -5.10-bullseye-security: released (5.10.106-1) -4.19-buster-security: released (4.19.235-1) -4.9-stretch-security: released (4.9.320-2) diff --git a/active/CVE-2022-23041 b/active/CVE-2022-23041 deleted file mode 100644 index 5ebc6ccd..00000000 --- a/active/CVE-2022-23041 +++ /dev/null @@ -1,14 +0,0 @@ -Description: -References: - https://xenbits.xen.org/xsa/advisory-396.html -Notes: - carnil> Released as well in 5.16.14 for 5.16.y. -Bugs: -upstream: released (5.17-rc8) [5cadd4bb1d7fc9ab201ac14620d1a478357e4ebd, b0576cc9c6b843d99c6982888d59a56209341888, 42baefac638f06314298087394b982ead9ec444b] -5.10-upstream-stable: released (5.10.105) [8357d75bfdb85ea63253cf369f405830c7b13d78, c4b16486d6023f6365a4f8671351961e97428f2d, 39c00d09286c67567cdf23ebc8e00e47722ef769] -4.19-upstream-stable: released (4.19.234) [2466bed361f3274e3e0ca9d8e539532481c06fea, f85d03f0f482cc28a2ee15a1fed2ae57ae359412, 92dc0e4a219602242407dedd987dc9c8263c959b] -4.9-upstream-stable: released (4.9.306) [ae6f8a67b98144827e78874c8dba41cccb02be5b] -sid: released (5.16.14-1) -5.10-bullseye-security: released (5.10.106-1) -4.19-buster-security: released (4.19.235-1) -4.9-stretch-security: released (4.9.320-2) diff --git a/active/CVE-2022-23042 b/active/CVE-2022-23042 deleted file mode 100644 index 0aa5c352..00000000 --- a/active/CVE-2022-23042 +++ /dev/null @@ -1,14 +0,0 @@ -Description: -References: - https://xenbits.xen.org/xsa/advisory-396.html -Notes: - carnil> Released as well in 5.16.14 for 5.16.y. -Bugs: -upstream: released (5.17-rc8) [66e3531b33ee51dad17c463b4d9c9f52e341503d] -5.10-upstream-stable: released (5.10.105) [206c8e271ba2630f1d809123945d9c428f93b0f0] -4.19-upstream-stable: released (4.19.234) [c307029d811e03546d18d0e512fe295b3103b8e5] -4.9-upstream-stable: released (4.9.306) [c4497b057b14274e159434f0ed70439a21f3d2a9] -sid: released (5.16.14-1) -5.10-bullseye-security: released (5.10.106-1) -4.19-buster-security: released (4.19.235-1) -4.9-stretch-security: released (4.9.320-2) diff --git a/active/CVE-2022-23960 b/active/CVE-2022-23960 deleted file mode 100644 index ac071708..00000000 --- a/active/CVE-2022-23960 +++ /dev/null @@ -1,18 +0,0 @@ -Description: -References: - https://www.vusec.net/projects/bhi-spectre-bhb/ - https://github.com/vusec/bhi-spectre-bhb - https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/spectre-bhb -Notes: - carnil> Released as well in 5.16.14 for 5.16.y. - carnil> For 4.19.y and 4.9.y the arm64 patches are not yet included in - carnil> 4.19.234 and 4.9.306. -Bugs: -upstream: released (5.17-rc8) [9dd78194a3722fa6712192cdd4f7032d45112a9a, 04e91b7324760a377a725e218b5ee783826d30f5, 8d9d651ff2270a632e9dc497b142db31e8911315, b9baf5c8c5c356757f4f9d8180b5e9d234065bc3, 25875aa71dfefd1959f07e626c4d285b88b27ac2, 4330e2c5c04c27bebf89d34e0bc14e6943413067, 1b33d4860deaecf1d8eec3061b7e7ed7ab0bae8d, 5bdf3437603d4af87f9c7f424b0c8aeed2420745, d739da1694a0eaef0358a42b76904b611539b77b, 03aff3a77a58b5b52a77e00537a42090ad57b80b, c091fb6ae059cda563b2a4d93fdbc548ef34e1d6, 6c5bf79b69f911560fbf82214c0971af6e58e682, ed50da7764535f1e24432ded289974f2bf2b0c5a, 13d7a08352a83ef2252aeb464a5e08dfc06b5dfd, c47e4d04ba0f1ea17353d85d45f611277507e07a, a9c406e6462ff14956d690de7bbe5131a5677dc9, aff65393fa1401e034656e349abd655cfe272de0, ba2689234be92024e5635d30fe744f4853ad97db, b28a8eebe81c186fdb1a0078263b30576c8e1f42, bd09128d16fac3c34b80bd6a29088ac632e8ce09, dee435be76f4117410bbd90573a881fd33488f37, 558c303c9734af5a813739cd284879227f7297d2, a5905d6af492ee6a4a2205f0d550b3f931b03d03, 228a26b912287934789023b4132ba76065d9491c, 58c9a5060cb7cd529d49c93954cdafe81c1d642a] -5.10-upstream-stable: released (5.10.105) [b7f1e73c4ddf2044530091e69114a5fc1a1229d0, 46deb224680bb33c8e87440a7b909d16e5a7d7c5, 29d9b56df1e18a8ff2e669b79e511163972a8b65, 3f9c958e3572b19b1cfb9d28eeb15be0a5d80193, 302754d023a06171113e8fb20c7b2a18ebf9088f, f3c12fc53e0a1fffbe102a9501c7bb6efdabbe99, fc8070a9c5ad3e0ac343532df7d4d2d709b173a8, 86171569312b5870aaedc74b4b28d444c0f72105, b19eaa004f2eeae94a4fcf5f0cadac35cc579a72, 7ae8127e412361025e7b4a0e6347ca9e8f3ed109, dbcfa98539531bff0d7e4d6087741702dfa50f06, 162aa002ec1a78e91cf2f0b8e7450e2770b2941f, 97d8bdf33182494b7cb327ed555313d17d80c639, dc5b630c0d532140e194997d350f587dbcc78bfb, 7048a21086fb16ec67287a25b62e88b0cd17c8c3, 5242d6971e106be115d9dace9c1441f4a2e1cb25, d93b25a6654812e0511b71a6d4a207f6b1ce5dfe, bda89602814c69e6f027878209b0b9453133ada2, 5275fb5ea5f573ce1ecd2bf0bcd928abb916b43d, e55025063276fcf7b07e9340c38d70b04aa8a7b9, 8c691e5308c531deede16bef4f2d933d5f859ce7, 73ee716a1f6356ca86d16d4ffc97fcfc7961d3ef, 26211252c1c104732a0fea6c37645f1b670587f5, 49379552969acee3237387cc258848437e127d98, 3f21b7e355237aa2f8196ad44c2b7456a739518d, 56cf5326bdf9c20de9a45e4a7a4c0ae16833e561, 1f63326a5211208e2c5868650e47f13a9072afde, 13a807a0a080383ceab6c40e53c0228108423e51, 192023e6baf7cce7fb76ff3a5c24c55968c774ff, e192c8baa69ac8a5585d61ac535aa1e5eb795e80, 38c26bdb3cc53f219d6ab75ac1a95436f393c60f, 551717cf3b58f11311d10f70eb027d4b275135de, b65b87e718c33caa46d5246d8fbeda895aa9cf5b] -4.19-upstream-stable: released (4.19.234) [dc64af755099d1e51fd64e99fe3a59b75595814a, 45c25917ceb7a5377883ef4c3a675276fba8a268, 67e1f18a972be16363c6e88d7b29cde880774164, 99e14db3b711c27f93079ba9d7f2fff169916d5f, 29db7e4b67fccf5e1fe28ec89f2add90ce74d77b], released (4.19.236) [e8bfe29afc09ac77b347540a0f4c789e6530a436, 87eccd56c52fcdd6c55b048d789da5c9c2e51ed3, 51acb81130d1feee7fd043760b75f5377ab8d4f0, 266b1ef1368e06ac4c5a89eb9774ef2bbaa54e19, ebcdd80d0016c7445e8395cec99b9ce266a26001, af484e69b5e83095609d8b5c8abaf13a5460229e, f689fa53bb944873f75fe1584f446cae1aabd2c1, 9e056623dfc538909ed2a914f70a66d68ec71ec3, 22fdfcf1c2cea8e6dc383d46cbbe59d476d24a96, 901c0a20aa94d09a9328899e2dd69a8d43a3a920, 91429ed04ebe9dbec88f97c6fd136b722bc3f3c5, e18876b523d5f5fd8b8f34721f60a470caf20aa1, 5b5ca2608fbd6f250281b6a1d0d73613f250e6f1, 7b012f6597e55a2ea4c7efe94b5d9a792b6e5757, a68912a3ae3413be5febcaa40e7e0ec1fd62adee, c20d551744797000c4af993f7d59ef8c69732949, 5f051d32b03f08a0507ac1afd7b9c0a30c8e5d59, a44e7ddb5822b943cd50c5ad6a2541fb445d58bd, ed5dec3fae86f20db52930e1d9a7cc38403994cc] -4.9-upstream-stable: released (4.9.306) [b24d4041cfb6dab83f9edf40573375bd1365e619, dfea9912129157ba3c5a9d060e58df17fb688e72, 964aafb29a07cb7cdea71ef41a75394e879f529c, da3dfb69bbc3fdfeb3e5930fe28bcd689751a594, 48b1aa98e19d189703d518166ddb2520164b3164], released (4.9.310) [0a59e9cf1f29f446ab5a3dc91a23af8ca0cf5bea, 6835855140dc7adecd5af713a17d488f93fd8226, a212d166a9d7c35e56ba11f15d6706eee3dd499b, ee04ed16acb65f7dfde8cb74ae774f4314c5c816, 99cbe345732d49d4626052908754259ac9222bb2, 2ce6f5deed712c6768e5b19ac4e23d4aaa828ff4, 283bcb8f640ecc3e4a74f5084c15cdd9ce350951, 1f7da613bf57d10b0ff6807b36bd7eda27482ab6, bd69a09d7d229303286a685f59b9033c384f72b1, 944ecb18c729545ea73c53f9ee9b802637c549d0, ac965734ce0f87c194f0a666889a4f37436b2421, 218ddd9cb91e7bc0bb69d53fc40f600b0b217a16, aee10c2dd01383a8a01111d647b6e17b9a3cc791, 1451b7fe7a3689113e70d2936b92fa4d50e68371, 094a410426b4a5cbb0d68609050a15110124aeda, 4dd8aae585a51a1d276911fe19096ad90144e9fe, df0448480b9c2f0a2f5a5055e04afa80bf0a5301, 9396d5ede3df91cc71c70a7fb11826a10c34e775, 7815cbf19ac47ca0cc22b0d8aa25d6ec6ab2ad81] -sid: released (5.16.14-1) -5.10-bullseye-security: released (5.10.106-1) -4.19-buster-security: released (4.19.235-1), released (4.19.249-1) -4.9-stretch-security: released (4.9.320-2) diff --git a/active/CVE-2022-24958 b/active/CVE-2022-24958 deleted file mode 100644 index 4728813a..00000000 --- a/active/CVE-2022-24958 +++ /dev/null @@ -1,13 +0,0 @@ -Description: drivers/usb/gadget/legacy/inode.c mishandles dev->buf release -References: -Notes: - carnil> Fixed as well in 5.16.13 for 5.16.y series. -Bugs: -upstream: released (5.17-rc1) [89f3594d0de58e8a57d92d497dea9fee3d4b9cda, 501e38a5531efbd77d5c73c0ba838a889bfc1d74] -5.10-upstream-stable: released (5.10.104) [c13159a588818a1d2cd6519f4d3b6f7e17a9ffbd, fdd64084e405544c5c11841ca9261785c988e2a1] -4.19-upstream-stable: released (4.19.233) [70196d12856306a17ddc3eae0f022b9c1d748e52, 6b432b7b5a77e8bfd041da0ba00c98fa31097c4e] -4.9-upstream-stable: released (4.9.305) [be1bb345f180482b0e57768d967ef020d7cba592, e09100044e658fb7906494ed5109323ba64f3e7a] -sid: released (5.16.14-1) -5.10-bullseye-security: released (5.10.106-1) -4.19-buster-security: released (4.19.235-1) -4.9-stretch-security: released (4.9.320-2) diff --git a/active/CVE-2022-26490 b/active/CVE-2022-26490 deleted file mode 100644 index f75cc711..00000000 --- a/active/CVE-2022-26490 +++ /dev/null @@ -1,17 +0,0 @@ -Description: nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION -References: -Notes: - bwh> Driver is not enabled in Debian configurations. I think that - bwh> the messages being parsed are generated by device firmware, - bwh> which would make this hard to exploit. - bwh> The same bug exists in the similar st-nci driver. - carnil> Fixed as well in 5.16.18 for 5.16.y. -Bugs: -upstream: released (5.17-rc1) [4fbcc1a4cb20fe26ad0225679c536c80f1648221] -5.10-upstream-stable: released (5.10.109) [25c23fe40e6e1ef8e6d503c52b4f518b2e520ab7] -4.19-upstream-stable: released (4.19.237) [0043b74987acb44f1ade537aad901695511cfebe] -4.9-upstream-stable: released (4.9.309) [c1184fa07428fb81371d5863e09795f0d06d35cf] -sid: released (5.16.18-1) -5.10-bullseye-security: released (5.10.113-1) -4.19-buster-security: released (4.19.249-1) -4.9-stretch-security: released (4.9.320-2) diff --git a/active/CVE-2022-26966 b/active/CVE-2022-26966 deleted file mode 100644 index 63292a37..00000000 --- a/active/CVE-2022-26966 +++ /dev/null @@ -1,12 +0,0 @@ -Description: sr9700: sanity check for packet length -References: -Notes: -Bugs: -upstream: released (5.17-rc6) [e9da0b56fe27206b49f39805f7dcda8a89379062] -5.10-upstream-stable: released (5.10.103) [4f5f5411f0c14ac0b61d5e6a77d996dd3d5b5fd3] -4.19-upstream-stable: released (4.19.232) [dde5ddf02a47487dd6efcc7077307f1d4e1ba337] -4.9-upstream-stable: released (4.9.304) [89260e0e191e8a3a9872f72836bdf0641853c87f] -sid: released (5.16.12-1) -5.10-bullseye-security: released (5.10.103-1) -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: released (4.9.320-2) diff --git a/active/CVE-2022-27223 b/active/CVE-2022-27223 deleted file mode 100644 index bd3dedb5..00000000 --- a/active/CVE-2022-27223 +++ /dev/null @@ -1,12 +0,0 @@ -Description: USB: gadget: validate endpoint index for xilinx udc -References: -Notes: -Bugs: -upstream: released (5.17-rc6) [7f14c7227f342d9932f9b918893c8814f86d2a0d] -5.10-upstream-stable: released (5.10.103) [bfa8ffbaaaaf9752f66bc7cabcef2de715e7621f] -4.19-upstream-stable: released (4.19.232) [ebc465e894890a534ce05e035eae4829a2a47ba1] -4.9-upstream-stable: released (4.9.304) [958b6ab4d70bf991e8c90233504d4cb863aaef8a] -sid: released (5.16.12-1) -5.10-bullseye-security: released (5.10.103-1) -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: released (4.9.320-2) diff --git a/active/CVE-2022-27666 b/active/CVE-2022-27666 deleted file mode 100644 index 66cf9b79..00000000 --- a/active/CVE-2022-27666 +++ /dev/null @@ -1,15 +0,0 @@ -Description: esp: Fix possible buffer overflow in ESP transformation -References: - https://bugzilla.redhat.com/show_bug.cgi?id=2061633 -Notes: - carnil> For 5.16.y fixed as well in 5.16.15. - bwh> Introduced in 4.11 by commits referenced in the fix. -Bugs: -upstream: released (5.17-rc8) [ebe48d368e97d007bfeb76fcb065d6cfc4c96645] -5.10-upstream-stable: released (5.10.108) [9248694dac20eda06e22d8503364dc9d03df4e2f] -4.19-upstream-stable: released (4.19.237) [ce89087966651ad41e103770efc5ce2742046284] -4.9-upstream-stable: N/A "Vulnerability introduced later" -sid: released (5.16.18-1) -5.10-bullseye-security: released (5.10.113-1) -4.19-buster-security: released (4.19.249-1) -4.9-stretch-security: N/A "Vulnerability introduced later" diff --git a/active/CVE-2022-28356 b/active/CVE-2022-28356 deleted file mode 100644 index 1ed80dde..00000000 --- a/active/CVE-2022-28356 +++ /dev/null @@ -1,13 +0,0 @@ -Description: llc: fix netdevice reference leaks in llc_ui_bind() -References: - https://www.openwall.com/lists/oss-security/2022/04/06/1 -Notes: -Bugs: -upstream: released (5.18-rc1) [764f4eb6846f5475f1244767d24d25dd86528a4a] -5.10-upstream-stable: released (5.10.109) [571df3393f523b59cba87e2f3e80a3a624030f9c] -4.19-upstream-stable: released (4.19.237) [d14193111c436fc5de33206c67c7afd45c730099] -4.9-upstream-stable: released (4.9.309) [0a7aad979bfb43c4a78d33a5f356caf4ceb28bca] -sid: released (5.16.18-1) -5.10-bullseye-security: released (5.10.113-1) -4.19-buster-security: released (4.19.249-1) -4.9-stretch-security: released (4.9.320-2) diff --git a/active/CVE-2022-28388 b/active/CVE-2022-28388 deleted file mode 100644 index 8a713528..00000000 --- a/active/CVE-2022-28388 +++ /dev/null @@ -1,15 +0,0 @@ -Description: can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path -References: -Notes: - carnil> For 5.16.y fixed as well in 5.16.19 and for 5.17.y fixed in - carnil> 5.17.2. - bwh> The fix says this bug was present since the driver was added in 3.9. -Bugs: -upstream: released (5.18-rc1) [3d3925ff6433f98992685a9679613a2cc97f3ce2] -5.10-upstream-stable: released (5.10.110) [5318cdf4fd834856ce71238b064f35386f9ef528] -4.19-upstream-stable: released (4.19.240) [8eb78da898079c0d7250c32ebf0c35fb81737abe] -4.9-upstream-stable: needed -sid: released (5.17.3-1) -5.10-bullseye-security: released (5.10.113-1) -4.19-buster-security: released (4.19.249-1) -4.9-stretch-security: ignored "EOL" diff --git a/active/CVE-2022-28389 b/active/CVE-2022-28389 deleted file mode 100644 index 983d813e..00000000 --- a/active/CVE-2022-28389 +++ /dev/null @@ -1,15 +0,0 @@ -Description: can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path -References: -Notes: - carnil> For 5.16.y fixed as well in 5.16.19 and for 5.17.y fixed in - carnil> 5.17.2. - bwh> The fix says this bug was present since the driver was added in 4.12. -Bugs: -upstream: released (5.18-rc1) [04c9b00ba83594a29813d6b1fb8fdc93a3915174] -5.10-upstream-stable: released (5.10.110) [0801a51d79389282c1271e623613b2e1886e071e] -4.19-upstream-stable: released (4.19.238) [a8bba9fd73775e66b4021b18f2193f769ce48a59] -4.9-upstream-stable: N/A "Vulnerable code not present" -sid: released (5.17.3-1) -5.10-bullseye-security: released (5.10.113-1) -4.19-buster-security: released (4.19.249-1) -4.9-stretch-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2022-28390 b/active/CVE-2022-28390 deleted file mode 100644 index 0139eb82..00000000 --- a/active/CVE-2022-28390 +++ /dev/null @@ -1,15 +0,0 @@ -Description: can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path -References: -Notes: - carnil> For 5.16.y fixed as well in 5.16.19 and for 5.17.y as well in - carnil> 5.17.2. - bwh> The fix says this bug was present since the driver was added in 2.6.32. -Bugs: -upstream: released (5.18-rc1) [c70222752228a62135cee3409dccefd494a24646] -5.10-upstream-stable: released (5.10.110) [b417f9c50586588754b2b0453a1f99520cf7c0e8] -4.19-upstream-stable: released (4.19.238) [dec3ed0c76483748268bf36ec278af660b0f80ba] -4.9-upstream-stable: released (4.9.311) [e9c4ee674586ff0b098d17638af719aa56c9c272] -sid: released (5.17.3-1) -5.10-bullseye-security: released (5.10.113-1) -4.19-buster-security: released (4.19.249-1) -4.9-stretch-security: released (4.9.320-2) diff --git a/active/CVE-2022-29581 b/active/CVE-2022-29581 deleted file mode 100644 index 7ab64aba..00000000 --- a/active/CVE-2022-29581 +++ /dev/null @@ -1,15 +0,0 @@ -Description: net/sched: cls_u32: fix netns refcount changes in u32_change() -References: - https://www.openwall.com/lists/oss-security/2022/05/18/2 -Notes: - carnil> Introduced in 35c55fc156d8 ("cls_u32: use tcf_exts_get_net() - carnil> before call_rcu()" in 4.14. -Bugs: -upstream: released (5.18-rc4) [3db09e762dc79584a69c10d74a6b98f89a9979f8] -5.10-upstream-stable: released (5.10.113) [43ce33a68e2bcc431097e1075aad5393d0bf53ba] -4.19-upstream-stable: released (4.19.241) [75b0cc7904da7b40c6e8f2cf3ec4223b292b1184] -4.9-upstream-stable: N/A "Vulnerable code not present" -sid: released (5.17.6-1) -5.10-bullseye-security: released (5.10.113-1) -4.19-buster-security: released (4.19.249-1) -4.9-stretch-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2022-30594 b/active/CVE-2022-30594 deleted file mode 100644 index 62b30310..00000000 --- a/active/CVE-2022-30594 +++ /dev/null @@ -1,13 +0,0 @@ -Description: ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE -References: - https://bugs.chromium.org/p/project-zero/issues/detail?id=2276 -Notes: -Bugs: -upstream: released (5.18-rc1) [ee1fee900537b5d9560e9f937402de5ddc8412f3] -5.10-upstream-stable: released (5.10.110) [5a41a3033a9344d7683340e3d83f5435ffb06501] -4.19-upstream-stable: released (4.19.238) [b1f438f872dcda10a79e6aeaf06fd52dfb15a6ab] -4.9-upstream-stable: released (4.9.311) [4f96b94a8342fac058117962f1a76fc7ebd1c245] -sid: released (5.17.3-1) -5.10-bullseye-security: released (5.10.113-1) -4.19-buster-security: released (4.19.249-1) -4.9-stretch-security: released (4.9.320-2) diff --git a/active/CVE-2022-32250 b/active/CVE-2022-32250 deleted file mode 100644 index 1b2ab71c..00000000 --- a/active/CVE-2022-32250 +++ /dev/null @@ -1,15 +0,0 @@ -Description: netfilter: nf_tables: disallow non-stateful expression in sets earlier -References: - https://www.openwall.com/lists/oss-security/2022/05/31/1 - https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/net/netfilter?id=520778042ccca019f3ffa136dd0ca565c486cedd -Notes: - carnil> For 5.17.y fixed in 5.17.13 and for 5.18.y fixed in 5.18.2 -Bugs: -upstream: released (5.19-rc1) [520778042ccca019f3ffa136dd0ca565c486cedd] -5.10-upstream-stable: released (5.10.120) [ea62d169b6e731e0b54abda1d692406f6bc6a696] -4.19-upstream-stable: released (4.19.247) [ed44398b45add3d9be56b7457cc9e05282e518b4] -4.9-upstream-stable: released (4.9.318) [94e9b75919619ba8c4072abc4917011a7a888a79] -sid: released (5.18.2-1) -5.10-bullseye-security: released (5.10.120-1) -4.19-buster-security: released (4.19.249-1) -4.9-stretch-security: released (4.9.320-2) diff --git a/active/CVE-2022-32296 b/active/CVE-2022-32296 deleted file mode 100644 index c2772817..00000000 --- a/active/CVE-2022-32296 +++ /dev/null @@ -1,13 +0,0 @@ -Description: tcp: increase source port perturb table to 2^16 -References: -Notes: - bwh> This seems to be a duplicate of CVE-2022-1012. -Bugs: -upstream: released (5.18-rc6) [4c2c8f03a5ab7cb04ec64724d7d176d00bcc91e5] -5.10-upstream-stable: released (5.10.125) [9429b75bc271b6f29e50dbb0ee0751800ff87dd9] -4.19-upstream-stable: released (4.19.249) [514cd2859c5017fdc487165b093b328e24afe954] -4.9-upstream-stable: released (4.9.320) [3c78eea640f69e2198b69128173e6d65a0bcdc02] -sid: released (5.17.11-1) -5.10-bullseye-security: needed -4.19-buster-security: released (4.19.249-1) -4.9-stretch-security: released (4.9.320-2) diff --git a/active/CVE-2022-32981 b/active/CVE-2022-32981 deleted file mode 100644 index a87ae1b1..00000000 --- a/active/CVE-2022-32981 +++ /dev/null @@ -1,17 +0,0 @@ -Description: powerpc/32: Fix overread/overwrite of thread_struct via ptrace -References: - https://www.openwall.com/lists/oss-security/2022/06/14/3 -Notes: - carnil> Commit fixes 87fec0514f61 ("powerpc: - carnil> PTRACE_PEEKUSR/PTRACE_POKEUSER of FPR registers in little - carnil> endian builds") in 3.13-rc1. - carnil> Fixed as well in 5.18.4 for 5.18.y. -Bugs: -upstream: released (5.19-rc2) [8e1278444446fc97778a5e5c99bca1ce0bbc5ec9] -5.10-upstream-stable: released (5.10.122) [3be74fc0afbeadc2aff8dc69f3bf9716fbe66486] -4.19-upstream-stable: released (4.19.247) [a0e38a2808ea708beb4196a8873cecc23efb8e64] -4.9-upstream-stable: released (4.9.318) [89dda10b73b7ce184caf18754907126ce7ce3fad] -sid: released (5.18.5-1) -5.10-bullseye-security: ignored "no release architecture affected" -4.19-buster-security: ignored "no release architecture affected" -4.9-stretch-security: ignored "no release architecture affected" diff --git a/active/CVE-2022-33981 b/active/CVE-2022-33981 deleted file mode 100644 index d8dd49a2..00000000 --- a/active/CVE-2022-33981 +++ /dev/null @@ -1,14 +0,0 @@ -Description: floppy: disable FDRAWCMD by default -References: - https://bugzilla.redhat.com/show_bug.cgi?id=2080330 - https://www.openwall.com/lists/oss-security/2022/04/28/1 -Notes: -Bugs: -upstream: released (5.18-rc5) [233087ca063686964a53c829d547c7571e3f67bf] -5.10-upstream-stable: released (5.10.114) [54c028cfc49624bfc27a571b94edecc79bbaaab4] -4.19-upstream-stable: released (4.19.241) [0e535976774504af36fab1dfb54f3d4d6cc577a9] -4.9-upstream-stable: released (4.9.313) [0dd02ff72c6daf4e7800fb5dd1109fbacdde97dc] -sid: released (5.17.6-1) -5.10-bullseye-security: released (5.10.113-1) [bugfix/all/floppy-disable-FDRAWCMD-by-default.patch] -4.19-buster-security: released (4.19.249-1) -4.9-stretch-security: released (4.9.320-2) diff --git a/retired/CVE-2022-1729 b/retired/CVE-2022-1729 new file mode 100644 index 00000000..b659f306 --- /dev/null +++ b/retired/CVE-2022-1729 @@ -0,0 +1,18 @@ +Description: perf: Fix sys_perf_event_open() race against self +References: + https://lore.kernel.org/all/20220520183806.GV2578@worktop.programming.kicks-ass.net/T/#u + https://www.openwall.com/lists/oss-security/2022/05/20/2 + https://www.openwall.com/lists/oss-security/2022/06/30/2 +Notes: + carnil> Issue rendered harmless for exploition due to + carnil> kernel.perf_event_paranoid >= 3 setting. + carnil> For 5.17.y fixed as well in 5.17.10. +Bugs: +upstream: released (5.18) [3ac6487e584a1eb54071dbe1212e05b884136704] +5.10-upstream-stable: released (5.10.118) [3ee8e109c3c316073a3e0f83ec0769c7ee8a7375] +4.19-upstream-stable: released (4.19.245) [6cdd53a49aa7413e53c14ece27d826f0b628b18a] +4.9-upstream-stable: released (4.9.316) [a1466528d8ae5d9a3bb29781f0098fa3476e9e1c] +sid: released (5.17.11-1) +5.10-bullseye-security: released (5.10.120-1) +4.19-buster-security: released (4.19.249-1) +4.9-stretch-security: released (4.9.320-2) diff --git a/retired/CVE-2022-20166 b/retired/CVE-2022-20166 new file mode 100644 index 00000000..3c96d5de --- /dev/null +++ b/retired/CVE-2022-20166 @@ -0,0 +1,21 @@ +Description: drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions +References: + https://source.android.com/security/bulletin/pixel/2022-06-01 + https://android.googlesource.com/kernel/common/+/37c7c8d4f0856ca30c2583adead91f42711f9c2f%5E%21/ +Notes: + bwh> Based on the Android backport of this, the specific case where a + bwh> buffer overflow was possible must be in the name attribute of a + bwh> wakeup_source. This code was introduced in 5.4 by commit + bwh> c8377adfa781 "PM / wakeup: Show wakeup sources stats in sysfs". + bwh> If wakelocks are enabled (CONFIG_PM_WAKELOCKS=y) then user-space + bwh> can create a wakeup_source with an arbitrary name. However, we + bwh> never enabled this. +Bugs: +upstream: released (5.10-rc1) [aa838896d87af561a33ecefea1caa4c15a68bc47] +5.10-upstream-stable: N/A "Fixed before branching point" +4.19-upstream-stable: N/A "Vulnerable code not present" +4.9-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.10.4-1) +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: N/A "Vulnerable code not present" +4.9-stretch-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2022-21499 b/retired/CVE-2022-21499 new file mode 100644 index 00000000..fe49bebb --- /dev/null +++ b/retired/CVE-2022-21499 @@ -0,0 +1,19 @@ +Description: lockdown: also lock down previous kgdb use +References: + https://www.openwall.com/lists/oss-security/2022/05/24/7 +Notes: + carnil> Lockdown firstly introduced upstream in 5.4-rc1. On the other + carnil> hand though, Debian ships since 4.11-1~exp1 the lockdown + carnil> patches (replaced from the securelevel patch). Issue possibly + carnil> as well present already in the securelevel patchset. + carnil> Fixed as well in 5.17.10 for 5.17.y. + bwh> I think we can ignore this since we don't enable kgdb. +Bugs: +upstream: released (5.19-rc1) [eadb2f47a3ced5c64b23b90fd2a3463f63726066] +5.10-upstream-stable: released (5.10.119) [a8f4d63142f947cd22fa615b8b3b8921cdaf4991] +4.19-upstream-stable: N/A "Vulnerable code not present" +4.9-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.17.11-1) +5.10-bullseye-security: released (5.10.120-1) +4.19-buster-security: ignored "CONFIG_KGDB not enabled" +4.9-stretch-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2022-2153 b/retired/CVE-2022-2153 new file mode 100644 index 00000000..bace9fbb --- /dev/null +++ b/retired/CVE-2022-2153 @@ -0,0 +1,21 @@ +Description: KVM: NULL pointer dereference in kvm_irq_delivery_to_apic_fast() +References: + https://bugzilla.redhat.com/show_bug.cgi?id=2069736 + https://www.openwall.com/lists/oss-security/2022/06/22/1 +Notes: + carnil> Fixed as well in 5.16.19 for 5.16.y and 5.17.2 for 5.17.y. The + carnil> last commit of the series was as well backported to 5.10.110, + carnil> 4.19.238 and 4.9.311. + carnil> According to the oss-security reference the main fix seems to + carnil> be pin-pointed at 00b5f37189d2 ("KVM: x86: Avoid theoretical + carnil> NULL pointer dereference in kvm_irq_delivery_to_apic_fast()") + carnil> which would not yet be included in 5.10.y and older. +Bugs: +upstream: released (5.18-rc1) [7ec37d1cbe17d8189d9562178d8b29167fe1c31a, 00b5f37189d24ac3ed46cb7f11742094778c46ce, b1e34d325397a33d97d845e312d7cf2a8b646b44] +5.10-upstream-stable: released (5.10.110) [09c771c45c1243e295470225aaee726693fdc242] +4.19-upstream-stable: released (4.19.238) [2f4835b5188f3b73b2b048a761ae2553e845b027] +4.9-upstream-stable: released (4.9.311) [95d51d058680766130098287f680474bc55f1679] +sid: released (5.17.3-1) +5.10-bullseye-security: released (5.10.113-1) +4.19-buster-security: released (4.19.249-1) +4.9-stretch-security: released (4.9.320-2) diff --git a/retired/CVE-2022-23036 b/retired/CVE-2022-23036 new file mode 100644 index 00000000..4d6320c8 --- /dev/null +++ b/retired/CVE-2022-23036 @@ -0,0 +1,14 @@ +Description: +References: + https://xenbits.xen.org/xsa/advisory-396.html +Notes: + carnil> Released as well in 5.16.14 for 5.16.y. +Bugs: +upstream: released (5.17-rc8) [6b1775f26a2da2b05a6dc8ec2b5d14e9a4701a1a, abf1fd5919d6238ee3bc5eb4a9b6c3947caa6638] +5.10-upstream-stable: released (5.10.105) [3d81e85f30a8f712c3e4f2a507553d9063a20ed6, 96219af4e504d0e96a231a0ba86062ec5b3af979] +4.19-upstream-stable: released (4.19.234) [17659846fe336366b1663194f5669d10f5947f53, 423a3a50dce9a48d10d2d2a70cd2f78064c13703] +4.9-upstream-stable: released (4.9.306) [73e1d9b33f2bd93ce30719dfc8990b6328243b7e, f306575016dcf47ed6cd40e1fe872a4d8c665a8b] +sid: released (5.16.14-1) +5.10-bullseye-security: released (5.10.106-1) +4.19-buster-security: released (4.19.235-1) +4.9-stretch-security: released (4.9.320-2) diff --git a/retired/CVE-2022-23037 b/retired/CVE-2022-23037 new file mode 100644 index 00000000..2f67473a --- /dev/null +++ b/retired/CVE-2022-23037 @@ -0,0 +1,14 @@ +Description: +References: + https://xenbits.xen.org/xsa/advisory-396.html +Notes: + carnil> Released as well in 5.16.14 for 5.16.y. +Bugs: +upstream: released (5.17-rc8) [31185df7e2b1d2fa1de4900247a12d7b9c7087eb] +5.10-upstream-stable: released (5.10.105) [f6690dd9446a2a4bd9b024f00f71dd827a98317f] +4.19-upstream-stable: released (4.19.234) [927e4eb8ddf4968b6a33be992b28063f84552c72] +4.9-upstream-stable: released (4.9.306) [1112bb311ec13e7e6e7045ae4a0b7091bedc6b7a] +sid: released (5.16.14-1) +5.10-bullseye-security: released (5.10.106-1) +4.19-buster-security: released (4.19.235-1) +4.9-stretch-security: released (4.9.320-2) diff --git a/retired/CVE-2022-23038 b/retired/CVE-2022-23038 new file mode 100644 index 00000000..e5746e9e --- /dev/null +++ b/retired/CVE-2022-23038 @@ -0,0 +1,14 @@ +Description: +References: + https://xenbits.xen.org/xsa/advisory-396.html +Notes: + carnil> Released as well in 5.16.14 for 5.16.y. +Bugs: +upstream: released (5.17-rc8) [6b1775f26a2da2b05a6dc8ec2b5d14e9a4701a1a, 33172ab50a53578a95691310f49567c9266968b0] +5.10-upstream-stable: released (5.10.105) [3d81e85f30a8f712c3e4f2a507553d9063a20ed6, 3047255182774266950b22acc29c22a2d76e859e] +4.19-upstream-stable: released (4.19.234) [17659846fe336366b1663194f5669d10f5947f53, 62a696c15cfcfd32527f81ca3d94f2bde57475dc] +4.9-upstream-stable: released (4.9.306) [73e1d9b33f2bd93ce30719dfc8990b6328243b7e, 98bdfdf89e987406f4afdc7694cbdbb715383d8e] +sid: released (5.16.14-1) +5.10-bullseye-security: released (5.10.106-1) +4.19-buster-security: released (4.19.235-1) +4.9-stretch-security: released (4.9.320-2) diff --git a/retired/CVE-2022-23039 b/retired/CVE-2022-23039 new file mode 100644 index 00000000..111adac2 --- /dev/null +++ b/retired/CVE-2022-23039 @@ -0,0 +1,14 @@ +Description: +References: + https://xenbits.xen.org/xsa/advisory-396.html +Notes: + carnil> Released as well in 5.16.14 for 5.16.y. +Bugs: +upstream: released (5.17-rc8) [d3b6372c5881cb54925212abb62c521df8ba4809] +5.10-upstream-stable: released (5.10.105) [5f36ae75b847e7f87e4144602f418a624ca074b7] +4.19-upstream-stable: released (4.19.234) [fbc57368ea527dcfa909908fc47a851a56e4e5ce] +4.9-upstream-stable: released (4.9.306) [97b835c6de03a24db79d374b02d532f0b562fd38] +sid: released (5.16.14-1) +5.10-bullseye-security: released (5.10.106-1) +4.19-buster-security: released (4.19.235-1) +4.9-stretch-security: released (4.9.320-2) diff --git a/retired/CVE-2022-23040 b/retired/CVE-2022-23040 new file mode 100644 index 00000000..54b1f9b6 --- /dev/null +++ b/retired/CVE-2022-23040 @@ -0,0 +1,14 @@ +Description: +References: + https://xenbits.xen.org/xsa/advisory-396.html +Notes: + carnil> Released as well in 5.16.14 for 5.16.y. +Bugs: +upstream: released (5.17-rc8) [3777ea7bac3113005b7180e6b9dadf16d19a5827] +5.10-upstream-stable: released (5.10.105) [5c600371b8fd02cbbb0eb83a9f664e3f0b75c28e] +4.19-upstream-stable: released (4.19.234) [8d521d960aef22781ff499e16899c30af899de8d] +4.9-upstream-stable: released (4.9.306) [8f80d12f6946a6fe7c64bfc204c062a57f83c7f8] +sid: released (5.16.14-1) +5.10-bullseye-security: released (5.10.106-1) +4.19-buster-security: released (4.19.235-1) +4.9-stretch-security: released (4.9.320-2) diff --git a/retired/CVE-2022-23041 b/retired/CVE-2022-23041 new file mode 100644 index 00000000..5ebc6ccd --- /dev/null +++ b/retired/CVE-2022-23041 @@ -0,0 +1,14 @@ +Description: +References: + https://xenbits.xen.org/xsa/advisory-396.html +Notes: + carnil> Released as well in 5.16.14 for 5.16.y. +Bugs: +upstream: released (5.17-rc8) [5cadd4bb1d7fc9ab201ac14620d1a478357e4ebd, b0576cc9c6b843d99c6982888d59a56209341888, 42baefac638f06314298087394b982ead9ec444b] +5.10-upstream-stable: released (5.10.105) [8357d75bfdb85ea63253cf369f405830c7b13d78, c4b16486d6023f6365a4f8671351961e97428f2d, 39c00d09286c67567cdf23ebc8e00e47722ef769] +4.19-upstream-stable: released (4.19.234) [2466bed361f3274e3e0ca9d8e539532481c06fea, f85d03f0f482cc28a2ee15a1fed2ae57ae359412, 92dc0e4a219602242407dedd987dc9c8263c959b] +4.9-upstream-stable: released (4.9.306) [ae6f8a67b98144827e78874c8dba41cccb02be5b] +sid: released (5.16.14-1) +5.10-bullseye-security: released (5.10.106-1) +4.19-buster-security: released (4.19.235-1) +4.9-stretch-security: released (4.9.320-2) diff --git a/retired/CVE-2022-23042 b/retired/CVE-2022-23042 new file mode 100644 index 00000000..0aa5c352 --- /dev/null +++ b/retired/CVE-2022-23042 @@ -0,0 +1,14 @@ +Description: +References: + https://xenbits.xen.org/xsa/advisory-396.html +Notes: + carnil> Released as well in 5.16.14 for 5.16.y. +Bugs: +upstream: released (5.17-rc8) [66e3531b33ee51dad17c463b4d9c9f52e341503d] +5.10-upstream-stable: released (5.10.105) [206c8e271ba2630f1d809123945d9c428f93b0f0] +4.19-upstream-stable: released (4.19.234) [c307029d811e03546d18d0e512fe295b3103b8e5] +4.9-upstream-stable: released (4.9.306) [c4497b057b14274e159434f0ed70439a21f3d2a9] +sid: released (5.16.14-1) +5.10-bullseye-security: released (5.10.106-1) +4.19-buster-security: released (4.19.235-1) +4.9-stretch-security: released (4.9.320-2) diff --git a/retired/CVE-2022-23960 b/retired/CVE-2022-23960 new file mode 100644 index 00000000..ac071708 --- /dev/null +++ b/retired/CVE-2022-23960 @@ -0,0 +1,18 @@ +Description: +References: + https://www.vusec.net/projects/bhi-spectre-bhb/ + https://github.com/vusec/bhi-spectre-bhb + https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/spectre-bhb +Notes: + carnil> Released as well in 5.16.14 for 5.16.y. + carnil> For 4.19.y and 4.9.y the arm64 patches are not yet included in + carnil> 4.19.234 and 4.9.306. +Bugs: +upstream: released (5.17-rc8) [9dd78194a3722fa6712192cdd4f7032d45112a9a, 04e91b7324760a377a725e218b5ee783826d30f5, 8d9d651ff2270a632e9dc497b142db31e8911315, b9baf5c8c5c356757f4f9d8180b5e9d234065bc3, 25875aa71dfefd1959f07e626c4d285b88b27ac2, 4330e2c5c04c27bebf89d34e0bc14e6943413067, 1b33d4860deaecf1d8eec3061b7e7ed7ab0bae8d, 5bdf3437603d4af87f9c7f424b0c8aeed2420745, d739da1694a0eaef0358a42b76904b611539b77b, 03aff3a77a58b5b52a77e00537a42090ad57b80b, c091fb6ae059cda563b2a4d93fdbc548ef34e1d6, 6c5bf79b69f911560fbf82214c0971af6e58e682, ed50da7764535f1e24432ded289974f2bf2b0c5a, 13d7a08352a83ef2252aeb464a5e08dfc06b5dfd, c47e4d04ba0f1ea17353d85d45f611277507e07a, a9c406e6462ff14956d690de7bbe5131a5677dc9, aff65393fa1401e034656e349abd655cfe272de0, ba2689234be92024e5635d30fe744f4853ad97db, b28a8eebe81c186fdb1a0078263b30576c8e1f42, bd09128d16fac3c34b80bd6a29088ac632e8ce09, dee435be76f4117410bbd90573a881fd33488f37, 558c303c9734af5a813739cd284879227f7297d2, a5905d6af492ee6a4a2205f0d550b3f931b03d03, 228a26b912287934789023b4132ba76065d9491c, 58c9a5060cb7cd529d49c93954cdafe81c1d642a] +5.10-upstream-stable: released (5.10.105) [b7f1e73c4ddf2044530091e69114a5fc1a1229d0, 46deb224680bb33c8e87440a7b909d16e5a7d7c5, 29d9b56df1e18a8ff2e669b79e511163972a8b65, 3f9c958e3572b19b1cfb9d28eeb15be0a5d80193, 302754d023a06171113e8fb20c7b2a18ebf9088f, f3c12fc53e0a1fffbe102a9501c7bb6efdabbe99, fc8070a9c5ad3e0ac343532df7d4d2d709b173a8, 86171569312b5870aaedc74b4b28d444c0f72105, b19eaa004f2eeae94a4fcf5f0cadac35cc579a72, 7ae8127e412361025e7b4a0e6347ca9e8f3ed109, dbcfa98539531bff0d7e4d6087741702dfa50f06, 162aa002ec1a78e91cf2f0b8e7450e2770b2941f, 97d8bdf33182494b7cb327ed555313d17d80c639, dc5b630c0d532140e194997d350f587dbcc78bfb, 7048a21086fb16ec67287a25b62e88b0cd17c8c3, 5242d6971e106be115d9dace9c1441f4a2e1cb25, d93b25a6654812e0511b71a6d4a207f6b1ce5dfe, bda89602814c69e6f027878209b0b9453133ada2, 5275fb5ea5f573ce1ecd2bf0bcd928abb916b43d, e55025063276fcf7b07e9340c38d70b04aa8a7b9, 8c691e5308c531deede16bef4f2d933d5f859ce7, 73ee716a1f6356ca86d16d4ffc97fcfc7961d3ef, 26211252c1c104732a0fea6c37645f1b670587f5, 49379552969acee3237387cc258848437e127d98, 3f21b7e355237aa2f8196ad44c2b7456a739518d, 56cf5326bdf9c20de9a45e4a7a4c0ae16833e561, 1f63326a5211208e2c5868650e47f13a9072afde, 13a807a0a080383ceab6c40e53c0228108423e51, 192023e6baf7cce7fb76ff3a5c24c55968c774ff, e192c8baa69ac8a5585d61ac535aa1e5eb795e80, 38c26bdb3cc53f219d6ab75ac1a95436f393c60f, 551717cf3b58f11311d10f70eb027d4b275135de, b65b87e718c33caa46d5246d8fbeda895aa9cf5b] +4.19-upstream-stable: released (4.19.234) [dc64af755099d1e51fd64e99fe3a59b75595814a, 45c25917ceb7a5377883ef4c3a675276fba8a268, 67e1f18a972be16363c6e88d7b29cde880774164, 99e14db3b711c27f93079ba9d7f2fff169916d5f, 29db7e4b67fccf5e1fe28ec89f2add90ce74d77b], released (4.19.236) [e8bfe29afc09ac77b347540a0f4c789e6530a436, 87eccd56c52fcdd6c55b048d789da5c9c2e51ed3, 51acb81130d1feee7fd043760b75f5377ab8d4f0, 266b1ef1368e06ac4c5a89eb9774ef2bbaa54e19, ebcdd80d0016c7445e8395cec99b9ce266a26001, af484e69b5e83095609d8b5c8abaf13a5460229e, f689fa53bb944873f75fe1584f446cae1aabd2c1, 9e056623dfc538909ed2a914f70a66d68ec71ec3, 22fdfcf1c2cea8e6dc383d46cbbe59d476d24a96, 901c0a20aa94d09a9328899e2dd69a8d43a3a920, 91429ed04ebe9dbec88f97c6fd136b722bc3f3c5, e18876b523d5f5fd8b8f34721f60a470caf20aa1, 5b5ca2608fbd6f250281b6a1d0d73613f250e6f1, 7b012f6597e55a2ea4c7efe94b5d9a792b6e5757, a68912a3ae3413be5febcaa40e7e0ec1fd62adee, c20d551744797000c4af993f7d59ef8c69732949, 5f051d32b03f08a0507ac1afd7b9c0a30c8e5d59, a44e7ddb5822b943cd50c5ad6a2541fb445d58bd, ed5dec3fae86f20db52930e1d9a7cc38403994cc] +4.9-upstream-stable: released (4.9.306) [b24d4041cfb6dab83f9edf40573375bd1365e619, dfea9912129157ba3c5a9d060e58df17fb688e72, 964aafb29a07cb7cdea71ef41a75394e879f529c, da3dfb69bbc3fdfeb3e5930fe28bcd689751a594, 48b1aa98e19d189703d518166ddb2520164b3164], released (4.9.310) [0a59e9cf1f29f446ab5a3dc91a23af8ca0cf5bea, 6835855140dc7adecd5af713a17d488f93fd8226, a212d166a9d7c35e56ba11f15d6706eee3dd499b, ee04ed16acb65f7dfde8cb74ae774f4314c5c816, 99cbe345732d49d4626052908754259ac9222bb2, 2ce6f5deed712c6768e5b19ac4e23d4aaa828ff4, 283bcb8f640ecc3e4a74f5084c15cdd9ce350951, 1f7da613bf57d10b0ff6807b36bd7eda27482ab6, bd69a09d7d229303286a685f59b9033c384f72b1, 944ecb18c729545ea73c53f9ee9b802637c549d0, ac965734ce0f87c194f0a666889a4f37436b2421, 218ddd9cb91e7bc0bb69d53fc40f600b0b217a16, aee10c2dd01383a8a01111d647b6e17b9a3cc791, 1451b7fe7a3689113e70d2936b92fa4d50e68371, 094a410426b4a5cbb0d68609050a15110124aeda, 4dd8aae585a51a1d276911fe19096ad90144e9fe, df0448480b9c2f0a2f5a5055e04afa80bf0a5301, 9396d5ede3df91cc71c70a7fb11826a10c34e775, 7815cbf19ac47ca0cc22b0d8aa25d6ec6ab2ad81] +sid: released (5.16.14-1) +5.10-bullseye-security: released (5.10.106-1) +4.19-buster-security: released (4.19.235-1), released (4.19.249-1) +4.9-stretch-security: released (4.9.320-2) diff --git a/retired/CVE-2022-24958 b/retired/CVE-2022-24958 new file mode 100644 index 00000000..4728813a --- /dev/null +++ b/retired/CVE-2022-24958 @@ -0,0 +1,13 @@ +Description: drivers/usb/gadget/legacy/inode.c mishandles dev->buf release +References: +Notes: + carnil> Fixed as well in 5.16.13 for 5.16.y series. +Bugs: +upstream: released (5.17-rc1) [89f3594d0de58e8a57d92d497dea9fee3d4b9cda, 501e38a5531efbd77d5c73c0ba838a889bfc1d74] +5.10-upstream-stable: released (5.10.104) [c13159a588818a1d2cd6519f4d3b6f7e17a9ffbd, fdd64084e405544c5c11841ca9261785c988e2a1] +4.19-upstream-stable: released (4.19.233) [70196d12856306a17ddc3eae0f022b9c1d748e52, 6b432b7b5a77e8bfd041da0ba00c98fa31097c4e] +4.9-upstream-stable: released (4.9.305) [be1bb345f180482b0e57768d967ef020d7cba592, e09100044e658fb7906494ed5109323ba64f3e7a] +sid: released (5.16.14-1) +5.10-bullseye-security: released (5.10.106-1) +4.19-buster-security: released (4.19.235-1) +4.9-stretch-security: released (4.9.320-2) diff --git a/retired/CVE-2022-26490 b/retired/CVE-2022-26490 new file mode 100644 index 00000000..f75cc711 --- /dev/null +++ b/retired/CVE-2022-26490 @@ -0,0 +1,17 @@ +Description: nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION +References: +Notes: + bwh> Driver is not enabled in Debian configurations. I think that + bwh> the messages being parsed are generated by device firmware, + bwh> which would make this hard to exploit. + bwh> The same bug exists in the similar st-nci driver. + carnil> Fixed as well in 5.16.18 for 5.16.y. +Bugs: +upstream: released (5.17-rc1) [4fbcc1a4cb20fe26ad0225679c536c80f1648221] +5.10-upstream-stable: released (5.10.109) [25c23fe40e6e1ef8e6d503c52b4f518b2e520ab7] +4.19-upstream-stable: released (4.19.237) [0043b74987acb44f1ade537aad901695511cfebe] +4.9-upstream-stable: released (4.9.309) [c1184fa07428fb81371d5863e09795f0d06d35cf] +sid: released (5.16.18-1) +5.10-bullseye-security: released (5.10.113-1) +4.19-buster-security: released (4.19.249-1) +4.9-stretch-security: released (4.9.320-2) diff --git a/retired/CVE-2022-26966 b/retired/CVE-2022-26966 new file mode 100644 index 00000000..63292a37 --- /dev/null +++ b/retired/CVE-2022-26966 @@ -0,0 +1,12 @@ +Description: sr9700: sanity check for packet length +References: +Notes: +Bugs: +upstream: released (5.17-rc6) [e9da0b56fe27206b49f39805f7dcda8a89379062] +5.10-upstream-stable: released (5.10.103) [4f5f5411f0c14ac0b61d5e6a77d996dd3d5b5fd3] +4.19-upstream-stable: released (4.19.232) [dde5ddf02a47487dd6efcc7077307f1d4e1ba337] +4.9-upstream-stable: released (4.9.304) [89260e0e191e8a3a9872f72836bdf0641853c87f] +sid: released (5.16.12-1) +5.10-bullseye-security: released (5.10.103-1) +4.19-buster-security: released (4.19.232-1) +4.9-stretch-security: released (4.9.320-2) diff --git a/retired/CVE-2022-27223 b/retired/CVE-2022-27223 new file mode 100644 index 00000000..bd3dedb5 --- /dev/null +++ b/retired/CVE-2022-27223 @@ -0,0 +1,12 @@ +Description: USB: gadget: validate endpoint index for xilinx udc +References: +Notes: +Bugs: +upstream: released (5.17-rc6) [7f14c7227f342d9932f9b918893c8814f86d2a0d] +5.10-upstream-stable: released (5.10.103) [bfa8ffbaaaaf9752f66bc7cabcef2de715e7621f] +4.19-upstream-stable: released (4.19.232) [ebc465e894890a534ce05e035eae4829a2a47ba1] +4.9-upstream-stable: released (4.9.304) [958b6ab4d70bf991e8c90233504d4cb863aaef8a] +sid: released (5.16.12-1) +5.10-bullseye-security: released (5.10.103-1) +4.19-buster-security: released (4.19.232-1) +4.9-stretch-security: released (4.9.320-2) diff --git a/retired/CVE-2022-27666 b/retired/CVE-2022-27666 new file mode 100644 index 00000000..66cf9b79 --- /dev/null +++ b/retired/CVE-2022-27666 @@ -0,0 +1,15 @@ +Description: esp: Fix possible buffer overflow in ESP transformation +References: + https://bugzilla.redhat.com/show_bug.cgi?id=2061633 +Notes: + carnil> For 5.16.y fixed as well in 5.16.15. + bwh> Introduced in 4.11 by commits referenced in the fix. +Bugs: +upstream: released (5.17-rc8) [ebe48d368e97d007bfeb76fcb065d6cfc4c96645] +5.10-upstream-stable: released (5.10.108) [9248694dac20eda06e22d8503364dc9d03df4e2f] +4.19-upstream-stable: released (4.19.237) [ce89087966651ad41e103770efc5ce2742046284] +4.9-upstream-stable: N/A "Vulnerability introduced later" +sid: released (5.16.18-1) +5.10-bullseye-security: released (5.10.113-1) +4.19-buster-security: released (4.19.249-1) +4.9-stretch-security: N/A "Vulnerability introduced later" diff --git a/retired/CVE-2022-28356 b/retired/CVE-2022-28356 new file mode 100644 index 00000000..1ed80dde --- /dev/null +++ b/retired/CVE-2022-28356 @@ -0,0 +1,13 @@ +Description: llc: fix netdevice reference leaks in llc_ui_bind() +References: + https://www.openwall.com/lists/oss-security/2022/04/06/1 +Notes: +Bugs: +upstream: released (5.18-rc1) [764f4eb6846f5475f1244767d24d25dd86528a4a] +5.10-upstream-stable: released (5.10.109) [571df3393f523b59cba87e2f3e80a3a624030f9c] +4.19-upstream-stable: released (4.19.237) [d14193111c436fc5de33206c67c7afd45c730099] +4.9-upstream-stable: released (4.9.309) [0a7aad979bfb43c4a78d33a5f356caf4ceb28bca] +sid: released (5.16.18-1) +5.10-bullseye-security: released (5.10.113-1) +4.19-buster-security: released (4.19.249-1) +4.9-stretch-security: released (4.9.320-2) diff --git a/retired/CVE-2022-28388 b/retired/CVE-2022-28388 new file mode 100644 index 00000000..8a713528 --- /dev/null +++ b/retired/CVE-2022-28388 @@ -0,0 +1,15 @@ +Description: can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path +References: +Notes: + carnil> For 5.16.y fixed as well in 5.16.19 and for 5.17.y fixed in + carnil> 5.17.2. + bwh> The fix says this bug was present since the driver was added in 3.9. +Bugs: +upstream: released (5.18-rc1) [3d3925ff6433f98992685a9679613a2cc97f3ce2] +5.10-upstream-stable: released (5.10.110) [5318cdf4fd834856ce71238b064f35386f9ef528] +4.19-upstream-stable: released (4.19.240) [8eb78da898079c0d7250c32ebf0c35fb81737abe] +4.9-upstream-stable: needed +sid: released (5.17.3-1) +5.10-bullseye-security: released (5.10.113-1) +4.19-buster-security: released (4.19.249-1) +4.9-stretch-security: ignored "EOL" diff --git a/retired/CVE-2022-28389 b/retired/CVE-2022-28389 new file mode 100644 index 00000000..983d813e --- /dev/null +++ b/retired/CVE-2022-28389 @@ -0,0 +1,15 @@ +Description: can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path +References: +Notes: + carnil> For 5.16.y fixed as well in 5.16.19 and for 5.17.y fixed in + carnil> 5.17.2. + bwh> The fix says this bug was present since the driver was added in 4.12. +Bugs: +upstream: released (5.18-rc1) [04c9b00ba83594a29813d6b1fb8fdc93a3915174] +5.10-upstream-stable: released (5.10.110) [0801a51d79389282c1271e623613b2e1886e071e] +4.19-upstream-stable: released (4.19.238) [a8bba9fd73775e66b4021b18f2193f769ce48a59] +4.9-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.17.3-1) +5.10-bullseye-security: released (5.10.113-1) +4.19-buster-security: released (4.19.249-1) +4.9-stretch-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2022-28390 b/retired/CVE-2022-28390 new file mode 100644 index 00000000..0139eb82 --- /dev/null +++ b/retired/CVE-2022-28390 @@ -0,0 +1,15 @@ +Description: can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path +References: +Notes: + carnil> For 5.16.y fixed as well in 5.16.19 and for 5.17.y as well in + carnil> 5.17.2. + bwh> The fix says this bug was present since the driver was added in 2.6.32. +Bugs: +upstream: released (5.18-rc1) [c70222752228a62135cee3409dccefd494a24646] +5.10-upstream-stable: released (5.10.110) [b417f9c50586588754b2b0453a1f99520cf7c0e8] +4.19-upstream-stable: released (4.19.238) [dec3ed0c76483748268bf36ec278af660b0f80ba] +4.9-upstream-stable: released (4.9.311) [e9c4ee674586ff0b098d17638af719aa56c9c272] +sid: released (5.17.3-1) +5.10-bullseye-security: released (5.10.113-1) +4.19-buster-security: released (4.19.249-1) +4.9-stretch-security: released (4.9.320-2) diff --git a/retired/CVE-2022-29581 b/retired/CVE-2022-29581 new file mode 100644 index 00000000..7ab64aba --- /dev/null +++ b/retired/CVE-2022-29581 @@ -0,0 +1,15 @@ +Description: net/sched: cls_u32: fix netns refcount changes in u32_change() +References: + https://www.openwall.com/lists/oss-security/2022/05/18/2 +Notes: + carnil> Introduced in 35c55fc156d8 ("cls_u32: use tcf_exts_get_net() + carnil> before call_rcu()" in 4.14. +Bugs: +upstream: released (5.18-rc4) [3db09e762dc79584a69c10d74a6b98f89a9979f8] +5.10-upstream-stable: released (5.10.113) [43ce33a68e2bcc431097e1075aad5393d0bf53ba] +4.19-upstream-stable: released (4.19.241) [75b0cc7904da7b40c6e8f2cf3ec4223b292b1184] +4.9-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.17.6-1) +5.10-bullseye-security: released (5.10.113-1) +4.19-buster-security: released (4.19.249-1) +4.9-stretch-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2022-30594 b/retired/CVE-2022-30594 new file mode 100644 index 00000000..62b30310 --- /dev/null +++ b/retired/CVE-2022-30594 @@ -0,0 +1,13 @@ +Description: ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE +References: + https://bugs.chromium.org/p/project-zero/issues/detail?id=2276 +Notes: +Bugs: +upstream: released (5.18-rc1) [ee1fee900537b5d9560e9f937402de5ddc8412f3] +5.10-upstream-stable: released (5.10.110) [5a41a3033a9344d7683340e3d83f5435ffb06501] +4.19-upstream-stable: released (4.19.238) [b1f438f872dcda10a79e6aeaf06fd52dfb15a6ab] +4.9-upstream-stable: released (4.9.311) [4f96b94a8342fac058117962f1a76fc7ebd1c245] +sid: released (5.17.3-1) +5.10-bullseye-security: released (5.10.113-1) +4.19-buster-security: released (4.19.249-1) +4.9-stretch-security: released (4.9.320-2) diff --git a/retired/CVE-2022-32250 b/retired/CVE-2022-32250 new file mode 100644 index 00000000..1b2ab71c --- /dev/null +++ b/retired/CVE-2022-32250 @@ -0,0 +1,15 @@ +Description: netfilter: nf_tables: disallow non-stateful expression in sets earlier +References: + https://www.openwall.com/lists/oss-security/2022/05/31/1 + https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/net/netfilter?id=520778042ccca019f3ffa136dd0ca565c486cedd +Notes: + carnil> For 5.17.y fixed in 5.17.13 and for 5.18.y fixed in 5.18.2 +Bugs: +upstream: released (5.19-rc1) [520778042ccca019f3ffa136dd0ca565c486cedd] +5.10-upstream-stable: released (5.10.120) [ea62d169b6e731e0b54abda1d692406f6bc6a696] +4.19-upstream-stable: released (4.19.247) [ed44398b45add3d9be56b7457cc9e05282e518b4] +4.9-upstream-stable: released (4.9.318) [94e9b75919619ba8c4072abc4917011a7a888a79] +sid: released (5.18.2-1) +5.10-bullseye-security: released (5.10.120-1) +4.19-buster-security: released (4.19.249-1) +4.9-stretch-security: released (4.9.320-2) diff --git a/retired/CVE-2022-32296 b/retired/CVE-2022-32296 new file mode 100644 index 00000000..c2772817 --- /dev/null +++ b/retired/CVE-2022-32296 @@ -0,0 +1,13 @@ +Description: tcp: increase source port perturb table to 2^16 +References: +Notes: + bwh> This seems to be a duplicate of CVE-2022-1012. +Bugs: +upstream: released (5.18-rc6) [4c2c8f03a5ab7cb04ec64724d7d176d00bcc91e5] +5.10-upstream-stable: released (5.10.125) [9429b75bc271b6f29e50dbb0ee0751800ff87dd9] +4.19-upstream-stable: released (4.19.249) [514cd2859c5017fdc487165b093b328e24afe954] +4.9-upstream-stable: released (4.9.320) [3c78eea640f69e2198b69128173e6d65a0bcdc02] +sid: released (5.17.11-1) +5.10-bullseye-security: needed +4.19-buster-security: released (4.19.249-1) +4.9-stretch-security: released (4.9.320-2) diff --git a/retired/CVE-2022-32981 b/retired/CVE-2022-32981 new file mode 100644 index 00000000..a87ae1b1 --- /dev/null +++ b/retired/CVE-2022-32981 @@ -0,0 +1,17 @@ +Description: powerpc/32: Fix overread/overwrite of thread_struct via ptrace +References: + https://www.openwall.com/lists/oss-security/2022/06/14/3 +Notes: + carnil> Commit fixes 87fec0514f61 ("powerpc: + carnil> PTRACE_PEEKUSR/PTRACE_POKEUSER of FPR registers in little + carnil> endian builds") in 3.13-rc1. + carnil> Fixed as well in 5.18.4 for 5.18.y. +Bugs: +upstream: released (5.19-rc2) [8e1278444446fc97778a5e5c99bca1ce0bbc5ec9] +5.10-upstream-stable: released (5.10.122) [3be74fc0afbeadc2aff8dc69f3bf9716fbe66486] +4.19-upstream-stable: released (4.19.247) [a0e38a2808ea708beb4196a8873cecc23efb8e64] +4.9-upstream-stable: released (4.9.318) [89dda10b73b7ce184caf18754907126ce7ce3fad] +sid: released (5.18.5-1) +5.10-bullseye-security: ignored "no release architecture affected" +4.19-buster-security: ignored "no release architecture affected" +4.9-stretch-security: ignored "no release architecture affected" diff --git a/retired/CVE-2022-33981 b/retired/CVE-2022-33981 new file mode 100644 index 00000000..d8dd49a2 --- /dev/null +++ b/retired/CVE-2022-33981 @@ -0,0 +1,14 @@ +Description: floppy: disable FDRAWCMD by default +References: + https://bugzilla.redhat.com/show_bug.cgi?id=2080330 + https://www.openwall.com/lists/oss-security/2022/04/28/1 +Notes: +Bugs: +upstream: released (5.18-rc5) [233087ca063686964a53c829d547c7571e3f67bf] +5.10-upstream-stable: released (5.10.114) [54c028cfc49624bfc27a571b94edecc79bbaaab4] +4.19-upstream-stable: released (4.19.241) [0e535976774504af36fab1dfb54f3d4d6cc577a9] +4.9-upstream-stable: released (4.9.313) [0dd02ff72c6daf4e7800fb5dd1109fbacdde97dc] +sid: released (5.17.6-1) +5.10-bullseye-security: released (5.10.113-1) [bugfix/all/floppy-disable-FDRAWCMD-by-default.patch] +4.19-buster-security: released (4.19.249-1) +4.9-stretch-security: released (4.9.320-2) -- cgit v1.2.3