From 573722f99f147d13a7439fbf1468b9db54732c51 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 8 Jan 2018 20:55:19 +0100
Subject: Retire CVE-2017-15128

---
 retired/CVE-2017-15128 | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 retired/CVE-2017-15128

(limited to 'retired/CVE-2017-15128')

diff --git a/retired/CVE-2017-15128 b/retired/CVE-2017-15128
new file mode 100644
index 000000000..730d732a2
--- /dev/null
+++ b/retired/CVE-2017-15128
@@ -0,0 +1,15 @@
+Description: Out of bound access in hugetlb_mcopy_atomic_pte function in mm/hugetlb.c
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1525222
+Notes:
+ bwh> The affected function was added in 4.11 by commit 8fb5debc5fcd "userfaultfd:
+ bwh> hugetlbfs: add hugetlb_mcopy_atomic_pte for userfaultfd support".
+Bugs:
+upstream: released (4.14-rc8) [1e3921471354244f70fe268586ff94a97a6dd4df]
+4.9-upstream-stable: N/A "Vulnerable code not present"
+3.16-upstream-stable: N/A "Vulnerable code not present"
+3.2-upstream-stable: N/A "Vulnerable code not present"
+sid: released (4.13.13-1)
+4.9-stretch-security: N/A "Vulnerable code not present"
+3.16-jessie-security: N/A "Vulnerable code not present"
+3.2-wheezy-security: N/A "Vulnerable code not present"
-- 
cgit v1.2.3