From 643a76ad6b5015ebb76b75986c3c63b83a5d2457 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 8 Jan 2019 06:55:12 +0100
Subject: Retire CVE-2018-18397

---
 retired/CVE-2018-18397 | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 retired/CVE-2018-18397

(limited to 'retired/CVE-2018-18397')

diff --git a/retired/CVE-2018-18397 b/retired/CVE-2018-18397
new file mode 100644
index 00000000..663c75cf
--- /dev/null
+++ b/retired/CVE-2018-18397
@@ -0,0 +1,18 @@
+Description: userfaultfd bypasses tmpfs file permissions
+References:
+ https://lore.kernel.org/lkml/20181126173452.26955-1-aarcange@redhat.com/T/#u
+ https://bugzilla.redhat.com/show_bug.cgi?id=1641548
+ https://bugs.chromium.org/p/project-zero/issues/detail?id=1700
+ https://www.openwall.com/lists/oss-security/2018/12/12/1
+Notes:
+ carnil> Commit series fixes 4c27fe4c4c84 ("userfaultfd: shmem: add
+ carnil> shmem_mcopy_atomic_pte for userfaultfd support") which is added
+ carnil> in 4.11-rc1.
+Bugs:
+upstream: released (4.20-rc5) [9e368259ad988356c4c95150fafd1a06af095d98, 5b51072e97d587186c2f5390c8c9c1fb7e179505, 29ec90660d68bbdd69507c1c8b4e33aa299278b1, e2a50c1f64145a04959df2442305d57307e5395a, dcf7fe9d89763a28e0f43975b422ff141fe79e43]
+4.19-upstream-stable: released (4.19.8) [10f98c134b02d11923d45ce6688c2479435e8ec9, 6e44dd02c95508f6df5eca4d46adbb75233ea181, 34b7a7cc5321a1b5e13320443557ba1cb11b42e7, 4ce337622f2bbc0df61b0b76aa60388f5def5646, 8f193a716e56f30e36a4c851e59bf6fa74af8d9f]
+4.9-upstream-stable: N/A "Vulnerable code introduced later"
+3.16-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (4.19.9-1)
+4.9-stretch-security: N/A "Vulnerable code not present"
+3.16-jessie-security: N/A "Vulnerable code not present"
-- 
cgit v1.2.3