From 8d4ad66590c24443c291c21b59dacbfd56251598 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 27 Feb 2024 20:23:54 +0100
Subject: Retire CVEs fixed everywhere

---
 retired/CVE-2021-46907 | 16 ++++++++++++++++
 retired/CVE-2021-46908 | 16 ++++++++++++++++
 retired/CVE-2021-46909 | 16 ++++++++++++++++
 retired/CVE-2021-46910 | 16 ++++++++++++++++
 retired/CVE-2021-46911 | 16 ++++++++++++++++
 retired/CVE-2021-46912 | 17 +++++++++++++++++
 retired/CVE-2021-46913 | 16 ++++++++++++++++
 retired/CVE-2021-46914 | 16 ++++++++++++++++
 retired/CVE-2021-46915 | 18 ++++++++++++++++++
 retired/CVE-2021-46916 | 16 ++++++++++++++++
 retired/CVE-2021-46917 | 16 ++++++++++++++++
 retired/CVE-2021-46918 | 16 ++++++++++++++++
 retired/CVE-2021-46919 | 16 ++++++++++++++++
 retired/CVE-2021-46920 | 16 ++++++++++++++++
 retired/CVE-2021-46921 | 16 ++++++++++++++++
 retired/CVE-2021-46922 | 16 ++++++++++++++++
 retired/CVE-2021-46923 | 16 ++++++++++++++++
 retired/CVE-2021-46924 | 16 ++++++++++++++++
 retired/CVE-2021-46927 | 16 ++++++++++++++++
 retired/CVE-2021-46929 | 16 ++++++++++++++++
 retired/CVE-2021-46930 | 16 ++++++++++++++++
 retired/CVE-2021-46931 | 16 ++++++++++++++++
 retired/CVE-2021-46932 | 16 ++++++++++++++++
 retired/CVE-2021-46933 | 16 ++++++++++++++++
 retired/CVE-2021-46934 | 16 ++++++++++++++++
 retired/CVE-2021-46935 | 16 ++++++++++++++++
 retired/CVE-2021-46936 | 16 ++++++++++++++++
 retired/CVE-2021-46937 | 16 ++++++++++++++++
 28 files changed, 451 insertions(+)
 create mode 100644 retired/CVE-2021-46907
 create mode 100644 retired/CVE-2021-46908
 create mode 100644 retired/CVE-2021-46909
 create mode 100644 retired/CVE-2021-46910
 create mode 100644 retired/CVE-2021-46911
 create mode 100644 retired/CVE-2021-46912
 create mode 100644 retired/CVE-2021-46913
 create mode 100644 retired/CVE-2021-46914
 create mode 100644 retired/CVE-2021-46915
 create mode 100644 retired/CVE-2021-46916
 create mode 100644 retired/CVE-2021-46917
 create mode 100644 retired/CVE-2021-46918
 create mode 100644 retired/CVE-2021-46919
 create mode 100644 retired/CVE-2021-46920
 create mode 100644 retired/CVE-2021-46921
 create mode 100644 retired/CVE-2021-46922
 create mode 100644 retired/CVE-2021-46923
 create mode 100644 retired/CVE-2021-46924
 create mode 100644 retired/CVE-2021-46927
 create mode 100644 retired/CVE-2021-46929
 create mode 100644 retired/CVE-2021-46930
 create mode 100644 retired/CVE-2021-46931
 create mode 100644 retired/CVE-2021-46932
 create mode 100644 retired/CVE-2021-46933
 create mode 100644 retired/CVE-2021-46934
 create mode 100644 retired/CVE-2021-46935
 create mode 100644 retired/CVE-2021-46936
 create mode 100644 retired/CVE-2021-46937

(limited to 'retired')

diff --git a/retired/CVE-2021-46907 b/retired/CVE-2021-46907
new file mode 100644
index 000000000..df7ed7f3e
--- /dev/null
+++ b/retired/CVE-2021-46907
@@ -0,0 +1,16 @@
+Description: KVM: VMX: Don't use vcpu->run->internal.ndata as an array index
+References:
+Notes:
+ carnil> Introduced in 1aa561b1a4c0 ("kvm: x86: Add "last CPU" to some KVM_EXIT
+ carnil> information"). Vulnerable versions: 5.9-rc1.
+Bugs:
+upstream: released (5.12-rc8) [04c4f2ee3f68c9a4bf1653d15f1a9a435ae33f7a]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.32) [7f64753835a78c7d2cc2932a5808ef3b7fd4c050]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46908 b/retired/CVE-2021-46908
new file mode 100644
index 000000000..4d6f52dd2
--- /dev/null
+++ b/retired/CVE-2021-46908
@@ -0,0 +1,16 @@
+Description: bpf: Use correct permission flag for mixed signed bounds arithmetic
+References:
+Notes:
+ carnil> Introduced in 2c78ee898d8f ("bpf: Implement CAP_BPF"). Vulnerable versions:
+ carnil> 5.8-rc1.
+Bugs:
+upstream: released (5.12-rc8) [9601148392520e2e134936e76788fc2a6371e7be]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.32) [4f3ff11204eac0ee23acf64deecb3bad7b0db0c6]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46909 b/retired/CVE-2021-46909
new file mode 100644
index 000000000..786d9a495
--- /dev/null
+++ b/retired/CVE-2021-46909
@@ -0,0 +1,16 @@
+Description: ARM: footbridge: fix PCI interrupt mapping
+References:
+Notes:
+ carnil> Introduced in 30fdfb929e82 ("PCI: Add a call to pci_assign_irq() in
+ carnil> pci_device_probe()"). Vulnerable versions: 4.13-rc1.
+Bugs:
+upstream: released (5.12-rc8) [30e3b4f256b4e366a61658c294f6a21b8626dda7]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.32) [1fc087fdb98d556b416c82ed6e3964a30885f47a]
+4.19-upstream-stable: released (4.19.189) [2643da6aa57920d9159a1a579fb04f89a2b0d29a]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-46910 b/retired/CVE-2021-46910
new file mode 100644
index 000000000..8a4b3734f
--- /dev/null
+++ b/retired/CVE-2021-46910
@@ -0,0 +1,16 @@
+Description: ARM: 9063/1: mm: reduce maximum number of CPUs if DEBUG_KMAP_LOCAL is enabled
+References:
+Notes:
+ carnil> Introduced in 2a15ba82fa6ca3f3 ("ARM: highmem: Switch to generic kmap atomic").
+ carnil> Vulnerable versions: 5.11-rc1.
+Bugs:
+upstream: released (5.12-rc8) [d624833f5984d484c5e3196f34b926f9e71dafee]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46911 b/retired/CVE-2021-46911
new file mode 100644
index 000000000..f2de899d7
--- /dev/null
+++ b/retired/CVE-2021-46911
@@ -0,0 +1,16 @@
+Description: ch_ktls: Fix kernel panic
+References:
+Notes:
+ carnil> Introduced in 5a4b9fe7fece ("cxgb4/chcr: complete record tx handling").
+ carnil> Vulnerable versions: 5.7-rc1.
+Bugs:
+upstream: released (5.12-rc8) [1a73e427b824133940c2dd95ebe26b6dce1cbf10]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.32) [8d5a9dbd2116a852f8f0f91f6fbc42a0afe1091f]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46912 b/retired/CVE-2021-46912
new file mode 100644
index 000000000..510fa5daf
--- /dev/null
+++ b/retired/CVE-2021-46912
@@ -0,0 +1,17 @@
+Description: net: Make tcp_allowed_congestion_control readonly in non-init netns
+References:
+Notes:
+ carnil> Introduced in 9cb8e048e5d9 ("net/ipv4/sysctl: show tcp_{allowed,
+ carnil> available}_congestion_control in non-initial netns"). Vulnerable versions:
+ carnil> 5.7-rc1.
+Bugs:
+upstream: released (5.12-rc8) [97684f0970f6e112926de631fdd98d9693c7e5c1]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.32) [35d7491e2f77ce480097cabcaf93ed409e916e12]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46913 b/retired/CVE-2021-46913
new file mode 100644
index 000000000..1b2e3ad45
--- /dev/null
+++ b/retired/CVE-2021-46913
@@ -0,0 +1,16 @@
+Description: netfilter: nftables: clone set element expression template
+References:
+Notes:
+ carnil> Introduced in 409444522976 ("netfilter: nf_tables: add elements with stateful
+ carnil> expressions"). Vulnerable versions: 5.7-rc1.
+Bugs:
+upstream: released (5.12-rc8) [4d8f9065830e526c83199186c5f56a6514f457d2]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.64) [e51ff3ffc316377cca21de8b80404eed0c37b3c3]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.70-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46914 b/retired/CVE-2021-46914
new file mode 100644
index 000000000..1ee17320b
--- /dev/null
+++ b/retired/CVE-2021-46914
@@ -0,0 +1,16 @@
+Description: ixgbe: fix unbalanced device enable/disable in suspend/resume
+References:
+Notes:
+ carnil> Introduced in 6f82b2558735 ("ixgbe: use generic power management"). Vulnerable
+ carnil> versions: 5.9-rc1.
+Bugs:
+upstream: released (5.12-rc8) [debb9df311582c83fe369baa35fa4b92e8a9c58a]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.32) [be07581aacae7cd0a073afae8e8862032f794309]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46915 b/retired/CVE-2021-46915
new file mode 100644
index 000000000..12f23b47d
--- /dev/null
+++ b/retired/CVE-2021-46915
@@ -0,0 +1,18 @@
+Description: netfilter: nft_limit: avoid possible divide error in nft_limit_init
+References:
+Notes:
+ carnil> Introduced in c26844eda9d4 ("netfilter: nf_tables: Fix nft limit burst
+ carnil> handling")
+ carnil> 3e0f64b7dd31 ("netfilter: nft_limit: fix packet ratelimiting"). Vulnerable
+ carnil> versions: 4.13 4.14.54 4.17.
+Bugs:
+upstream: released (5.12-rc8) [b895bdf5d643b6feb7c60856326dd4feb6981560]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.32) [dc1732baa9da5b68621586bf8636ebbc27dc62d2]
+4.19-upstream-stable: released (4.19.189) [fadd3c4afdf3d4c21f4d138502f8b76334987e26]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-46916 b/retired/CVE-2021-46916
new file mode 100644
index 000000000..9dc0858a9
--- /dev/null
+++ b/retired/CVE-2021-46916
@@ -0,0 +1,16 @@
+Description: ixgbe: Fix NULL pointer dereference in ethtool loopback test
+References:
+Notes:
+ carnil> Introduced in b02e5a0ebb17 ("xsk: Propagate napi_id to XDP socket Rx path").
+ carnil> Vulnerable versions: 5.11-rc1.
+Bugs:
+upstream: released (5.12-rc8) [31166efb1cee348eb6314e9c0095d84cbeb66b9d]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46917 b/retired/CVE-2021-46917
new file mode 100644
index 000000000..55b126051
--- /dev/null
+++ b/retired/CVE-2021-46917
@@ -0,0 +1,16 @@
+Description: dmaengine: idxd: fix wq cleanup of WQCFG registers
+References:
+Notes:
+ carnil> Introduced in da32b28c95a7 ("dmaengine: idxd: cleanup workqueue config after
+ carnil> disabling"). Vulnerable versions: 5.7.10 5.8-rc6.
+Bugs:
+upstream: released (5.12-rc8) [ea9aadc06a9f10ad20a90edc0a484f1147d88a7a]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.32) [e5eb9757fe4c2392e069246ae78badc573af1833]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46918 b/retired/CVE-2021-46918
new file mode 100644
index 000000000..9538121a9
--- /dev/null
+++ b/retired/CVE-2021-46918
@@ -0,0 +1,16 @@
+Description: dmaengine: idxd: clear MSIX permission entry on shutdown
+References:
+Notes:
+ carnil> Introduced in 8e50d392652f ("dmaengine: idxd: Add shared workqueue support").
+ carnil> Vulnerable versions: 5.11-rc1.
+Bugs:
+upstream: released (5.12-rc8) [6df0e6c57dfc064af330071f372f11aa8c584997]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46919 b/retired/CVE-2021-46919
new file mode 100644
index 000000000..806596d83
--- /dev/null
+++ b/retired/CVE-2021-46919
@@ -0,0 +1,16 @@
+Description: dmaengine: idxd: fix wq size store permission state
+References:
+Notes:
+ carnil> Introduced in c52ca478233c ("dmaengine: idxd: add configuration component of
+ carnil> driver"). Vulnerable versions: 5.6-rc1.
+Bugs:
+upstream: released (5.12-rc8) [0fff71c5a311e1264988179f7dcc217fda15fadd]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.32) [4ecf25595273203010bc8318c4aee60ad64037ae]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46920 b/retired/CVE-2021-46920
new file mode 100644
index 000000000..dff494e20
--- /dev/null
+++ b/retired/CVE-2021-46920
@@ -0,0 +1,16 @@
+Description: dmaengine: idxd: Fix clobbering of SWERR overflow bit on writeback
+References:
+Notes:
+ carnil> Introduced in bfe1d56091c1 ("dmaengine: idxd: Init and probe for Intel data
+ carnil> accelerators"). Vulnerable versions: 5.6-rc1.
+Bugs:
+upstream: released (5.12-rc8) [ea941ac294d75d0ace50797aebf0056f6f8f7a7f]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.32) [a5ad12d5d69c63af289a37f05187a0c6fe93553d]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46921 b/retired/CVE-2021-46921
new file mode 100644
index 000000000..39c58e999
--- /dev/null
+++ b/retired/CVE-2021-46921
@@ -0,0 +1,16 @@
+Description: locking/qrwlock: Fix ordering in queued_write_lock_slowpath()
+References:
+Notes:
+ carnil> Introduced in b519b56e378ee ("locking/qrwlock: Use atomic_cond_read_acquire()
+ carnil> when spinning in qrwlock"). Vulnerable versions: 4.15-rc1.
+Bugs:
+upstream: released (5.12) [84a24bf8c52e66b7ac89ada5e3cfbe72d65c1896]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.33) [82fa9ced35d88581cffa4a1c856fc41fca96d80a]
+4.19-upstream-stable: released (4.19.189) [5902f9453a313be8fe78cbd7e7ca9dba9319fc6e]
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/retired/CVE-2021-46922 b/retired/CVE-2021-46922
new file mode 100644
index 000000000..7187be5f0
--- /dev/null
+++ b/retired/CVE-2021-46922
@@ -0,0 +1,16 @@
+Description: KEYS: trusted: Fix TPM reservation for seal/unseal
+References:
+Notes:
+ carnil> Introduced in 8c657a0590de ("KEYS: trusted: Reserve TPM for seal and unseal
+ carnil> operations"). Vulnerable versions: 5.10.20 5.11.3 5.12-rc1.
+Bugs:
+upstream: released (5.12) [9d5171eab462a63e2fbebfccf6026e92be018f20]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.33) [bf84ef2dd2ccdcd8f2658476d34b51455f970ce4]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46923 b/retired/CVE-2021-46923
new file mode 100644
index 000000000..7d80cd805
--- /dev/null
+++ b/retired/CVE-2021-46923
@@ -0,0 +1,16 @@
+Description: fs/mount_setattr: always cleanup mount_kattr
+References:
+Notes:
+ carnil> Introduced in 9caccd41541a ("fs: introduce MOUNT_ATTR_IDMAP"). Vulnerable
+ carnil> versions: 5.12-rc1.
+Bugs:
+upstream: released (5.16-rc8) [012e332286e2bb9f6ac77d195f17e74b2963d663]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46924 b/retired/CVE-2021-46924
new file mode 100644
index 000000000..43fcf15be
--- /dev/null
+++ b/retired/CVE-2021-46924
@@ -0,0 +1,16 @@
+Description: NFC: st21nfca: Fix memory leak in device probe and remove
+References:
+Notes:
+ carnil> Introduced in 68957303f44a ("NFC: ST21NFCA: Add driver for STMicroelectronics
+ carnil> ST21NFCA NFC Chip"). Vulnerable versions: 3.16-rc1.
+Bugs:
+upstream: released (5.16-rc8) [1b9dadba502234eea7244879b8d5d126bfaf9f0c]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.90) [e553265ea56482da5700f56319fda9ff53e7dcb4]
+4.19-upstream-stable: released (4.19.224) [a1e0080a35a16ce3808f7040fe0c3a8fdb052349]
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/retired/CVE-2021-46927 b/retired/CVE-2021-46927
new file mode 100644
index 000000000..978bf177d
--- /dev/null
+++ b/retired/CVE-2021-46927
@@ -0,0 +1,16 @@
+Description: nitro_enclaves: Use get_user_pages_unlocked() call to handle mmap assert
+References:
+Notes:
+ carnil> Introduced in 5b78ed24e8ec ("mm/pagemap: add mmap_assert_locked() annotations
+ carnil> to find_vma*()"). Vulnerable versions: 5.15-rc1.
+Bugs:
+upstream: released (5.16-rc8) [3a0152b219523227c2a62a0a122cf99608287176]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46929 b/retired/CVE-2021-46929
new file mode 100644
index 000000000..a7ca45de5
--- /dev/null
+++ b/retired/CVE-2021-46929
@@ -0,0 +1,16 @@
+Description: sctp: use call_rcu to free endpoint
+References:
+Notes:
+ carnil> Introduced in d25adbeb0cdb ("sctp: fix an use-after-free issue in
+ carnil> sctp_sock_dump"). Vulnerable versions: 4.14-rc1.
+Bugs:
+upstream: released (5.16-rc8) [5ec7d18d1813a5bead0b495045606c93873aecbb]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.90) [769d14abd35e0e153b5149c3e1e989a9d719e3ff]
+4.19-upstream-stable: released (4.19.224) [af6e6e58f7ebf86b4e7201694b1e4f3a62cbc3ec]
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/retired/CVE-2021-46930 b/retired/CVE-2021-46930
new file mode 100644
index 000000000..dd7540f9d
--- /dev/null
+++ b/retired/CVE-2021-46930
@@ -0,0 +1,16 @@
+Description: usb: mtu3: fix list_head check warning
+References:
+Notes:
+ carnil> Introduced in 83374e035b62 ("usb: mtu3: add tracepoints to help debug").
+ carnil> Vulnerable versions: 5.2-rc1.
+Bugs:
+upstream: released (5.16-rc8) [8c313e3bfd9adae8d5c4ba1cc696dcbc86fbf9bf]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.90) [3b6efe0b7ba03cc2acf0694b46d6ff33c5b4c295]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46931 b/retired/CVE-2021-46931
new file mode 100644
index 000000000..3aed1e9a2
--- /dev/null
+++ b/retired/CVE-2021-46931
@@ -0,0 +1,16 @@
+Description: net/mlx5e: Wrap the tx reporter dump callback to extract the sq
+References:
+Notes:
+ carnil> Introduced in 5f29458b77d5 ("net/mlx5e: Support dump callback in TX reporter").
+ carnil> Vulnerable versions: 5.7-rc1.
+Bugs:
+upstream: released (5.16-rc8) [918fc3855a6507a200e9cf22c20be852c0982687]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.90) [73665165b64a8f3c5b3534009a69be55bb744f05]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46932 b/retired/CVE-2021-46932
new file mode 100644
index 000000000..102701cf5
--- /dev/null
+++ b/retired/CVE-2021-46932
@@ -0,0 +1,16 @@
+Description: Input: appletouch - initialize work before device registration
+References:
+Notes:
+ carnil> Introduced in 5a6eb676d3bc ("Input: appletouch - improve powersaving for
+ carnil> Geyser3 devices"). Vulnerable versions: 2.6.23-rc1.
+Bugs:
+upstream: released (5.16-rc8) [9f3ccdc3f6ef10084ceb3a47df0961bec6196fd0]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.90) [9f329d0d6c91142cf0ad08d23c72dd195db2633c]
+4.19-upstream-stable: released (4.19.224) [a02e1404e27855089d2b0a0acc4652c2ce65fe46]
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/retired/CVE-2021-46933 b/retired/CVE-2021-46933
new file mode 100644
index 000000000..c76401b05
--- /dev/null
+++ b/retired/CVE-2021-46933
@@ -0,0 +1,16 @@
+Description: usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear.
+References:
+Notes:
+ carnil> Introduced in 5e33f6fdf735 ("usb: gadget: ffs: add eventfd notification about
+ carnil> ffs events"). Vulnerable versions: 4.0-rc1.
+Bugs:
+upstream: released (5.16-rc8) [b1e0887379422975f237d43d8839b751a6bcf154]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.90) [1c4ace3e6b8575745c50dca9e76e0021e697d645]
+4.19-upstream-stable: released (4.19.224) [33f6a0cbb7772146e1c11f38028fffbfed14728b]
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/retired/CVE-2021-46934 b/retired/CVE-2021-46934
new file mode 100644
index 000000000..1a736ef4a
--- /dev/null
+++ b/retired/CVE-2021-46934
@@ -0,0 +1,16 @@
+Description: i2c: validate user data in compat ioctl
+References:
+Notes:
+ carnil> Introduced in 7d5cb45655f2 ("i2c compat ioctls: move to ->compat_ioctl()").
+ carnil> Vulnerable versions: 4.15-rc1.
+Bugs:
+upstream: released (5.16-rc8) [bb436283e25aaf1533ce061605d23a9564447bdf]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.90) [8d31cbab4c295d7010ebb729e9d02d0e9cece18f]
+4.19-upstream-stable: released (4.19.224) [407c8708fb1bf2d4afc5337ef50635cf540c364b]
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/retired/CVE-2021-46935 b/retired/CVE-2021-46935
new file mode 100644
index 000000000..c60a4fb19
--- /dev/null
+++ b/retired/CVE-2021-46935
@@ -0,0 +1,16 @@
+Description: binder: fix async_free_space accounting for empty parcels
+References:
+Notes:
+ carnil> Introduced in 74310e06be4d ("android: binder: Move buffer out of area shared
+ carnil> with user space"). Vulnerable versions: 4.14-rc1.
+Bugs:
+upstream: released (5.16-rc8) [cfd0d84ba28c18b531648c9d4a35ecca89ad9901]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.90) [1cb8444f3114f0bb2f6e3bcadcf09aa4a28425d4]
+4.19-upstream-stable: released (4.19.224) [7c7064402609aeb6fb11be1b4ec10673ff17b593]
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/retired/CVE-2021-46936 b/retired/CVE-2021-46936
new file mode 100644
index 000000000..072ee1786
--- /dev/null
+++ b/retired/CVE-2021-46936
@@ -0,0 +1,16 @@
+Description: net: fix use-after-free in tw_timer_handler
+References:
+Notes:
+ carnil> Introduced in 61a7e26028b9 ("mib: put net statistics on struct net").
+ carnil> Vulnerable versions: 2.6.27-rc1.
+Bugs:
+upstream: released (5.16-rc8) [e22e45fc9e41bf9fcc1e92cfb78eb92786728ef0]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.90) [2386e81a1d277f540e1285565c9d41d531bb69d4]
+4.19-upstream-stable: released (4.19.224) [a8e1944b44f94f5c5f530e434c5eaee787254566]
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/retired/CVE-2021-46937 b/retired/CVE-2021-46937
new file mode 100644
index 000000000..627e0921c
--- /dev/null
+++ b/retired/CVE-2021-46937
@@ -0,0 +1,16 @@
+Description: mm/damon/dbgfs: fix 'struct pid' leaks in 'dbgfs_target_ids_write()'
+References:
+Notes:
+ carnil> Introduced in 4bc05954d007 ("mm/damon: implement a debugfs-based user space
+ carnil> interface"). Vulnerable versions: 5.15-rc1.
+Bugs:
+upstream: released (5.16-rc8) [ebb3f994dd92f8fb4d70c7541091216c1e10cb71]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
-- 
cgit v1.2.3