From 9a53b9c6d958966fc78a6511fbe0f7926448251a Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Sun, 24 Dec 2017 07:36:56 +0000 Subject: Retire several CVEs git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5834 e094ebfe-e918-0410-adfb-c712417f3574 --- retired/CVE-2017-15126 | 15 +++++++++++++++ retired/CVE-2017-15127 | 15 +++++++++++++++ retired/CVE-2017-16996 | 15 +++++++++++++++ retired/CVE-2017-17852 | 14 ++++++++++++++ retired/CVE-2017-17853 | 14 ++++++++++++++ retired/CVE-2017-17854 | 14 ++++++++++++++ retired/CVE-2017-17855 | 14 ++++++++++++++ retired/CVE-2017-17856 | 14 ++++++++++++++ retired/CVE-2017-17857 | 14 ++++++++++++++ 9 files changed, 129 insertions(+) create mode 100644 retired/CVE-2017-15126 create mode 100644 retired/CVE-2017-15127 create mode 100644 retired/CVE-2017-16996 create mode 100644 retired/CVE-2017-17852 create mode 100644 retired/CVE-2017-17853 create mode 100644 retired/CVE-2017-17854 create mode 100644 retired/CVE-2017-17855 create mode 100644 retired/CVE-2017-17856 create mode 100644 retired/CVE-2017-17857 (limited to 'retired') diff --git a/retired/CVE-2017-15126 b/retired/CVE-2017-15126 new file mode 100644 index 000000000..ff7cd85fe --- /dev/null +++ b/retired/CVE-2017-15126 @@ -0,0 +1,15 @@ +Description: Use-after-free in userfaultfd_event_wait_completion function in userfaultfd.c +References: + https://bugzilla.redhat.com/show_bug.cgi?id=1523481 +Notes: + bwh> Introduced in 4.11 by commit 893e26e61d04 "userfaultfd: non-cooperative: + bwh> Add fork() event". +Bugs: +upstream: released (4.14-rc4) [384632e67e0829deb8015ee6ad916b180049d252] +4.9-upstream-stable: N/A "Vulnerable code not present" +3.16-upstream-stable: N/A "Vulnerable code not present" +3.2-upstream-stable: N/A "Vulnerable code not present" +sid: released (4.13.10-1) +4.9-stretch-security: N/A "Vulnerable code not present" +3.16-jessie-security: N/A "Vulnerable code not present" +3.2-wheezy-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2017-15127 b/retired/CVE-2017-15127 new file mode 100644 index 000000000..448b80c8b --- /dev/null +++ b/retired/CVE-2017-15127 @@ -0,0 +1,15 @@ +Description: Improper error handling of VM_SHARED hugetlbfs mapping in mm/hugetlb.c +References: + https://bugzilla.redhat.com/show_bug.cgi?id=1525218 +Notes: + bwh> Appears to have been introduced in 4.11 by commit 8fb5debc5fcd "userfaultfd: + bwh> hugetlbfs: add hugetlb_mcopy_atomic_pte for userfaultfd support". +Bugs: +upstream: released (4.13-rc5) [5af10dfd0afc559bb4b0f7e3e8227a1578333995] +4.9-upstream-stable: N/A "Vulnerable code not present" +3.16-upstream-stable: N/A "Vulnerable code not present" +3.2-upstream-stable: N/A "Vulnerable code not present" +sid: released (4.13.4-1) +4.9-stretch-security: N/A "Vulnerable code not present" +3.16-jessie-security: N/A "Vulnerable code not present" +3.2-wheezy-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2017-16996 b/retired/CVE-2017-16996 new file mode 100644 index 000000000..44cdde562 --- /dev/null +++ b/retired/CVE-2017-16996 @@ -0,0 +1,15 @@ +Description: bpf: fix incorrect tracking of register size truncation +References: + https://bugs.chromium.org/p/project-zero/issues/detail?id=1454 + http://www.openwall.com/lists/oss-security/2017/12/21/2 +Notes: + carnil> Introduced in 4.14-rc1 with b03c9f9fdc37dab81ea04d5dacdc5995d4c224c2 +Bugs: +upstream: released (4.15-rc5) [0c17d1d2c61936401f4702e1846e2c19b200f958] +4.9-upstream-stable: N/A "Vulnerable code introduced in 4.14-rc1" +3.16-upstream-stable: N/A "Vulnerable code introduced in 4.14-rc1" +3.2-upstream-stable: N/A "Vulnerable code introduced in 4.14-rc1" +sid: released (4.14.7-1) [bugfix/all/bpf-fix-incorrect-tracking-of-register-size-truncati.patch] +4.9-stretch-security: N/A "Vulnerable code introduced later" +3.16-jessie-security: N/A "Vulnerable code introduced later" +3.2-wheezy-security: N/A "Vulnerable code introduced later" diff --git a/retired/CVE-2017-17852 b/retired/CVE-2017-17852 new file mode 100644 index 000000000..b9feb17e6 --- /dev/null +++ b/retired/CVE-2017-17852 @@ -0,0 +1,14 @@ +Description: bpf: fix 32-bit ALU op verification +References: + http://www.openwall.com/lists/oss-security/2017/12/21/2 +Notes: + carnil> Introduced with f1174f77b50c94eecaa658fdc56fa69b421de4b8 in v4.14-rc1. +Bugs: +upstream: released (4.15-rc5) [468f6eafa6c44cb2c5d8aad35e12f06c240a812a] +4.9-upstream-stable: N/A "Vulnerable code introduced in 4.14-rc1" +3.16-upstream-stable: N/A "Vulnerable code introduced in 4.14-rc1" +3.2-upstream-stable: N/A "Vulnerable code introduced in 4.14-rc1" +sid: released (4.14.7-1) [bugfix/all/bpf-fix-32-bit-alu-op-verification.patch] +4.9-stretch-security: N/A "Vulnerable code introduced later" +3.16-jessie-security: N/A "Vulnerable code introduced later" +3.2-wheezy-security: N/A "Vulnerable code introduced later" diff --git a/retired/CVE-2017-17853 b/retired/CVE-2017-17853 new file mode 100644 index 000000000..45ed88b0a --- /dev/null +++ b/retired/CVE-2017-17853 @@ -0,0 +1,14 @@ +Description: bpf/verifier: fix bounds calculation on BPF_RSH +References: + http://www.openwall.com/lists/oss-security/2017/12/21/2 +Notes: + carnil> Introduced by b03c9f9fdc37dab81ea04d5dacdc5995d4c224c2 in 4.14-rc1 +Bugs: +upstream: released (4.15-rc5) [4374f256ce8182019353c0c639bb8d0695b4c941] +4.9-upstream-stable: N/A "Vulnerable code introduced in 4.14-rc1" +3.16-upstream-stable: N/A "Vulnerable code introduced in 4.14-rc1" +3.2-upstream-stable: N/A "Vulnerable code introduced in 4.14-rc1" +sid: released (4.14.7-1) [/bugfix/all/bpf-verifier-fix-bounds-calculation-on-bpf_rsh.patch] +4.9-stretch-security: N/A "Vulnerable code not present" +3.16-jessie-security: N/A "Vulnerable code not present" +3.2-wheezy-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2017-17854 b/retired/CVE-2017-17854 new file mode 100644 index 000000000..ebbba1956 --- /dev/null +++ b/retired/CVE-2017-17854 @@ -0,0 +1,14 @@ +Description: bpf: fix integer overflows +References: + http://www.openwall.com/lists/oss-security/2017/12/21/2 +Notes: + carnil> Introduced by f1174f77b50c94eecaa658fdc56fa69b421de4b8 in 4.14-rc1 +Bugs: +upstream: released (4.15-rc5) [bb7f0f989ca7de1153bd128a40a71709e339fa03] +4.9-upstream-stable: N/A "Vulnerable code introduced in 4.14-rc1" +3.16-upstream-stable: N/A "Vulnerable code introduced in 4.14-rc1" +3.2-upstream-stable: N/A "Vulnerable code introduced in 4.14-rc1" +sid: released (4.14.7-1) [bugfix/all/bpf-fix-integer-overflows.patch] +4.9-stretch-security: N/A "Vulnerable code not present" +3.16-jessie-security: N/A "Vulnerable code not present" +3.2-wheezy-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2017-17855 b/retired/CVE-2017-17855 new file mode 100644 index 000000000..d3df9e6db --- /dev/null +++ b/retired/CVE-2017-17855 @@ -0,0 +1,14 @@ +Description: bpf: don't prune branches when a scalar is replaced with a pointer +References: + http://www.openwall.com/lists/oss-security/2017/12/21/2 +Notes: + carnil> Introduced in f1174f77b50c94eecaa658fdc56fa69b421de4b8 in 4.14-rc1 +Bugs: +upstream: released (4.15-rc5) [179d1c5602997fef5a940c6ddcf31212cbfebd14] +4.9-upstream-stable: N/A "Vulnerable code introduced in 4.14-rc1" +3.16-upstream-stable: N/A "Vulnerable code introduced in 4.14-rc1" +3.2-upstream-stable: N/A "Vulnerable code introduced in 4.14-rc1" +sid: released (4.14.7-1) [bugfix/all/bpf-don-t-prune-branches-when-a-scalar-is-replaced-w.patch] +4.9-stretch-security: N/A "Vulnerable code not present" +3.16-jessie-security: N/A "Vulnerable code not present" +3.2-wheezy-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2017-17856 b/retired/CVE-2017-17856 new file mode 100644 index 000000000..8031917d6 --- /dev/null +++ b/retired/CVE-2017-17856 @@ -0,0 +1,14 @@ +Description: bpf: force strict alignment checks for stack pointers +References: + http://www.openwall.com/lists/oss-security/2017/12/21/2 +Notes: + carnil> Introduced by f1174f77b50c94eecaa658fdc56fa69b421de4b8 in 4.14-rc1 +Bugs: +upstream: released (4.15-rc5) [a5ec6ae161d72f01411169a938fa5f8baea16e8f] +4.9-upstream-stable: N/A "Vulnerable code introduced in 4.14-rc1" +3.16-upstream-stable: N/A "Vulnerable code introduced in 4.14-rc1" +3.2-upstream-stable: N/A "Vulnerable code introduced in 4.14-rc1" +sid: released (4.14.7-1) [bugfix/all/bpf-force-strict-alignment-checks-for-stack-pointers.patch] +4.9-stretch-security: N/A "Vulnerable code not present" +3.16-jessie-security: N/A "Vulnerable code not present" +3.2-wheezy-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2017-17857 b/retired/CVE-2017-17857 new file mode 100644 index 000000000..f518b3fc4 --- /dev/null +++ b/retired/CVE-2017-17857 @@ -0,0 +1,14 @@ +Description: bpf: fix missing error return in check_stack_boundary() +References: + http://www.openwall.com/lists/oss-security/2017/12/21/2 +Notes: + carnil> Introduced by f1174f77b50c94eecaa658fdc56fa69b421de4b8 in 4.14-rc1 +Bugs: +upstream: released (4.15-rc5) [ea25f914dc164c8d56b36147ecc86bc65f83c469] +4.9-upstream-stable: N/A "Vulnerable code introduced in 4.14-rc1" +3.16-upstream-stable: N/A "Vulnerable code introduced in 4.14-rc1" +3.2-upstream-stable: N/A "Vulnerable code introduced in 4.14-rc1" +sid: released (4.14.7-1) [bugfix/all/bpf-fix-missing-error-return-in-check_stack_boundary.patch] +4.9-stretch-security: N/A "Vulnerable code not present" +3.16-jessie-security: N/A "Vulnerable code not present" +3.2-wheezy-security: N/A "Vulnerable code not present" -- cgit v1.2.3