Update information on CVE-2018-18653/linux

1 files changed, 6 insertions, 2 deletions

diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index bb8f0cded6..3a433c1ca4 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -7223,8 +7223,12 @@ CVE-2018-18657 (An issue was discovered in Arcserve Unified Data Protection (UDP
 CVE-2018-18656 (The PureVPN client before 6.1.0 for Windows stores Login Credentials ( ...)
 	NOT-FOR-US: PureVPN client for Windows
 CVE-2018-18653 (The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Se ...)
-	- linux <undetermined>
-	TODO: check, this should be very Ubuntu specific, but it is introduced with the out-of-tree patch from the Lockdown patchset  https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/cosmic/commit/?id=03c7de9e956395f3b36f86f89b62780ad9501eef and so possibly affect our kernel as well in some way.
+	- linux 5.4.6-1
+	[buster] - linux <not-affected> (Vulnerable code introduced later)
+	[stretch] - linux <not-affected> (Vulnerable code introduced later)
+	NOTE: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1798863
+	NOTE: Broken lockdown patch introduced in: https://salsa.debian.org/kernel-team/linux/commit/a7cd45ba217652e89afd40020fa3ee9d8900b2d6
+	NOTE: NOTE: Dropped in: https://salsa.debian.org/kernel-team/linux/commit/bcf44784663c6b77a4922d9a88f114c9810623cc
 CVE-2018-18652 (A remote command execution vulnerability in Veritas NetBackup Applianc ...)
 	NOT-FOR-US: Veritas NetBackup Appliance
 CVE-2018-18655 (Prayer through 1.3.5 sends a Referer header, containing a user's usern ...)