Retire two CVEs

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5240 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 19 insertions, 0 deletions

diff --git a/retired/CVE-2017-8106 b/retired/CVE-2017-8106
new file mode 100644
index 00000000..d06c24b9
--- /dev/null
+++ b/retired/CVE-2017-8106
@@ -0,0 +1,19 @@
+Description: nVMX: Check current_vmcs12 before accessing in handle_invept()
+References:
+Notes:
+ carnil> Introduced in bfd0a56b90005f8c8a004baf407ad90045c2b11e (3.12-rc1)
+ carnil> for linux-3.2.y commit 02a988e6e4511b1f6d83525710a12db9c5a45149 (3.2.64)
+ carnil> backports bfd0a56b90005f8c8a004baf407ad90045c2b11e but is quite
+ carnil> reduced.
+ bwh> The backport to 3.2 was a *non*-implementation of INVEPT that doesn't
+ bwh> have this issue.
+Bugs:
+ https://bugzilla.kernel.org/show_bug.cgi?id=195167
+ https://launchpad.net/bugs/1678676
+upstream: released (3.16-rc4) [4b855078601fc422dbac3059f2215e776f49780f]
+4.9-upstream-stable: N/A "Fixed before branch point" 
+3.16-upstream-stable: N/A "Fixed before branch point"
+3.2-upstream-stable: N/A "Vulnerable code not present"
+sid: released (3.16.2-1)
+3.16-jessie-security: N/A "Vulnerable code not present"
+3.2-wheezy-security: N/A "Vulnerable code not present"