Retire CVE-2020-25220

author: Salvatore Bonaccorso <carnil@debian.org> 2020-09-10 10:30:05 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2020-09-10 10:30:05 +0200
commit: fd435f58f59e6cca547192c1ec292b60d3e5d51e (patch)
tree: 9adda9f687815f83662e043b1b047b1ad6fd2d2f /retired/CVE-2020-25220
parent: 0a7662be45fee3ee642ec68e6daca93f17769881 (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/retired/CVE-2020-25220 b/retired/CVE-2020-25220
new file mode 100644
index 00000000..d6218be6
--- /dev/null
+++ b/retired/CVE-2020-25220
@@ -0,0 +1,14 @@
+Description: cgroup: add missing skcd->no_refcnt check in cgroup_sk_clone()
+References:
+ https://www.spinics.net/lists/stable/msg405099.html
+Notes:
+ carnil> Exists because of a backporting issue in the v4.9.y, v4.14.y
+ carnil> and v4.19.y stable series when backporting fix for CVE-2020-
+ carnil> 14356.
+Bugs:
+upstream: N/A "Vulnerable code not present"
+4.19-upstream-stable: released (4.19.140) [38de4308c5c3319ae9c815b6d6aa8d2b5804bace]
+4.9-upstream-stable: released (4.9.233) [f3b1d647251a94a6968a35e3d685dc8b1b24c3ff]
+sid: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "No released version contains broken backport"
+4.9-stretch-security: N/A "No released version contains broken backport"
author	Salvatore Bonaccorso <carnil@debian.org>	2020-09-10 10:30:05 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2020-09-10 10:30:05 +0200
commit	fd435f58f59e6cca547192c1ec292b60d3e5d51e (patch)
tree	9adda9f687815f83662e043b1b047b1ad6fd2d2f /retired/CVE-2020-25220
parent	0a7662be45fee3ee642ec68e6daca93f17769881 (diff)