Retire several issues

1 files changed, 21 insertions, 0 deletions

diff --git a/retired/CVE-2022-0168 b/retired/CVE-2022-0168
new file mode 100644
index 00000000..3c3c723b
--- /dev/null
+++ b/retired/CVE-2022-0168
@@ -0,0 +1,21 @@
+Description: cifs: fix NULL ptr dereference in smb2_ioctl_query_info()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2037386
+ https://starlabs.sg/advisories/22-0168/
+Notes:
+ carnil> For 5.16.y fixed in 5.19.16 and for 5.17.y fixed in 5.17.2.
+ bwh> This fixes commit ccd48ec3d4a6 "smb2: fix use-after-free in
+ bwh> smb2_ioctl_query_info()" which was applied in 5.13-rc1 and 5.10.36.
+ bwh> That in turn fixed commit b2ca6c2c9edd "cifs: move some variables
+ bwh> off the stack in smb2_ioctl_query_info" which was applied in
+ bwh> 5.8-rc1.  (The potential memory leaks probably exist in older
+ bwh> versions but are a separate and probably less serious issue.)
+Bugs:
+upstream: released (v5.18-rc1) [d6f5e358452479fa8a773b5c6ccc9e4ec5a20880]
+5.10-upstream-stable: released (5.10.110) [edefc4b2a8e8310eee8e2b1714709ad5b2a93928]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.17.3-1)
+5.10-bullseye-security: released (5.10.113-1)
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"