Retire some CVEs

author: Salvatore Bonaccorso <carnil@debian.org> 2022-09-01 21:56:54 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2022-09-01 21:56:54 +0200
commit: 54375895487bd3061cf44efb5a88b341063a3eec (patch)
tree: 0182b804749e698ec90318be29986fd80253d681 /retired/CVE-2022-2585
parent: 8c6aa412431f0cf55726c0c2689a62f9dfbfb501 (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/retired/CVE-2022-2585 b/retired/CVE-2022-2585
new file mode 100644
index 00000000..c0048239
--- /dev/null
+++ b/retired/CVE-2022-2585
@@ -0,0 +1,14 @@
+Description: Linux kernel POSIX CPU timer UAF
+References:
+ https://www.openwall.com/lists/oss-security/2022/08/09/7
+ https://lore.kernel.org/lkml/20220809170751.164716-1-cascardo@canonical.com/T/#u
+ https://www.openwall.com/lists/oss-security/2022/08/18/3
+Notes:
+ carnil> Fixed as well in 5.18.18 for 5.18.y and in 5.19.2 for 5.19.y.
+Bugs:
+upstream: released (6.0-rc1) [e362359ace6f87c201531872486ff295df306d13]
+5.10-upstream-stable: released (5.10.137) [541840859ace9c2ccebc32fa9e376c7bd3def490]
+4.19-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (5.18.16-1) [bugfix/all/posix-cpu-timers-Cleanup-CPU-timers-before-freeing-t.patch]
+5.10-bullseye-security: released (5.10.136-1) [bugfix/all/posix-cpu-timers-Cleanup-CPU-timers-before-freeing-t.patch]
+4.19-buster-security: N/A "Vulnerable code introduced later"
author	Salvatore Bonaccorso <carnil@debian.org>	2022-09-01 21:56:54 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2022-09-01 21:56:54 +0200
commit	54375895487bd3061cf44efb5a88b341063a3eec (patch)
tree	0182b804749e698ec90318be29986fd80253d681 /retired/CVE-2022-2585
parent	8c6aa412431f0cf55726c0c2689a62f9dfbfb501 (diff)