retire issues

author: Moritz Muehlenhoff <jmm@debian.org> 2022-12-14 17:30:13 +0100
committer: Moritz Muehlenhoff <jmm@debian.org> 2022-12-14 17:30:13 +0100
commit: 210d660e8e19228c4652243481b4cdba16992853 (patch)
tree: 50741cbe5a1e4cc4b2857792769f2edb3113c06a /retired/CVE-2022-40476
parent: 1595b8f518ac796fd6100c95a460d819dfdd21e8 (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/retired/CVE-2022-40476 b/retired/CVE-2022-40476
new file mode 100644
index 00000000..d854f8a1
--- /dev/null
+++ b/retired/CVE-2022-40476
@@ -0,0 +1,14 @@
+Description: io_uring: use original request task for inflight tracking
+References:
+ https://lore.kernel.org/lkml/CAO4S-mdVW5GkODk0+vbQexNAAJZopwzFJ9ACvRCJ989fQ4A6Ow@mail.gmail.com/
+Notes:
+ carnil> Issue introduced in 9cae36a094e7 ("io_uring: reinstate the
+ carnil> inflight tracking") in 5.19-rc1 (and got backported to 5.18.6)
+ carnil> For 5.18.y fixed in 5.18.7.
+Bugs:
+upstream: released (5.19-rc4) [386e4fb6962b9f248a80f8870aea0870ca603e89]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code never present in unstable"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
author	Moritz Muehlenhoff <jmm@debian.org>	2022-12-14 17:30:13 +0100
committer	Moritz Muehlenhoff <jmm@debian.org>	2022-12-14 17:30:13 +0100
commit	210d660e8e19228c4652243481b4cdba16992853 (patch)
tree	50741cbe5a1e4cc4b2857792769f2edb3113c06a /retired/CVE-2022-40476
parent	1595b8f518ac796fd6100c95a460d819dfdd21e8 (diff)