Retire one CVE

author: Salvatore Bonaccorso <carnil@debian.org> 2023-06-29 21:17:11 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2023-06-29 21:17:11 +0200
commit: c3010ec7ffa034a5676a6ef0dcba887ff84b7e67 (patch)
tree: 9a489b86e12177f6fb8531062c61d011dfd1d47b /retired/CVE-2023-2163
parent: c08546a026e5dcedd489bce1d97fa99ab20319fe (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/retired/CVE-2023-2163 b/retired/CVE-2023-2163
new file mode 100644
index 00000000..d75d42ca
--- /dev/null
+++ b/retired/CVE-2023-2163
@@ -0,0 +1,15 @@
+Description: bpf: Fix incorrect verifier pruning due to missing register precision taints
+References:
+ https://github.com/google/security-research/security/advisories/GHSA-j87x-j6mh-mv8v#event-102578
+Notes:
+ carnil> Commit fixes b5dc0163d8fd ("bpf: precise scalar_value
+ carnil> tracking") in 5.3-rc1.
+Bugs:
+upstream: released (6.3) [71b547f561247897a0a14f3082730156c0533fed]
+6.1-upstream-stable: released (6.1.26) [89603f4c9154e818b9ead1abe08545a053c66ded]
+5.10-upstream-stable: released (5.10.179) [b1281d008845ae9a4de9ef7510dcc1667557a67a]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.1.27-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.179-1)
+4.19-buster-security: N/A "Vulnerable code not present"
author	Salvatore Bonaccorso <carnil@debian.org>	2023-06-29 21:17:11 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2023-06-29 21:17:11 +0200
commit	c3010ec7ffa034a5676a6ef0dcba887ff84b7e67 (patch)
tree	9a489b86e12177f6fb8531062c61d011dfd1d47b /retired/CVE-2023-2163
parent	c08546a026e5dcedd489bce1d97fa99ab20319fe (diff)