From ca55e0e9d4f83b79bf312005dc6da4447730da09 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 9 Oct 2021 09:44:22 +0200
Subject: Retire some CVEs

---
 active/CVE-2021-3444   | 23 -----------------------
 active/CVE-2021-35039  | 16 ----------------
 active/CVE-2021-3656   | 15 ---------------
 active/CVE-2021-3743   | 16 ----------------
 active/CVE-2021-37576  | 14 --------------
 retired/CVE-2021-3444  | 23 +++++++++++++++++++++++
 retired/CVE-2021-35039 | 16 ++++++++++++++++
 retired/CVE-2021-3656  | 15 +++++++++++++++
 retired/CVE-2021-3743  | 16 ++++++++++++++++
 retired/CVE-2021-37576 | 14 ++++++++++++++
 10 files changed, 84 insertions(+), 84 deletions(-)
 delete mode 100644 active/CVE-2021-3444
 delete mode 100644 active/CVE-2021-35039
 delete mode 100644 active/CVE-2021-3656
 delete mode 100644 active/CVE-2021-3743
 delete mode 100644 active/CVE-2021-37576
 create mode 100644 retired/CVE-2021-3444
 create mode 100644 retired/CVE-2021-35039
 create mode 100644 retired/CVE-2021-3656
 create mode 100644 retired/CVE-2021-3743
 create mode 100644 retired/CVE-2021-37576

diff --git a/active/CVE-2021-3444 b/active/CVE-2021-3444
deleted file mode 100644
index 1ad266f1..00000000
--- a/active/CVE-2021-3444
+++ /dev/null
@@ -1,23 +0,0 @@
-Description: bpf: Fix truncation handling for mod32 dst reg wrt zero
-References:
- https://www.openwall.com/lists/oss-security/2021/03/23/2
-Notes:
- carnil> Introduced by 468f6eafa6c4 ("bpf: fix 32-bit ALU op
- carnil> verification") (4.15-rc5) but f6b1b3bf0d5f ("bpf: fix subprog
- carnil> verifier bypass by div/mod by 0 exception") (4.16-rc1) is
- carnil> necessary to exploit the issue.
- carnil> Will require as well e88b2c6e5a4d ("bpf: Fix 32 bit src
- carnil> register truncation on div/mod") as prerequisite.
- carnil> This last pre-requisite commit though would depend on
- carnil> 092ed0968bb6 ("bpf: verifier support JMP32") which does not
- carnil> seem to make it possible to backport the fixes in 4.19.y
- carnil> easily.
-Bugs:
-upstream: released (5.12-rc1) [9b00f1b78809309163dda2d044d9e94a3c0248a3]
-5.10-upstream-stable: released (5.10.19) [3320bae8c115863b6f17993c2b7970f7f419da57]
-4.19-upstream-stable: released (4.19.206) [39f74b7c81cca139c05757d9c8f9d1e35fbbf56b]
-4.9-upstream-stable: N/A "Vulnerable code introduced later"
-sid: released (5.10.19-1)
-5.10-bullseye-security: N/A "Fixed before branching point"
-4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: N/A "Vulnerable code introduced later"
diff --git a/active/CVE-2021-35039 b/active/CVE-2021-35039
deleted file mode 100644
index 8baafa96..00000000
--- a/active/CVE-2021-35039
+++ /dev/null
@@ -1,16 +0,0 @@
-Description: module: limit enabling module.sig_enforce
-References:
- https://www.openwall.com/lists/oss-security/2021/07/06/3
-Notes:
- carnil> Introduced by 7c9bc0983f89 ("ima: check signature enforcement
- carnil> against cmdline param instead of CONFIG") in 4.15-rc1 and only
- carnil> relevant with IMA.
-Bugs:
-upstream: released (5.13) [0c18f29aae7ce3dadd26d8ee3505d07cc982df75]
-5.10-upstream-stable: released (5.10.47) [3051f230f19feb02dfe5b36794f8c883b576e184]
-4.19-upstream-stable: released (4.19.196) [ff660863628fb144badcb3395cde7821c82c13a6]
-4.9-upstream-stable: N/A "Vulnerable code introduced later"
-sid: released (5.14.6-1)
-5.10-bullseye-security: released (5.10.70-1)
-4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: N/A "Vulnerable code introduced later"
diff --git a/active/CVE-2021-3656 b/active/CVE-2021-3656
deleted file mode 100644
index f34d6a03..00000000
--- a/active/CVE-2021-3656
+++ /dev/null
@@ -1,15 +0,0 @@
-Description: KVM: nSVM: always intercept VMLOAD/VMSAVE when nested
-References:
- https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc
-Notes:
- carnil> Issue introduced in 4.13-rc1 with 89c8a4984fc9 ("KVM: SVM:
- carnil> Enable Virtual VMLOAD VMSAVE feature").
-Bugs:
-upstream: released (5.14-rc7) [c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc]
-5.10-upstream-stable: released (5.10.60) [3dc5666baf2a135f250e4101d41d5959ac2c2e1f]
-4.19-upstream-stable: released (4.19.205) [119d547cbf7c055ba8100309ad71910478092f24]
-4.9-upstream-stable: N/A "Vulnerable code not present"
-sid: released (5.14.6-1)
-5.10-bullseye-security: released (5.10.46-5) [bugfix/x86/KVM-nSVM-always-intercept-VMLOAD-VMSAVE-when-nested-.patch]
-4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-3743 b/active/CVE-2021-3743
deleted file mode 100644
index bd57394d..00000000
--- a/active/CVE-2021-3743
+++ /dev/null
@@ -1,16 +0,0 @@
-Description: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c
-References:
- https://bugzilla.redhat.com/show_bug.cgi?id=1997961
- https://lists.openwall.net/netdev/2021/08/17/124
-Notes:
- bwh> Introduced in 4.15 by 194ccc88297a "net: qrtr: Support decoding
- bwh> incoming v2 packets"
-Bugs:
-upstream: released (5.14) [7e78c597c3ebfd0cb329aa09a838734147e4f117]
-5.10-upstream-stable: released (5.10.62) [ad41706c771a038e9a334fa55216abd69b32bfdf]
-4.19-upstream-stable: released (4.19.206) [ce7d8be2eaa4cab3032e256d154d1c33843d2367]
-4.9-upstream-stable: N/A "Vulnerability introduced later"
-sid: released (5.14.6-1)
-5.10-bullseye-security: released (5.10.46-5) [bugfix/all/net-qrtr-fix-another-OOB-Read-in-qrtr_endpoint_post.patch]
-4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: N/A "Vulnerability introduced later"
diff --git a/active/CVE-2021-37576 b/active/CVE-2021-37576
deleted file mode 100644
index 84191c26..00000000
--- a/active/CVE-2021-37576
+++ /dev/null
@@ -1,14 +0,0 @@
-Description: KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow
-References:
- https://www.openwall.com/lists/oss-security/2021/07/26/1
- https://lore.kernel.org/linuxppc-dev/87im0x1lqi.fsf@mpe.ellerman.id.au/T/#u
-Notes:
-Bugs:
-upstream: released (5.14-rc3) [f62f3c20647ebd5fb6ecb8f0b477b9281c44c10a]
-5.10-upstream-stable: released (5.10.54) [c1fbdf0f3c26004a2803282fdc1c35086908a99e]
-4.19-upstream-stable: released (4.19.199) [0493b10c06021796ba80cbe53c961defd5aca6e5]
-4.9-upstream-stable: released (4.9.277) [8c46b4b2749c4b3b7e602403addc32ec2b48baed]
-sid: released (5.14.6-1)
-5.10-bullseye-security: released (5.10.46-5) [bugfix/powerpc/KVM-PPC-Book3S-Fix-H_RTAS-rets-buffer-overflow.patch]
-4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: ignored "powerpc not supported in LTS"
diff --git a/retired/CVE-2021-3444 b/retired/CVE-2021-3444
new file mode 100644
index 00000000..1ad266f1
--- /dev/null
+++ b/retired/CVE-2021-3444
@@ -0,0 +1,23 @@
+Description: bpf: Fix truncation handling for mod32 dst reg wrt zero
+References:
+ https://www.openwall.com/lists/oss-security/2021/03/23/2
+Notes:
+ carnil> Introduced by 468f6eafa6c4 ("bpf: fix 32-bit ALU op
+ carnil> verification") (4.15-rc5) but f6b1b3bf0d5f ("bpf: fix subprog
+ carnil> verifier bypass by div/mod by 0 exception") (4.16-rc1) is
+ carnil> necessary to exploit the issue.
+ carnil> Will require as well e88b2c6e5a4d ("bpf: Fix 32 bit src
+ carnil> register truncation on div/mod") as prerequisite.
+ carnil> This last pre-requisite commit though would depend on
+ carnil> 092ed0968bb6 ("bpf: verifier support JMP32") which does not
+ carnil> seem to make it possible to backport the fixes in 4.19.y
+ carnil> easily.
+Bugs:
+upstream: released (5.12-rc1) [9b00f1b78809309163dda2d044d9e94a3c0248a3]
+5.10-upstream-stable: released (5.10.19) [3320bae8c115863b6f17993c2b7970f7f419da57]
+4.19-upstream-stable: released (4.19.206) [39f74b7c81cca139c05757d9c8f9d1e35fbbf56b]
+4.9-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (5.10.19-1)
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.208-1)
+4.9-stretch-security: N/A "Vulnerable code introduced later"
diff --git a/retired/CVE-2021-35039 b/retired/CVE-2021-35039
new file mode 100644
index 00000000..8baafa96
--- /dev/null
+++ b/retired/CVE-2021-35039
@@ -0,0 +1,16 @@
+Description: module: limit enabling module.sig_enforce
+References:
+ https://www.openwall.com/lists/oss-security/2021/07/06/3
+Notes:
+ carnil> Introduced by 7c9bc0983f89 ("ima: check signature enforcement
+ carnil> against cmdline param instead of CONFIG") in 4.15-rc1 and only
+ carnil> relevant with IMA.
+Bugs:
+upstream: released (5.13) [0c18f29aae7ce3dadd26d8ee3505d07cc982df75]
+5.10-upstream-stable: released (5.10.47) [3051f230f19feb02dfe5b36794f8c883b576e184]
+4.19-upstream-stable: released (4.19.196) [ff660863628fb144badcb3395cde7821c82c13a6]
+4.9-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.70-1)
+4.19-buster-security: released (4.19.208-1)
+4.9-stretch-security: N/A "Vulnerable code introduced later"
diff --git a/retired/CVE-2021-3656 b/retired/CVE-2021-3656
new file mode 100644
index 00000000..f34d6a03
--- /dev/null
+++ b/retired/CVE-2021-3656
@@ -0,0 +1,15 @@
+Description: KVM: nSVM: always intercept VMLOAD/VMSAVE when nested
+References:
+ https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc
+Notes:
+ carnil> Issue introduced in 4.13-rc1 with 89c8a4984fc9 ("KVM: SVM:
+ carnil> Enable Virtual VMLOAD VMSAVE feature").
+Bugs:
+upstream: released (5.14-rc7) [c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc]
+5.10-upstream-stable: released (5.10.60) [3dc5666baf2a135f250e4101d41d5959ac2c2e1f]
+4.19-upstream-stable: released (4.19.205) [119d547cbf7c055ba8100309ad71910478092f24]
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.46-5) [bugfix/x86/KVM-nSVM-always-intercept-VMLOAD-VMSAVE-when-nested-.patch]
+4.19-buster-security: released (4.19.208-1)
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-3743 b/retired/CVE-2021-3743
new file mode 100644
index 00000000..bd57394d
--- /dev/null
+++ b/retired/CVE-2021-3743
@@ -0,0 +1,16 @@
+Description: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1997961
+ https://lists.openwall.net/netdev/2021/08/17/124
+Notes:
+ bwh> Introduced in 4.15 by 194ccc88297a "net: qrtr: Support decoding
+ bwh> incoming v2 packets"
+Bugs:
+upstream: released (5.14) [7e78c597c3ebfd0cb329aa09a838734147e4f117]
+5.10-upstream-stable: released (5.10.62) [ad41706c771a038e9a334fa55216abd69b32bfdf]
+4.19-upstream-stable: released (4.19.206) [ce7d8be2eaa4cab3032e256d154d1c33843d2367]
+4.9-upstream-stable: N/A "Vulnerability introduced later"
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.46-5) [bugfix/all/net-qrtr-fix-another-OOB-Read-in-qrtr_endpoint_post.patch]
+4.19-buster-security: released (4.19.208-1)
+4.9-stretch-security: N/A "Vulnerability introduced later"
diff --git a/retired/CVE-2021-37576 b/retired/CVE-2021-37576
new file mode 100644
index 00000000..84191c26
--- /dev/null
+++ b/retired/CVE-2021-37576
@@ -0,0 +1,14 @@
+Description: KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow
+References:
+ https://www.openwall.com/lists/oss-security/2021/07/26/1
+ https://lore.kernel.org/linuxppc-dev/87im0x1lqi.fsf@mpe.ellerman.id.au/T/#u
+Notes:
+Bugs:
+upstream: released (5.14-rc3) [f62f3c20647ebd5fb6ecb8f0b477b9281c44c10a]
+5.10-upstream-stable: released (5.10.54) [c1fbdf0f3c26004a2803282fdc1c35086908a99e]
+4.19-upstream-stable: released (4.19.199) [0493b10c06021796ba80cbe53c961defd5aca6e5]
+4.9-upstream-stable: released (4.9.277) [8c46b4b2749c4b3b7e602403addc32ec2b48baed]
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.46-5) [bugfix/powerpc/KVM-PPC-Book3S-Fix-H_RTAS-rets-buffer-overflow.patch]
+4.19-buster-security: released (4.19.208-1)
+4.9-stretch-security: ignored "powerpc not supported in LTS"
-- 
cgit v1.2.3