Update information for CVE-2022-38457 and CVE-2022-40133

author: Salvatore Bonaccorso <carnil@debian.org> 2023-03-17 05:32:37 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2023-03-17 09:10:30 +0100
commit: cd641c591a35c6d3092abf89a75976985d44a358 (patch)
tree: d2d812abc7015b928f7281289333192b8dabab7a /active/CVE-2022-38457
parent: 7cfe0743967a5a9136528e03fc8b98e808c50b09 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/active/CVE-2022-38457 b/active/CVE-2022-38457
index c5afbe83..b8f8d40f 100644
--- a/active/CVE-2022-38457
+++ b/active/CVE-2022-38457
@@ -4,10 +4,12 @@ References:
 Notes:
  bwh> Probably introduced in 4.20 by commit e8c66efbfe3a "drm/vmwgfx: Make
  bwh> user resource lookups reference-free during validation".
+ carnil> According to Zack Rusin fixed conceptually via a309c7194e8a
+ carnil> ("drm/vmwgfx: Remove rcu locks from user resources")
 Bugs:
-upstream: needed
+upstream: released (6.2-rc4) [a309c7194e8a2f8bd4539b9449917913f6c2cd50]
 5.10-upstream-stable: needed
 4.19-upstream-stable: N/A "Vulnerable code not present"
-sid: needed
+sid: released (6.1.7-1)
 5.10-bullseye-security: needed
 4.19-buster-security: N/A "Vulnerable code not present"
author	Salvatore Bonaccorso <carnil@debian.org>	2023-03-17 05:32:37 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2023-03-17 09:10:30 +0100
commit	cd641c591a35c6d3092abf89a75976985d44a358 (patch)
tree	d2d812abc7015b928f7281289333192b8dabab7a /active/CVE-2022-38457
parent	7cfe0743967a5a9136528e03fc8b98e808c50b09 (diff)