diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2023-10-06 23:36:39 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2023-10-06 23:36:39 +0200 |
commit | 2c98af84378df5050ee99f6b2e0fb4464804fc6d (patch) | |
tree | ceff79e15949bb272d8dd4bf9e555cd71bdaf26f /retired | |
parent | 5cf97a652e3144bfa2c5479d619bc21469b7ac45 (diff) |
Retire some CVEs
Diffstat (limited to 'retired')
-rw-r--r-- | retired/CVE-2023-25775 | 16 | ||||
-rw-r--r-- | retired/CVE-2023-3773 | 18 | ||||
-rw-r--r-- | retired/CVE-2023-42752 | 15 | ||||
-rw-r--r-- | retired/CVE-2023-44466 | 16 |
4 files changed, 65 insertions, 0 deletions
diff --git a/retired/CVE-2023-25775 b/retired/CVE-2023-25775 new file mode 100644 index 00000000..ed97de66 --- /dev/null +++ b/retired/CVE-2023-25775 @@ -0,0 +1,16 @@ +Description: RDMA/irdma: Prevent zero-length STAG registration +References: + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00794.html +Notes: + carnil> Commit fixes b48c24c2d710 ("RDMA/irdma: Implement device + carnil> supported verb APIs") in 5.14-rc1. + carnil> Fixed as well in 6.4.16 for 6.4.y and in 6.5.3 for 6.5.y. +Bugs: +upstream: released (6.6-rc1) [bb6d73d9add68ad270888db327514384dfa44958] +6.1-upstream-stable: released (6.1.53) [f01cfec8d3456bf389918eb898eda11f46d8b1b7] +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.5.3-1) +6.1-bookworm-security: released (6.1.55-1) +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2023-3773 b/retired/CVE-2023-3773 new file mode 100644 index 00000000..2b1b3444 --- /dev/null +++ b/retired/CVE-2023-3773 @@ -0,0 +1,18 @@ +Description: xfrm: add forgotten nla_policy for XFRMA_MTIMER_THRESH +References: + https://bugzilla.redhat.com/show_bug.cgi?id=2218944 + https://lore.kernel.org/all/20230723074110.3705047-1-linma@zju.edu.cn/T/#u +Notes: + carnil> Commit fixes 4e484b3e969b ("xfrm: rate limit SA mapping change + carnil> message to user space") in 5.17-rc1. But it was backported to + carnil> 5.10.94, 5.15.17 and 5.16.3 as well. + carnil> For 6.4.y fixed as well in 6.4.12. +Bugs: +upstream: released (6.5-rc7) [5e2424708da7207087934c5c75211e8584d553a0] +6.1-upstream-stable: released (6.1.47) [a442cd17019385c53bbddf3bb92d91474081916b] +5.10-upstream-stable: released (5.10.192) [614811692e21cef324d897202ad37c17d4390da3] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.4.13-1) +6.1-bookworm-security: released (6.1.52-1) +5.10-bullseye-security: released (5.10.197-1) +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2023-42752 b/retired/CVE-2023-42752 new file mode 100644 index 00000000..42ade086 --- /dev/null +++ b/retired/CVE-2023-42752 @@ -0,0 +1,15 @@ +Description: integer overflows in kmalloc_reserve() +References: + https://www.openwall.com/lists/oss-security/2023/09/18/3 +Notes: + carnil> Introduced with 12d6c1d3a2ad ("skbuff: Proactively round up to + carnil> kmalloc bucket size") in 6.2-rc1 (and backported to 6.1.31) +Bugs: +upstream: released (6.6-rc1) [915d975b2ffa58a14bfcf16fafe00c41315949ff, c3b704d4a4a265660e665df51b129e8425216ed1] +6.1-upstream-stable: released (6.1.53) [6678912b4df1bfac6f7c80642d56dc22e23419e4], released (6.1.54) [31cf7853a940181593e4472fc56f46574123f9f6] +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.5.3-1) +6.1-bookworm-security: released (6.1.55-1) +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2023-44466 b/retired/CVE-2023-44466 new file mode 100644 index 00000000..783f018e --- /dev/null +++ b/retired/CVE-2023-44466 @@ -0,0 +1,16 @@ +Description: libceph: harden msgr2.1 frame segment length checks +References: + https://github.com/google/security-research/security/advisories/GHSA-jg27-jx6w-xwph + https://www.spinics.net/lists/ceph-devel/msg57909.html +Notes: + carnil> Commit fixes cd1a677cad99 ("libceph, ceph: implement msgr2.1 + carnil> protocol (crc and secure modes)") in 5.11-rc1. +Bugs: +upstream: released (6.5-rc2) [a282a2f10539dce2aa619e71e1817570d557fc97] +6.1-upstream-stable: released (6.1.40) [183c0ae4fafcdcb95c06f40c0c35a39d89c1aa2d] +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.4.11-1) +6.1-bookworm-security: released (6.1.52-1) +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" |