diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2023-10-29 20:56:45 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2023-10-29 20:56:45 +0100 |
| commit | 38ab4ac1e2197e931103943f89282a03184520c0 (patch) | |
| tree | 7fa7512e3026e02f475a610f5869132eb9b3481c /retired | |
| parent | 11b071efb8e057e9b653f8b528cda8715319d87e (diff) | |
Retire some CVEs
Diffstat (limited to 'retired')
| -rw-r--r-- | retired/CVE-2023-45898 | 17 | ||||
| -rw-r--r-- | retired/CVE-2023-4610 | 19 |
2 files changed, 36 insertions, 0 deletions
diff --git a/retired/CVE-2023-45898 b/retired/CVE-2023-45898 new file mode 100644 index 00000000..75a31c82 --- /dev/null +++ b/retired/CVE-2023-45898 @@ -0,0 +1,17 @@ +Description: ext4: fix slab-use-after-free in ext4_es_insert_extent() +References: + https://lore.kernel.org/lkml/aa03f191-445c-0d2e-d6d7-0a3208d7df7a%40huawei.com/T/ + https://www.spinics.net/lists/stable-commits/msg317086.html + https://lkml.org/lkml/2023/8/13/477 +Notes: + carnil> Commit fixes 2a69c450083d ("ext4: using nofail preallocation in + carnil> ext4_es_insert_extent()") in 6.5-rc1 +Bugs: +upstream: released (6.6-rc1) [768d612f79822d30a1e7d132a4d4b05337ce42ec] +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.5.6-1) +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2023-4610 b/retired/CVE-2023-4610 new file mode 100644 index 00000000..d6e2a829 --- /dev/null +++ b/retired/CVE-2023-4610 @@ -0,0 +1,19 @@ +Description: slab-use-after-free Read in radix_tree_lookup while fuzzing Linux kernel 6.4-rc6 with syzkaller +References: + https://bugzilla.redhat.com/show_bug.cgi?id=2229691 + https://www.spinics.net/lists/kernel/msg4920917.html + https://bugzilla.suse.com/show_bug.cgi?id=1215932 +Notes: + carnil> Introduced in f95bdb700bc6 ("mm: vmscan: make global slab + carnil> shrink lockless") in 6.4-rc1 and then later fixed with its + carnil> revert 71c3ad65fabe ("Revert "mm: vmscan: make global slab + carnil> shrink lockless"") in 6.4. +Bugs: +upstream: released (6.4) [71c3ad65fabec9620d3f548b2da948c79c7ad9d5] +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: N/A "Vulnerable code not present" +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" |