Retire some CVEs

author: Salvatore Bonaccorso <carnil@debian.org> 2023-09-09 23:48:30 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2023-09-09 23:48:30 +0200
commit: 6c7e2a261634be17bf2d4aaf077ccf66c4e2b56d (patch)
tree: 78d099f913b1d4a56ebfc87941dad7e31b10eeba /retired
parent: 8548f0bee6d33306aaae4304b723047711498d96 (diff)
11 files changed, 179 insertions, 0 deletions
diff --git a/retired/CVE-2022-48502 b/retired/CVE-2022-48502
new file mode 100644
index 00000000..09846e6d
--- /dev/null
+++ b/retired/CVE-2022-48502
@@ -0,0 +1,14 @@
+Description: fs/ntfs3: Check fields while reading
+References:
+ https://syzkaller.appspot.com/bug?extid=8778f030156c6cd16d72
+Notes:
+ carnil> NTFS3 driver not enabled in Debian.
+Bugs:
+upstream: released (6.2-rc1) [0e8235d28f3a0e9eda9f02ff67ee566d5f42b66b]
+6.1-upstream-stable: released (6.1.40) [000a9a72efa4a9df289bab9c9e8ba1639c72e0d6]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-2430 b/retired/CVE-2023-2430
new file mode 100644
index 00000000..713a1bd5
--- /dev/null
+++ b/retired/CVE-2023-2430
@@ -0,0 +1,18 @@
+Description: io_uring/msg_ring: fix missing lock on overflow for IOPOLL
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2192175
+ https://groups.google.com/g/syzkaller/c/T04q4HMUCdA/m/qVaOqv2RAAAJ
+Notes:
+ bwh> The two instances of the bug were introduced in 6.0 by commit
+ bwh> e6130eba8a84 "io_uring: add support for passing fixed file
+ bwh> descriptors" and in 6.2-rc1 by commit 6d043ee1164c "io_uring:
+ bwh> do msg_ring in target task via tw".
+Bugs:
+upstream: released (6.2-rc5) [e12d7a46f65ae4b7d58a5e0c1cbfa825cf8d830d]
+6.1-upstream-stable: released (6.1.50) [22a406b3629a10979916ea7cace47858410117b5]
+5.10-upstream-stable: N/A "Vulnerable code introduced later"
+4.19-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: N/A "Vulnerable code introduced later"
+4.19-buster-security: N/A "Vulnerable code introduced later"
diff --git a/retired/CVE-2023-2898 b/retired/CVE-2023-2898
new file mode 100644
index 00000000..3b2aac9d
--- /dev/null
+++ b/retired/CVE-2023-2898
@@ -0,0 +1,17 @@
+Description: f2fs: fix to avoid NULL pointer dereference f2fs_write_end_io()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2210102
+ https://lore.kernel.org/linux-f2fs-devel/20230522124203.3838360-1-chao@kernel.org/
+Notes:
+ carnil> Commit fixes b4b10061ef98 ("f2fs: refactor resize_fs to avoid
+ carnil> meta updates in progress") in 5.8-rc1.
+ carnil> Fixed as well in 6.4.4 for 6.4.y.
+Bugs:
+upstream: released (6.5-rc1) [d8189834d4348ae608083e1f1f53792cfcc2a9bc]
+6.1-upstream-stable: released (6.1.39) [ebe83e9bb8a6b3db28603fe938ee80ccaa01ed53]
+5.10-upstream-stable: released (5.10.188) [b39ef5b52f10b819bd0ceeb22e8f7df7800880ca]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.4.4-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-3777 b/retired/CVE-2023-3777
new file mode 100644
index 00000000..15526967
--- /dev/null
+++ b/retired/CVE-2023-3777
@@ -0,0 +1,15 @@
+Description: netfilter: nf_tables: skip bound chain on rule flush
+References:
+ https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230720071721.14777-1-pablo@netfilter.org/
+Notes:
+ carnil> Commit fixes d0e2c7de92c7 ("netfilter: nf_tables: add
+ carnil> NFT_CHAIN_BINDING") 5.9-rc1.
+Bugs:
+upstream: released (6.5-rc3) [6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8]
+6.1-upstream-stable: released (6.1.42) [e18922ce3e3169eb97838d1dcba2d679bcca446c]
+5.10-upstream-stable: released (5.10.188) [30e5460d69e631c0e84db37dba2d8f98648778d4]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.4.11-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-4004 b/retired/CVE-2023-4004
new file mode 100644
index 00000000..5f1c2b67
--- /dev/null
+++ b/retired/CVE-2023-4004
@@ -0,0 +1,17 @@
+Description: [nf] netfilter: nft_set_pipapo: fix improper element removal
+References:
+ https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230719190824.21196-1-fw@strlen.de/
+ https://bugzilla.redhat.com/show_bug.cgi?id=2225275
+Notes:
+ carnil> For 6.4.y fixed as well in 6.4.7.
+ carnil> Commit fixes 3c4287f62044 ("nf_tables: Add set type for
+ carnil> arbitrary concatenation of ranges") in 5.6.-rc1.
+Bugs:
+upstream: released (6.5-rc3) [87b5a5c209405cb6b57424cdfa226a6dbd349232]
+6.1-upstream-stable: released (6.1.42) [90c3955beb858bb52a9e5c4380ed0e520e3730d1]
+5.10-upstream-stable: released (5.10.188) [3a91099ecd59a42d1632fcb152bf7222f268ea2b]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.4.11-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-4015 b/retired/CVE-2023-4015
new file mode 100644
index 00000000..d7ba6ac6
--- /dev/null
+++ b/retired/CVE-2023-4015
@@ -0,0 +1,17 @@
+Description: netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR
+References:
+ https://ubuntu.com/security/CVE-2023-4015
+ https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230723142446.13809-1-pablo@netfilter.org/
+Notes:
+ carnil> Commit fixes 4bedf9eee016 ("netfilter: nf_tables: fix chain
+ carnil> binding transaction logic") in 6.4 (but backported to 5.10.188,
+ carnil> 6.1.36, 6.3.10).
+Bugs:
+upstream: released (6.5-rc4) [0a771f7b266b02d262900c75f1e175c7fe76fec2]
+6.1-upstream-stable: released (6.1.43) [4237462a073e24f71c700f3e5929f07b6ee1bcaa]
+5.10-upstream-stable: released (5.10.190) [ab5a97a94b57324df76d659686ac2d30494170e6]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.4.11-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: N/A "Vulnerable code not in a Debian released version"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-4147 b/retired/CVE-2023-4147
new file mode 100644
index 00000000..40dc802a
--- /dev/null
+++ b/retired/CVE-2023-4147
@@ -0,0 +1,16 @@
+Description: netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2225239
+Notes:
+ carnil> Commit fixes d0e2c7de92c7 ("netfilter: nf_tables: add
+ carnil> NFT_CHAIN_BINDING") 5.9-rc1.
+ carnil> For 6.4.y fixed as well in 6.4.8.
+Bugs:
+upstream: released (6.5-rc4) [0ebc1064e4874d5987722a2ddbc18f94aa53b211]
+6.1-upstream-stable: released (6.1.43) [268cb07ef3ee17b5454a7c4b23376802c5b00c79]
+5.10-upstream-stable: released (5.10.190) [308a43f1521d5b7220693d0865b23e8dad3ed137]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.4.11-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-4155 b/retired/CVE-2023-4155
new file mode 100644
index 00000000..4f0ddc9c
--- /dev/null
+++ b/retired/CVE-2023-4155
@@ -0,0 +1,18 @@
+Description: KVM: SEV: only access GHCB fields once
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2213802
+ https://patchew.org/linux/20230804173355.51753-1-pbonzini@redhat.com/
+ https://patchew.org/linux/20230804173355.51753-1-pbonzini@redhat.com/20230804173355.51753-3-pbonzini@redhat.com/
+Notes:
+ carnil> Commit fixes 291bd20d5d88 ("KVM: SVM: Add initial support for a
+ carnil> VMGEXIT VMEXIT") in 5.11-rc1.
+ carnil> Fixed in 6.4.11 for 6.4.y.
+Bugs:
+upstream: released (6.5-rc6) [7588dbcebcbf0193ab5b76987396d0254270b04a]
+6.1-upstream-stable: released (6.1.46) [5bdf1c1f346c81996b6e36b5efd5c92aeda4fbe4]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.4.11-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-4459 b/retired/CVE-2023-4459
new file mode 100644
index 00000000..b25d85f3
--- /dev/null
+++ b/retired/CVE-2023-4459
@@ -0,0 +1,13 @@
+Description: net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2219268
+Notes:
+Bugs:
+upstream: released (5.18) [edf410cb74dc612fd47ef5be319c5a0bcd6e6ccd]
+6.1-upstream-stable: N/A "Fixed before branch point"
+5.10-upstream-stable: released (5.10.118) [6e2caee5cddc3d9e0ad0484c9c21b9f10676c044]
+4.19-upstream-stable: released (4.19.245) [248a37ffd81c7121d30702d8caa31db48450680d]
+sid: released (5.17.11-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.120-1)
+4.19-buster-security: released (4.19.249-1)
diff --git a/retired/CVE-2023-4569 b/retired/CVE-2023-4569
new file mode 100644
index 00000000..c46d9a60
--- /dev/null
+++ b/retired/CVE-2023-4569
@@ -0,0 +1,17 @@
+Description: [nf] netfilter: nf_tables: deactivate catchall elements in next generation
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2235470
+ https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230812110526.49808-1-fw@strlen.de/
+Notes:
+ carnil> For 6.4.y fixed as well in 6.4.12.
+ carnil> Commit fixes aaa31047a6d2 ("netfilter: nftables: add catch-all
+ carnil> set element support") 5.13-rc1.
+Bugs:
+upstream: released (6.5-rc7) [90e5b3462efa37b8bba82d7c4e63683856e188af]
+6.1-upstream-stable: released (6.1.47) [00ea7eb1c69eec91cdf9259f0e427c56e7999fcd]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.4.13-1)
+6.1-bookworm-security: released (6.1.52-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-4611 b/retired/CVE-2023-4611
new file mode 100644
index 00000000..b3e11134
--- /dev/null
+++ b/retired/CVE-2023-4611
@@ -0,0 +1,17 @@
+Description: mm/mempolicy: Take VMA lock before replacing policy
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2227244
+ https://www.spinics.net/lists/stable-commits/msg310136.html
+Notes:
+ carnil> For 6.4.y fixed in 6.4.8.
+ carnil> Commit fixes 5e31275cc997 ("mm: add per-VMA lock and helper
+ carnil> functions to control it") in 6.4-rc1.
+Bugs:
+upstream: released (6.5-rc4) [6c21e066f9256ea1df6f88768f6ae1080b7cf509]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.4.11-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
author	Salvatore Bonaccorso <carnil@debian.org>	2023-09-09 23:48:30 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2023-09-09 23:48:30 +0200
commit	6c7e2a261634be17bf2d4aaf077ccf66c4e2b56d (patch)
tree	78d099f913b1d4a56ebfc87941dad7e31b10eeba /retired
parent	8548f0bee6d33306aaae4304b723047711498d96 (diff)