diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2023-08-17 14:05:02 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2023-08-17 14:05:02 +0200 |
commit | 7108b67fdb16ae22436d11a45d0541de42641e2c (patch) | |
tree | b8a89b296cec8bce62efef1364b44dca69c9d86a /retired | |
parent | 828c92322780d598ea229eb47121eace48d3e71a (diff) |
Retire several more CVEs
While we have not yet released the 5.10.191-1 DSA it does not matter if
they are alredy retired. We have tagged 5.10.191-1 in git and working on
the DSA can be done indepently.
Diffstat (limited to 'retired')
-rw-r--r-- | retired/CVE-2023-2002 | 15 | ||||
-rw-r--r-- | retired/CVE-2023-2007 | 17 | ||||
-rw-r--r-- | retired/CVE-2023-21255 | 17 | ||||
-rw-r--r-- | retired/CVE-2023-21400 | 19 | ||||
-rw-r--r-- | retired/CVE-2023-2269 | 13 | ||||
-rw-r--r-- | retired/CVE-2023-22995 | 14 | ||||
-rw-r--r-- | retired/CVE-2023-3090 | 13 | ||||
-rw-r--r-- | retired/CVE-2023-31084 | 15 | ||||
-rw-r--r-- | retired/CVE-2023-3111 | 14 | ||||
-rw-r--r-- | retired/CVE-2023-3141 | 13 | ||||
-rw-r--r-- | retired/CVE-2023-3268 | 14 | ||||
-rw-r--r-- | retired/CVE-2023-3338 | 15 | ||||
-rw-r--r-- | retired/CVE-2023-3389 | 14 | ||||
-rw-r--r-- | retired/CVE-2023-34256 | 14 | ||||
-rw-r--r-- | retired/CVE-2023-35788 | 13 | ||||
-rw-r--r-- | retired/CVE-2023-35823 | 14 | ||||
-rw-r--r-- | retired/CVE-2023-35824 | 14 | ||||
-rw-r--r-- | retired/CVE-2023-35828 | 14 | ||||
-rw-r--r-- | retired/CVE-2023-35829 | 16 |
19 files changed, 278 insertions, 0 deletions
diff --git a/retired/CVE-2023-2002 b/retired/CVE-2023-2002 new file mode 100644 index 00000000..0cc8a750 --- /dev/null +++ b/retired/CVE-2023-2002 @@ -0,0 +1,15 @@ +Description: bluetooth: Perform careful capability checks in hci_sock_ioctl() +References: + https://www.openwall.com/lists/oss-security/2023/04/16/3 + https://lore.kernel.org/linux-bluetooth/20230416081404.8227-1-lrh2000@pku.edu.cn/ + https://lore.kernel.org/linux-bluetooth/20230416080251.7717-1-lrh2000@pku.edu.cn/ +Notes: +Bugs: +upstream: released (6.4-rc1) [25c150ac103a4ebeed0319994c742a90634ddf18] +6.1-upstream-stable: released (6.1.27) [47e6893a5b0ad14c0b1c25983a1facb1cf667b6e] +5.10-upstream-stable: released (5.10.180) [98cfbad52fc286c2a1a75e04bf47b98d6489db1f] +4.19-upstream-stable: released (4.19.283) [8d59548bae309000442c297bff3e54ab535f0ab7] +sid: released (6.1.27-1) +6.1-bookworm-security: N/A "Fixed before branch point" +5.10-bullseye-security: released (5.10.191-1) +4.19-buster-security: released (4.19.289-1) diff --git a/retired/CVE-2023-2007 b/retired/CVE-2023-2007 new file mode 100644 index 00000000..fbe4ba4b --- /dev/null +++ b/retired/CVE-2023-2007 @@ -0,0 +1,17 @@ +Description: dpt_i2o: TOCTTOU in adpt_i2o_passthru() +References: + https://www.zerodayinitiative.com/advisories/ZDI-23-440/ + https://lore.kernel.org/stable/b1d71ba992d0adab2519dff17f6d241279c0f5f1.camel@debian.org/ +Notes: + carnil> Issue upstream fixed by removing the driver. + carnil> For other stable backports "scsi: dpt_i2o: Remove broken pass- + carnil> through ioctl (I2OUSERCMD)" fixes the issue. +Bugs: +upstream: released (6.0-rc1) [b04e75a4a8a81887386a0d2dbf605a48e779d2a0] +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.183) [a2cd7599b558d6c70c01880d470f6eedaf6a8f23] +4.19-upstream-stable: released (4.19.285) [1b88816a9499608c736e192e0f442e65d4b71de1] +sid: released (6.0.2-1) +6.1-bookworm-security: N/A "Fixed before branch point" +5.10-bullseye-security: released (5.10.191-1) +4.19-buster-security: released (4.19.289-1) diff --git a/retired/CVE-2023-21255 b/retired/CVE-2023-21255 new file mode 100644 index 00000000..781bdc20 --- /dev/null +++ b/retired/CVE-2023-21255 @@ -0,0 +1,17 @@ +Description: binder: fix UAF caused by faulty buffer cleanup +References: + https://source.android.com/docs/security/bulletin/2023-07-01 + https://android.googlesource.com/kernel/common/+/1ca1130ec62d +Notes: + carnil> Commit fixes 32e9f56a96d8 ("binder: don't detect sender/target + carnil> during buffer cleanup") in 5.16-rc1 (which was backported to + carnil> 5.4.159, 5.10.79, 5.14.18, 5.15.2) +Bugs: +upstream: released (6.4-rc4) [bdc1c5fac982845a58d28690cdb56db8c88a530d] +6.1-upstream-stable: released (6.1.31) [e1e198eff1fbaf56fd8022c4fbbf59c5324ea320] +5.10-upstream-stable: released (5.10.182) [2218752325a98861dfb10f59a9b0270d6d4abe21] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.3.7-1) +6.1-bookworm-security: released (6.1.37-1) +5.10-bullseye-security: released (5.10.191-1) +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2023-21400 b/retired/CVE-2023-21400 new file mode 100644 index 00000000..aaaa530a --- /dev/null +++ b/retired/CVE-2023-21400 @@ -0,0 +1,19 @@ +Description: io_uring: ensure IOPOLL locks around deferred work +References: + https://source.android.com/security/bulletin/pixel/2023-07-01 + https://yanglingxi1993.github.io/dirty_pagetable/dirty_pagetable.html + https://www.openwall.com/lists/oss-security/2023/07/14/2 + https://www.openwall.com/lists/oss-security/2023/07/25/9 + https://twitter.com/VAR10CK/status/1683303642173153280 +Notes: + carnil> No upstream commit exists as the issue has been fixed in 5.18 + carnil> development as part of a larger rework of the completion side. +Bugs: +upstream: released (5.18) +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.188) [810e401b34c4c4c244d8b93b9947ea5b3d4d49f8] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.18.2-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.191-1) +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2023-2269 b/retired/CVE-2023-2269 new file mode 100644 index 00000000..f0f1e4d5 --- /dev/null +++ b/retired/CVE-2023-2269 @@ -0,0 +1,13 @@ +Description: A possible deadlock in dm_get_inactive_table in dm-ioctl.c leads to dos +References: + https://bugzilla.redhat.com/show_bug.cgi?id=2189388 +Notes: +Bugs: +upstream: released (6.4-rc1) [3d32aaa7e66d5c1479a3c31d6c2c5d45dd0d3b89] +6.1-upstream-stable: released (6.1.28) [9a94ebc74c3540aba5aa2c7b05032da4610a08c9] +5.10-upstream-stable: released (5.10.180) [ea827627a9249154b34b646b1e1007013402afea] +4.19-upstream-stable: released (4.19.283) [b4b94b25c78ed03be0e07fa4e76fe51e64dac533] +sid: released (6.3.7-1) +6.1-bookworm-security: released (6.1.37-1) +5.10-bullseye-security: released (5.10.191-1) +4.19-buster-security: released (4.19.289-1) diff --git a/retired/CVE-2023-22995 b/retired/CVE-2023-22995 new file mode 100644 index 00000000..f86435d8 --- /dev/null +++ b/retired/CVE-2023-22995 @@ -0,0 +1,14 @@ +Description: usb: dwc3: dwc3-qcom: Add missing platform_device_put() in dwc3_qcom_acpi_register_core +References: +Notes: + bwh> This is a one-time resource leak in device probe, not a security + bwh> issue. +Bugs: +upstream: released (5.17-rc1) [fa0ef93868a6062babe1144df2807a8b1d4924d2] +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: ignored "Not a security issue" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.17.3-1) +6.1-bookworm-security: N/A "Fixed before branch point" +5.10-bullseye-security: ignored "Not a security issue" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2023-3090 b/retired/CVE-2023-3090 new file mode 100644 index 00000000..b989aae0 --- /dev/null +++ b/retired/CVE-2023-3090 @@ -0,0 +1,13 @@ +Description: ipvlan:Fix out-of-bounds caused by unclear skb->cb +References: + https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e +Notes: +Bugs: +upstream: released (6.4-rc2) [90cbed5247439a966b645b34eb0a2e037836ea8e] +6.1-upstream-stable: released (6.1.30) [610a433810b277b3b77389733c07d22e8af68de2] +5.10-upstream-stable: released (5.10.181) [f4a371d3f5a7a71dff1ab48b3122c5cf23cc7ad5] +4.19-upstream-stable: released (4.19.284) [b36dcf3ed547c103acef6f52bed000a0ac6c074f] +sid: released (6.3.7-1) +6.1-bookworm-security: released (6.1.37-1) +5.10-bullseye-security: released (5.10.191-1) +4.19-buster-security: released (4.19.289-1) diff --git a/retired/CVE-2023-31084 b/retired/CVE-2023-31084 new file mode 100644 index 00000000..1e969719 --- /dev/null +++ b/retired/CVE-2023-31084 @@ -0,0 +1,15 @@ +Description: media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*() +References: + https://lore.kernel.org/all/CA+UBctCu7fXn4q41O_3=id1+OdyQ85tZY1x+TkT-6OVBL6KAUw@mail.gmail.com/ +Notes: + bwh> Introduced in 4.18 by commit 76d81243a487 "media: dvb_frontend: + bwh> fix locking issues at dvb_frontend_get_event()". +Bugs: +upstream: released (6.4-rc3) [b8c75e4a1b325ea0a9433fa8834be97b5836b946] +6.1-upstream-stable: released (6.1.33) [d0088ea444e676a0c75551efe183bee4a3d2cfc8] +5.10-upstream-stable: released (5.10.183) [ca2d171fd1f3ea03198b8775443d2767301dce9b] +4.19-upstream-stable: released (4.19.285) [f3b5442184a0dab5cee9b2682f947393569e24b2] +sid: released (6.3.7-1) +6.1-bookworm-security: released (6.1.37-1) +5.10-bullseye-security: released (5.10.191-1) +4.19-buster-security: released (4.19.289-1) diff --git a/retired/CVE-2023-3111 b/retired/CVE-2023-3111 new file mode 100644 index 00000000..03b237f0 --- /dev/null +++ b/retired/CVE-2023-3111 @@ -0,0 +1,14 @@ +Description: btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() +References: + https://bugzilla.redhat.com/show_bug.cgi?id=2212513 + https://patchwork.kernel.org/project/linux-btrfs/patch/20220721074829.2905233-1-r33s3n6@gmail.com/ +Notes: +Bugs: +upstream: released (6.0-rc2) [85f02d6c856b9f3a0acf5219de6e32f58b9778eb] +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.184) [b60e862e133f646f19023ece1d476d630a660de1] +4.19-upstream-stable: released (4.19.286) [dcb11fe0a0a9cca2b7425191b9bf30dc29f2ad0f] +sid: released (5.19.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.191-1) +4.19-buster-security: released (4.19.289-1) diff --git a/retired/CVE-2023-3141 b/retired/CVE-2023-3141 new file mode 100644 index 00000000..826faf61 --- /dev/null +++ b/retired/CVE-2023-3141 @@ -0,0 +1,13 @@ +Description: memstick: r592: Fix UAF bug in r592_remove due to race condition +References: + https://lore.kernel.org/lkml/CAPDyKFoV9aZObZ5GBm0U_-UVeVkBN_rAG-kH3BKoP4EXdYM4bw@mail.gmail.com/t/ +Notes: +Bugs: +upstream: released (6.4-rc1) [63264422785021704c39b38f65a78ab9e4a186d7] +6.1-upstream-stable: released (6.1.30) [9a342d4eb9fb8e52f7d1afe088a79513f3f9a9a5] +5.10-upstream-stable: released (5.10.181) [5c23f6da62f71ebfeda6ea3960982ccd926ebb09] +4.19-upstream-stable: released (4.19.284) [dce890c3dfaf631d0a8ac79c2792911f9fc551fa] +sid: released (6.3.7-1) +6.1-bookworm-security: released (6.1.37-1) +5.10-bullseye-security: released (5.10.191-1) +4.19-buster-security: released (4.19.289-1) diff --git a/retired/CVE-2023-3268 b/retired/CVE-2023-3268 new file mode 100644 index 00000000..ea31dd4d --- /dev/null +++ b/retired/CVE-2023-3268 @@ -0,0 +1,14 @@ +Description: relayfs: fix out-of-bounds access in relay_file_read +References: + https://bugzilla.redhat.com/show_bug.cgi?id=2215502 + https://lore.kernel.org/lkml/1682238502-1892-1-git-send-email-yangpc%40wangsu.com/T/ +Notes: +Bugs: +upstream: released (6.4-rc1) [43ec16f1450f4936025a9bdf1a273affdb9732c1] +6.1-upstream-stable: released (6.1.28) [f6ee841ff2169d7a7d045340ee72b2b9de9f06c5] +5.10-upstream-stable: released (5.10.180) [1b0df44753bf9e45eaf5cee34f87597193f862e8] +4.19-upstream-stable: released (4.19.283) [ed32488417669568308b65ba5d45799418f9ed49] +sid: released (6.3.7-1) +6.1-bookworm-security: released (6.1.37-1) +5.10-bullseye-security: released (5.10.191-1) +4.19-buster-security: released (4.19.289-1) diff --git a/retired/CVE-2023-3338 b/retired/CVE-2023-3338 new file mode 100644 index 00000000..2174189f --- /dev/null +++ b/retired/CVE-2023-3338 @@ -0,0 +1,15 @@ +Description: NULL Pointer Dereference in DECnet +References: + https://www.openwall.com/lists/oss-security/2023/06/24/3 +Notes: + carnil> Fixed upstream by removing DECnet support in stable series as + carnil> well. +Bugs: +upstream: released (6.1-rc1) [1202cdd665315c525b5237e96e0bedc76d7e754f] +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.185) [1c004b379b0327992c1713334198cf5eba29a4ba] +4.19-upstream-stable: released (4.19.287) [3e77bbc87342841db66c18a3afca0441c8c555e4] +sid: released (6.1.4-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.191-1) +4.19-buster-security: released (4.19.289-1) diff --git a/retired/CVE-2023-3389 b/retired/CVE-2023-3389 new file mode 100644 index 00000000..f3cb1685 --- /dev/null +++ b/retired/CVE-2023-3389 @@ -0,0 +1,14 @@ +Description: io_uring: hold uring mutex around poll removal +References: + https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663 + https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04 +Notes: +Bugs: +upstream: released (6.0-rc1) [9ca9fb24d5febccea354089c41f96a8ad0d853f8] +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.185) [4716c73b188566865bdd79c3a6709696a224ac04] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.0.2-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.191-1) +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2023-34256 b/retired/CVE-2023-34256 new file mode 100644 index 00000000..be1f7474 --- /dev/null +++ b/retired/CVE-2023-34256 @@ -0,0 +1,14 @@ +Description: ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum +References: + https://syzkaller.appspot.com/bug?extid=8785e41224a3afd04321 +Notes: + carnil> Fixed as well in 6.3.3 for 6.3.y. +Bugs: +upstream: released (6.4-rc2) [4f04351888a83e595571de672e0a4a8b74f4fb31] +6.1-upstream-stable: released (6.1.29) [1fffe4750500148f3e744ed77cf233db8342603f] +5.10-upstream-stable: released (5.10.180) [0dde3141c527b09b96bef1e7eeb18b8127810ce9] +4.19-upstream-stable: released (4.19.283) [a733c466cedd1013a41fd8908d5810f2c161072f] +sid: released (6.3.7-1) +6.1-bookworm-security: released (6.1.37-1) +5.10-bullseye-security: released (5.10.191-1) +4.19-buster-security: released (4.19.289-1) diff --git a/retired/CVE-2023-35788 b/retired/CVE-2023-35788 new file mode 100644 index 00000000..96cb30c1 --- /dev/null +++ b/retired/CVE-2023-35788 @@ -0,0 +1,13 @@ +Description: net/sched: flower: fix possible OOB write in fl_set_geneve_opt() +References: + https://www.openwall.com/lists/oss-security/2023/06/07/1 +Notes: +Bugs: +upstream: released (6.4-rc5) [4d56304e5827c8cc8cc18c75343d283af7c4825c] +6.1-upstream-stable: released (6.1.33) [eac615ed3c6d91f1196f16f0a0599fff479cb220] +5.10-upstream-stable: released (5.10.183) [7c5c67aa294444b53f697dc3ddce61b33ff8badd] +4.19-upstream-stable: released (4.19.285) [59a27414bb00e48c4153a8b794fb4e69910a6a1b] +sid: released (6.3.7-1) +6.1-bookworm-security: released (6.1.37-1) +5.10-bullseye-security: released (5.10.191-1) +4.19-buster-security: released (4.19.289-1) diff --git a/retired/CVE-2023-35823 b/retired/CVE-2023-35823 new file mode 100644 index 00000000..ce216fc8 --- /dev/null +++ b/retired/CVE-2023-35823 @@ -0,0 +1,14 @@ +Description: media: saa7134: fix use after free bug in saa7134_finidev due to race condition +References: + https://lore.kernel.org/all/49bb0b6a-e669-d4e7-d742-a19d2763e947%40xs4all.nl/ + https://lore.kernel.org/lkml/20230318085023.832510-1-zyytlz.wz%40163.com/t/ +Notes: +Bugs: +upstream: released (6.4-rc1) [30cf57da176cca80f11df0d9b7f71581fe601389] +6.1-upstream-stable: released (6.1.28) [5a72aea9acfe945353fb3a2f141f4e526a5f3684] +5.10-upstream-stable: released (5.10.180) [7dac96e9cc985328ec1fae92f0c245f559dc0e11] +4.19-upstream-stable: released (4.19.283) [95e684340470a95ff4957cb9a536ec7a0461c75b] +sid: released (6.3.7-1) +6.1-bookworm-security: released (6.1.37-1) +5.10-bullseye-security: released (5.10.191-1) +4.19-buster-security: released (4.19.289-1) diff --git a/retired/CVE-2023-35824 b/retired/CVE-2023-35824 new file mode 100644 index 00000000..b8987007 --- /dev/null +++ b/retired/CVE-2023-35824 @@ -0,0 +1,14 @@ +Description: media: dm1105: Fix use after free bug in dm1105_remove due to race condition +References: + https://lore.kernel.org/all/49bb0b6a-e669-d4e7-d742-a19d2763e947%40xs4all.nl/ + https://lore.kernel.org/lkml/20230318081506.795147-1-zyytlz.wz%40163.com/ +Notes: +Bugs: +upstream: released (6.4-rc1) [5abda7a16698d4d1f47af1168d8fa2c640116b4a] +6.1-upstream-stable: released (6.1.28) [305262a23c949010a056bd81b6e84051fd72a567] +5.10-upstream-stable: released (5.10.180) [e9d64e90a0ada4d00ac6562e351ef10ae7d9b911] +4.19-upstream-stable: released (4.19.283) [722c156c6eab40a6e7dda98dfa66724f9d5aeceb] +sid: released (6.3.7-1) +6.1-bookworm-security: released (6.1.37-1) +5.10-bullseye-security: released (5.10.191-1) +4.19-buster-security: released (4.19.289-1) diff --git a/retired/CVE-2023-35828 b/retired/CVE-2023-35828 new file mode 100644 index 00000000..20edc7f6 --- /dev/null +++ b/retired/CVE-2023-35828 @@ -0,0 +1,14 @@ +Description: usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition +References: + https://lore.kernel.org/lkml/CAJedcCwkuznS1kSTvJXhzPoavcZDWNhNMshi-Ux0spSVRwU=RA%40mail.gmail.com/T/ +Notes: + carnil> USB_RENESAS_USB3 not enabled in Debian. +Bugs: +upstream: released (6.4-rc1) [2b947f8769be8b8181dc795fd292d3e7120f5204] +6.1-upstream-stable: released (6.1.28) [df2380520926bdbc264cffab0f45da9a21f304c8] +5.10-upstream-stable: released (5.10.180) [36c237b202a406ba441892eabcf44e60dae7ad73] +4.19-upstream-stable: released (4.19.283) [ad03fe033a71ed1fd2cb68a067198ae0e342f991] +sid: released (6.3.7-1) +6.1-bookworm-security: released (6.1.37-1) +5.10-bullseye-security: released (5.10.191-1) +4.19-buster-security: released (4.19.289-1) diff --git a/retired/CVE-2023-35829 b/retired/CVE-2023-35829 new file mode 100644 index 00000000..6b75d6ba --- /dev/null +++ b/retired/CVE-2023-35829 @@ -0,0 +1,16 @@ +Description: media: rkvdec: fix use after free bug in rkvdec_remove +References: + https://lore.kernel.org/lkml/20230307173900.1299387-1-zyytlz.wz%40163.com/T/ +Notes: + carnil> Commit fixes cd33c830448b ("media: rkvdec: Add the rkvdec + carnil> driver") in 5.8-rc1. VIDEO_ROCKCHIP_VDEC not enabled in 5.10.y + carnil> Debian kernel in bullseye. +Bugs: +upstream: released (6.4-rc1) [3228cec23b8b29215e18090c6ba635840190993d] +6.1-upstream-stable: released (6.1.28) [6a17add9c61030683b9c1fc86878f00a2d318a95] +5.10-upstream-stable: released (5.10.180) [de19d02d734ef29f5dbd2c12fe810fa960ecd83f] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.3.7-1) +6.1-bookworm-security: released (6.1.37-1) +5.10-bullseye-security: released (5.10.191-1) +4.19-buster-security: N/A "Vulnerable code not present" |