Retire several more CVEs

While we have not yet released the 5.10.191-1 DSA it does not matter if
they are alredy retired. We have tagged 5.10.191-1 in git and working on
the DSA can be done indepently.

19 files changed, 278 insertions, 0 deletions

diff --git a/retired/CVE-2023-2002 b/retired/CVE-2023-2002
new file mode 100644
index 00000000..0cc8a750
--- /dev/null
+++ b/retired/CVE-2023-2002
@@ -0,0 +1,15 @@
+Description: bluetooth: Perform careful capability checks in hci_sock_ioctl()
+References:
+ https://www.openwall.com/lists/oss-security/2023/04/16/3
+ https://lore.kernel.org/linux-bluetooth/20230416081404.8227-1-lrh2000@pku.edu.cn/
+ https://lore.kernel.org/linux-bluetooth/20230416080251.7717-1-lrh2000@pku.edu.cn/
+Notes:
+Bugs:
+upstream: released (6.4-rc1) [25c150ac103a4ebeed0319994c742a90634ddf18]
+6.1-upstream-stable: released (6.1.27) [47e6893a5b0ad14c0b1c25983a1facb1cf667b6e]
+5.10-upstream-stable: released (5.10.180) [98cfbad52fc286c2a1a75e04bf47b98d6489db1f]
+4.19-upstream-stable: released (4.19.283) [8d59548bae309000442c297bff3e54ab535f0ab7]
+sid: released (6.1.27-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.289-1)
diff --git a/retired/CVE-2023-2007 b/retired/CVE-2023-2007
new file mode 100644
index 00000000..fbe4ba4b
--- /dev/null
+++ b/retired/CVE-2023-2007
@@ -0,0 +1,17 @@
+Description: dpt_i2o: TOCTTOU in adpt_i2o_passthru()
+References:
+ https://www.zerodayinitiative.com/advisories/ZDI-23-440/
+ https://lore.kernel.org/stable/b1d71ba992d0adab2519dff17f6d241279c0f5f1.camel@debian.org/
+Notes:
+ carnil> Issue upstream fixed by removing the driver.
+ carnil> For other stable backports "scsi: dpt_i2o: Remove broken pass-
+ carnil> through ioctl (I2OUSERCMD)" fixes the issue.
+Bugs:
+upstream: released (6.0-rc1) [b04e75a4a8a81887386a0d2dbf605a48e779d2a0]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.183) [a2cd7599b558d6c70c01880d470f6eedaf6a8f23]
+4.19-upstream-stable: released (4.19.285) [1b88816a9499608c736e192e0f442e65d4b71de1]
+sid: released (6.0.2-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.289-1)
diff --git a/retired/CVE-2023-21255 b/retired/CVE-2023-21255
new file mode 100644
index 00000000..781bdc20
--- /dev/null
+++ b/retired/CVE-2023-21255
@@ -0,0 +1,17 @@
+Description: binder: fix UAF caused by faulty buffer cleanup
+References:
+ https://source.android.com/docs/security/bulletin/2023-07-01
+ https://android.googlesource.com/kernel/common/+/1ca1130ec62d
+Notes:
+ carnil> Commit fixes 32e9f56a96d8 ("binder: don't detect sender/target
+ carnil> during buffer cleanup") in 5.16-rc1 (which was backported to
+ carnil> 5.4.159, 5.10.79, 5.14.18, 5.15.2)
+Bugs:
+upstream: released (6.4-rc4) [bdc1c5fac982845a58d28690cdb56db8c88a530d]
+6.1-upstream-stable: released (6.1.31) [e1e198eff1fbaf56fd8022c4fbbf59c5324ea320]
+5.10-upstream-stable: released (5.10.182) [2218752325a98861dfb10f59a9b0270d6d4abe21]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-21400 b/retired/CVE-2023-21400
new file mode 100644
index 00000000..aaaa530a
--- /dev/null
+++ b/retired/CVE-2023-21400
@@ -0,0 +1,19 @@
+Description: io_uring: ensure IOPOLL locks around deferred work
+References:
+ https://source.android.com/security/bulletin/pixel/2023-07-01
+ https://yanglingxi1993.github.io/dirty_pagetable/dirty_pagetable.html
+ https://www.openwall.com/lists/oss-security/2023/07/14/2
+ https://www.openwall.com/lists/oss-security/2023/07/25/9
+ https://twitter.com/VAR10CK/status/1683303642173153280
+Notes:
+ carnil> No upstream commit exists as the issue has been fixed in 5.18
+ carnil> development as part of a larger rework of the completion side.
+Bugs:
+upstream: released (5.18)
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.188) [810e401b34c4c4c244d8b93b9947ea5b3d4d49f8]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.18.2-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-2269 b/retired/CVE-2023-2269
new file mode 100644
index 00000000..f0f1e4d5
--- /dev/null
+++ b/retired/CVE-2023-2269
@@ -0,0 +1,13 @@
+Description: A possible deadlock in dm_get_inactive_table in dm-ioctl.c leads to dos
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2189388
+Notes:
+Bugs:
+upstream: released (6.4-rc1) [3d32aaa7e66d5c1479a3c31d6c2c5d45dd0d3b89]
+6.1-upstream-stable: released (6.1.28) [9a94ebc74c3540aba5aa2c7b05032da4610a08c9]
+5.10-upstream-stable: released (5.10.180) [ea827627a9249154b34b646b1e1007013402afea]
+4.19-upstream-stable: released (4.19.283) [b4b94b25c78ed03be0e07fa4e76fe51e64dac533]
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.289-1)
diff --git a/retired/CVE-2023-22995 b/retired/CVE-2023-22995
new file mode 100644
index 00000000..f86435d8
--- /dev/null
+++ b/retired/CVE-2023-22995
@@ -0,0 +1,14 @@
+Description: usb: dwc3: dwc3-qcom: Add missing platform_device_put() in dwc3_qcom_acpi_register_core
+References:
+Notes:
+ bwh> This is a one-time resource leak in device probe, not a security
+ bwh> issue.
+Bugs:
+upstream: released (5.17-rc1) [fa0ef93868a6062babe1144df2807a8b1d4924d2]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: ignored "Not a security issue"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.17.3-1)
+6.1-bookworm-security: N/A "Fixed before branch point"
+5.10-bullseye-security: ignored "Not a security issue"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-3090 b/retired/CVE-2023-3090
new file mode 100644
index 00000000..b989aae0
--- /dev/null
+++ b/retired/CVE-2023-3090
@@ -0,0 +1,13 @@
+Description: ipvlan:Fix out-of-bounds caused by unclear skb->cb
+References:
+ https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e
+Notes:
+Bugs:
+upstream: released (6.4-rc2) [90cbed5247439a966b645b34eb0a2e037836ea8e]
+6.1-upstream-stable: released (6.1.30) [610a433810b277b3b77389733c07d22e8af68de2]
+5.10-upstream-stable: released (5.10.181) [f4a371d3f5a7a71dff1ab48b3122c5cf23cc7ad5]
+4.19-upstream-stable: released (4.19.284) [b36dcf3ed547c103acef6f52bed000a0ac6c074f]
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.289-1)
diff --git a/retired/CVE-2023-31084 b/retired/CVE-2023-31084
new file mode 100644
index 00000000..1e969719
--- /dev/null
+++ b/retired/CVE-2023-31084
@@ -0,0 +1,15 @@
+Description: media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*()
+References:
+ https://lore.kernel.org/all/CA+UBctCu7fXn4q41O_3=id1+OdyQ85tZY1x+TkT-6OVBL6KAUw@mail.gmail.com/
+Notes:
+ bwh> Introduced in 4.18 by commit 76d81243a487 "media: dvb_frontend:
+ bwh> fix locking issues at dvb_frontend_get_event()".
+Bugs:
+upstream: released (6.4-rc3) [b8c75e4a1b325ea0a9433fa8834be97b5836b946]
+6.1-upstream-stable: released (6.1.33) [d0088ea444e676a0c75551efe183bee4a3d2cfc8]
+5.10-upstream-stable: released (5.10.183) [ca2d171fd1f3ea03198b8775443d2767301dce9b]
+4.19-upstream-stable: released (4.19.285) [f3b5442184a0dab5cee9b2682f947393569e24b2]
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.289-1)
diff --git a/retired/CVE-2023-3111 b/retired/CVE-2023-3111
new file mode 100644
index 00000000..03b237f0
--- /dev/null
+++ b/retired/CVE-2023-3111
@@ -0,0 +1,14 @@
+Description: btrfs: unset reloc control if transaction commit fails in prepare_to_relocate()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2212513
+ https://patchwork.kernel.org/project/linux-btrfs/patch/20220721074829.2905233-1-r33s3n6@gmail.com/
+Notes:
+Bugs:
+upstream: released (6.0-rc2) [85f02d6c856b9f3a0acf5219de6e32f58b9778eb]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.184) [b60e862e133f646f19023ece1d476d630a660de1]
+4.19-upstream-stable: released (4.19.286) [dcb11fe0a0a9cca2b7425191b9bf30dc29f2ad0f]
+sid: released (5.19.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.289-1)
diff --git a/retired/CVE-2023-3141 b/retired/CVE-2023-3141
new file mode 100644
index 00000000..826faf61
--- /dev/null
+++ b/retired/CVE-2023-3141
@@ -0,0 +1,13 @@
+Description: memstick: r592: Fix UAF bug in r592_remove due to race condition
+References:
+ https://lore.kernel.org/lkml/CAPDyKFoV9aZObZ5GBm0U_-UVeVkBN_rAG-kH3BKoP4EXdYM4bw@mail.gmail.com/t/
+Notes:
+Bugs:
+upstream: released (6.4-rc1) [63264422785021704c39b38f65a78ab9e4a186d7]
+6.1-upstream-stable: released (6.1.30) [9a342d4eb9fb8e52f7d1afe088a79513f3f9a9a5]
+5.10-upstream-stable: released (5.10.181) [5c23f6da62f71ebfeda6ea3960982ccd926ebb09]
+4.19-upstream-stable: released (4.19.284) [dce890c3dfaf631d0a8ac79c2792911f9fc551fa]
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.289-1)
diff --git a/retired/CVE-2023-3268 b/retired/CVE-2023-3268
new file mode 100644
index 00000000..ea31dd4d
--- /dev/null
+++ b/retired/CVE-2023-3268
@@ -0,0 +1,14 @@
+Description: relayfs: fix out-of-bounds access in relay_file_read
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2215502
+ https://lore.kernel.org/lkml/1682238502-1892-1-git-send-email-yangpc%40wangsu.com/T/
+Notes:
+Bugs:
+upstream: released (6.4-rc1) [43ec16f1450f4936025a9bdf1a273affdb9732c1]
+6.1-upstream-stable: released (6.1.28) [f6ee841ff2169d7a7d045340ee72b2b9de9f06c5]
+5.10-upstream-stable: released (5.10.180) [1b0df44753bf9e45eaf5cee34f87597193f862e8]
+4.19-upstream-stable: released (4.19.283) [ed32488417669568308b65ba5d45799418f9ed49]
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.289-1)
diff --git a/retired/CVE-2023-3338 b/retired/CVE-2023-3338
new file mode 100644
index 00000000..2174189f
--- /dev/null
+++ b/retired/CVE-2023-3338
@@ -0,0 +1,15 @@
+Description: NULL Pointer Dereference in DECnet
+References:
+ https://www.openwall.com/lists/oss-security/2023/06/24/3
+Notes:
+ carnil> Fixed upstream by removing DECnet support in stable series as
+ carnil> well.
+Bugs:
+upstream: released (6.1-rc1) [1202cdd665315c525b5237e96e0bedc76d7e754f]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.185) [1c004b379b0327992c1713334198cf5eba29a4ba]
+4.19-upstream-stable: released (4.19.287) [3e77bbc87342841db66c18a3afca0441c8c555e4]
+sid: released (6.1.4-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.289-1)
diff --git a/retired/CVE-2023-3389 b/retired/CVE-2023-3389
new file mode 100644
index 00000000..f3cb1685
--- /dev/null
+++ b/retired/CVE-2023-3389
@@ -0,0 +1,14 @@
+Description: io_uring: hold uring mutex around poll removal
+References:
+ https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663
+ https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04
+Notes:
+Bugs:
+upstream: released (6.0-rc1) [9ca9fb24d5febccea354089c41f96a8ad0d853f8]
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.185) [4716c73b188566865bdd79c3a6709696a224ac04]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.0.2-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-34256 b/retired/CVE-2023-34256
new file mode 100644
index 00000000..be1f7474
--- /dev/null
+++ b/retired/CVE-2023-34256
@@ -0,0 +1,14 @@
+Description: ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum
+References:
+ https://syzkaller.appspot.com/bug?extid=8785e41224a3afd04321
+Notes:
+ carnil> Fixed as well in 6.3.3 for 6.3.y.
+Bugs:
+upstream: released (6.4-rc2) [4f04351888a83e595571de672e0a4a8b74f4fb31]
+6.1-upstream-stable: released (6.1.29) [1fffe4750500148f3e744ed77cf233db8342603f]
+5.10-upstream-stable: released (5.10.180) [0dde3141c527b09b96bef1e7eeb18b8127810ce9]
+4.19-upstream-stable: released (4.19.283) [a733c466cedd1013a41fd8908d5810f2c161072f]
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.289-1)
diff --git a/retired/CVE-2023-35788 b/retired/CVE-2023-35788
new file mode 100644
index 00000000..96cb30c1
--- /dev/null
+++ b/retired/CVE-2023-35788
@@ -0,0 +1,13 @@
+Description: net/sched: flower: fix possible OOB write in fl_set_geneve_opt()
+References:
+ https://www.openwall.com/lists/oss-security/2023/06/07/1
+Notes:
+Bugs:
+upstream: released (6.4-rc5) [4d56304e5827c8cc8cc18c75343d283af7c4825c]
+6.1-upstream-stable: released (6.1.33) [eac615ed3c6d91f1196f16f0a0599fff479cb220]
+5.10-upstream-stable: released (5.10.183) [7c5c67aa294444b53f697dc3ddce61b33ff8badd]
+4.19-upstream-stable: released (4.19.285) [59a27414bb00e48c4153a8b794fb4e69910a6a1b]
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.289-1)
diff --git a/retired/CVE-2023-35823 b/retired/CVE-2023-35823
new file mode 100644
index 00000000..ce216fc8
--- /dev/null
+++ b/retired/CVE-2023-35823
@@ -0,0 +1,14 @@
+Description: media: saa7134: fix use after free bug in saa7134_finidev due to race condition
+References:
+ https://lore.kernel.org/all/49bb0b6a-e669-d4e7-d742-a19d2763e947%40xs4all.nl/
+ https://lore.kernel.org/lkml/20230318085023.832510-1-zyytlz.wz%40163.com/t/
+Notes:
+Bugs:
+upstream: released (6.4-rc1) [30cf57da176cca80f11df0d9b7f71581fe601389]
+6.1-upstream-stable: released (6.1.28) [5a72aea9acfe945353fb3a2f141f4e526a5f3684]
+5.10-upstream-stable: released (5.10.180) [7dac96e9cc985328ec1fae92f0c245f559dc0e11]
+4.19-upstream-stable: released (4.19.283) [95e684340470a95ff4957cb9a536ec7a0461c75b]
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.289-1)
diff --git a/retired/CVE-2023-35824 b/retired/CVE-2023-35824
new file mode 100644
index 00000000..b8987007
--- /dev/null
+++ b/retired/CVE-2023-35824
@@ -0,0 +1,14 @@
+Description: media: dm1105: Fix use after free bug in dm1105_remove due to race condition
+References:
+ https://lore.kernel.org/all/49bb0b6a-e669-d4e7-d742-a19d2763e947%40xs4all.nl/
+ https://lore.kernel.org/lkml/20230318081506.795147-1-zyytlz.wz%40163.com/
+Notes:
+Bugs:
+upstream: released (6.4-rc1) [5abda7a16698d4d1f47af1168d8fa2c640116b4a]
+6.1-upstream-stable: released (6.1.28) [305262a23c949010a056bd81b6e84051fd72a567]
+5.10-upstream-stable: released (5.10.180) [e9d64e90a0ada4d00ac6562e351ef10ae7d9b911]
+4.19-upstream-stable: released (4.19.283) [722c156c6eab40a6e7dda98dfa66724f9d5aeceb]
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.289-1)
diff --git a/retired/CVE-2023-35828 b/retired/CVE-2023-35828
new file mode 100644
index 00000000..20edc7f6
--- /dev/null
+++ b/retired/CVE-2023-35828
@@ -0,0 +1,14 @@
+Description: usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition
+References:
+ https://lore.kernel.org/lkml/CAJedcCwkuznS1kSTvJXhzPoavcZDWNhNMshi-Ux0spSVRwU=RA%40mail.gmail.com/T/
+Notes:
+ carnil> USB_RENESAS_USB3 not enabled in Debian.
+Bugs:
+upstream: released (6.4-rc1) [2b947f8769be8b8181dc795fd292d3e7120f5204]
+6.1-upstream-stable: released (6.1.28) [df2380520926bdbc264cffab0f45da9a21f304c8]
+5.10-upstream-stable: released (5.10.180) [36c237b202a406ba441892eabcf44e60dae7ad73]
+4.19-upstream-stable: released (4.19.283) [ad03fe033a71ed1fd2cb68a067198ae0e342f991]
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: released (4.19.289-1)
diff --git a/retired/CVE-2023-35829 b/retired/CVE-2023-35829
new file mode 100644
index 00000000..6b75d6ba
--- /dev/null
+++ b/retired/CVE-2023-35829
@@ -0,0 +1,16 @@
+Description: media: rkvdec: fix use after free bug in rkvdec_remove
+References:
+ https://lore.kernel.org/lkml/20230307173900.1299387-1-zyytlz.wz%40163.com/T/
+Notes:
+ carnil> Commit fixes cd33c830448b ("media: rkvdec: Add the rkvdec
+ carnil> driver") in 5.8-rc1. VIDEO_ROCKCHIP_VDEC not enabled in 5.10.y
+ carnil> Debian kernel in bullseye.
+Bugs:
+upstream: released (6.4-rc1) [3228cec23b8b29215e18090c6ba635840190993d]
+6.1-upstream-stable: released (6.1.28) [6a17add9c61030683b9c1fc86878f00a2d318a95]
+5.10-upstream-stable: released (5.10.180) [de19d02d734ef29f5dbd2c12fe810fa960ecd83f]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.37-1)
+5.10-bullseye-security: released (5.10.191-1)
+4.19-buster-security: N/A "Vulnerable code not present"