diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2021-12-06 08:16:04 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-12-06 08:16:04 +0100 |
commit | 78cc05244bc386c86c90d1d228b6aae7f8fd7063 (patch) | |
tree | 49416a655ac833ac14fda5760cfdac6712002ccf /retired | |
parent | 3e30933ea1dbbcfb16b1de801ded18421d8ffeae (diff) |
Retire several CVEs
Diffstat (limited to 'retired')
-rw-r--r-- | retired/CVE-2020-29374 | 16 | ||||
-rw-r--r-- | retired/CVE-2021-32078 | 21 | ||||
-rw-r--r-- | retired/CVE-2021-34981 | 20 | ||||
-rw-r--r-- | retired/CVE-2021-3736 | 19 | ||||
-rw-r--r-- | retired/CVE-2021-4032 | 17 | ||||
-rw-r--r-- | retired/CVE-2021-43057 | 15 |
6 files changed, 108 insertions, 0 deletions
diff --git a/retired/CVE-2020-29374 b/retired/CVE-2020-29374 new file mode 100644 index 000000000..0182af32e --- /dev/null +++ b/retired/CVE-2020-29374 @@ -0,0 +1,16 @@ +Description: gup: document and work around "COW can break either way" issue +References: + https://bugs.chromium.org/p/project-zero/issues/detail?id=2045 + https://lore.kernel.org/stable/20210401182125.171484-1-surenb@google.com/ + https://lore.kernel.org/stable/20211012015244.693594-1-surenb@google.com/ +Notes: + bwh> The issue is said to go back to "2.x kernels" +Bugs: +upstream: released (5.8-rc1) [17839856fd588f4ab6b789f482ed3ffd7c403e1f] +5.10-upstream-stable: N/A "Fixed before branch point" +4.19-upstream-stable: released (4.19.189) [5e24029791e809d641e9ea46a1f99806484e53fc] +4.9-upstream-stable: released (4.9.287) 9bbd42e79720122334226afad9ddcac1c3e6d373] +sid: released (5.7.6-1) +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: released (4.19.194-1) +4.9-stretch-security: released (4.9.272-1) [bugfix/all/gup-document-and-work-around-cow-can-break-either-wa.patch] diff --git a/retired/CVE-2021-32078 b/retired/CVE-2021-32078 new file mode 100644 index 000000000..765e9b071 --- /dev/null +++ b/retired/CVE-2021-32078 @@ -0,0 +1,21 @@ +Description: ARM: footbridge: array overrun issue +References: + https://kirtikumarar.com/CVE-2021-32078.txt +Notes: + carnil> Issue is in the "personal server platform", which is not + carnil> enabled in Debian. Furthermore the fixing commit just removes + carnil> the whole code, which is believed that no one is using it. + bwh> The affected platform has a StrongArm (ARM v4) CPU which was only + bwh> supported by Debian's original arm architecture, not armel. + bwh> Also this issue involves untrusted data from a PCI device, but + bwh> the affected systems don't have an IOMMU so all PCI devices must + bwh> be trusted. +Bugs: +upstream: released (5.13-rc1) [298a58e165e447ccfaae35fe9f651f9d7e15166f] +5.10-upstream-stable: ignored "Not a real security issue" +4.19-upstream-stable: ignored "Not a real security issue" +4.9-upstream-stable: ignored "Not a real security issue" +sid: released (5.14.6-1) +5.10-bullseye-security: ignored "Not applicable to any Debian architecture" +4.19-buster-security: ignored "Not applicable to any Debian architecture" +4.9-stretch-security: ignored "Not applicable to any Debian architecture" diff --git a/retired/CVE-2021-34981 b/retired/CVE-2021-34981 new file mode 100644 index 000000000..e7f1faa54 --- /dev/null +++ b/retired/CVE-2021-34981 @@ -0,0 +1,20 @@ +Description: Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability +References: + https://bugzilla.redhat.com/show_bug.cgi?id=2017077 + https://www.zerodayinitiative.com/advisories/ZDI-21-1223/ +Notes: + carnil> It is claimed in ZDI-21-1223 that the issue got fixed in + carnil> 5.10.42 but no references are added. + carnil> The stable commits wrongly reference + carnil> 8da3a0b87f4f1c3a3bbc4bfb78cf68476e97d183 as upstream commit, + carnil> while the commit in mainline is + carnil> 3cfdf8fcaafa62a4123f92eb0f4a72650da3a479 ? +Bugs: +upstream: released (5.14-rc1) [3cfdf8fcaafa62a4123f92eb0f4a72650da3a479] +5.10-upstream-stable: released (5.10.42) [1b364f8ede200e79e25df0df588fcedc322518fb] +4.19-upstream-stable: released (4.19.193) [f8be26b9950710fe50fb45358df5bd01ad18efb7] +4.9-upstream-stable: released (4.9.271) [77c559407276ed4a8854dafc4a5efc8608e51906] +sid: released (5.10.46-1) +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: released (4.19.194-1) +4.9-stretch-security: released (4.9.272-1) diff --git a/retired/CVE-2021-3736 b/retired/CVE-2021-3736 new file mode 100644 index 000000000..de49c62b1 --- /dev/null +++ b/retired/CVE-2021-3736 @@ -0,0 +1,19 @@ +Description: uninitialized kernel stack may lead to information disclosure +References: + https://bugzilla.redhat.com/show_bug.cgi?id=1995570 +Notes: + carnil> As of 2021-11-04 no further information yet provided in + carnil> RHBZ#1995570. The description reads as "A memory leak problem + carnil> was found in mbochs_ioctl in samples/vfio-mdev/mbochs.c in + carnil> Virtual Function I/O (VFIO) Mediated devices. This flaw could + carnil> allow a local attacker to leak internal kernel information." + carnil> and so relates to changes in samples/vfio-mdev/mbochs.c . +Bugs: +upstream: released (5.15-rc1) [de5494af4815a4c9328536c72741229b7de88e7f] +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +4.9-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.14.6-1) +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" +4.9-stretch-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2021-4032 b/retired/CVE-2021-4032 new file mode 100644 index 000000000..6dd73b067 --- /dev/null +++ b/retired/CVE-2021-4032 @@ -0,0 +1,17 @@ +Description: Revert "KVM: x86: Open code necessary bits of kvm_lapic_set_base() at vCPU RESET" +References: + https://lkml.org/lkml/2021/9/8/587 + https://bugzilla.redhat.com/show_bug.cgi?id=2027403 +Notes: + carnil> Commit fixes (revert) a change in 5.15-rc1, 421221234ada ("KVM: + carnil> x86: Open code necessary bits of kvm_lapic_set_base() at vCPU + carnil> RESET"). +Bugs: +upstream: released (5.15-rc7) [f7d8a19f9a056a05c5c509fa65af472a322abfee] +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +4.9-upstream-stable: N/A "Vulnerable code not present" +sid: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" +4.9-stretch-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2021-43057 b/retired/CVE-2021-43057 new file mode 100644 index 000000000..bb2da83df --- /dev/null +++ b/retired/CVE-2021-43057 @@ -0,0 +1,15 @@ +Description: selinux,smack: fix subjective/objective credential use mixups +References: + https://bugs.chromium.org/p/project-zero/issues/detail?id=2229 +Notes: + carnil> Introduced with eb1231f73c4d ("selinux: clarify task subjective + carnil> and objective credentials") in 5.13-rc1. +Bugs: +upstream: released (5.15-rc3) [a3727a8bac0a9e77c70820655fd8715523ba3db7] +5.10-upstream-stable: N/A "Vulnerable code introduced later" +4.19-upstream-stable: N/A "Vulnerable code introduced later" +4.9-upstream-stable: N/A "Vulnerable code introduced later" +sid: released (5.14.9-1) +5.10-bullseye-security: N/A "Vulnerable code introduced later" +4.19-buster-security: N/A "Vulnerable code introduced later" +4.9-stretch-security: N/A "Vulnerable code introduced later" |