diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2022-02-11 20:49:40 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2022-02-11 20:49:40 +0100 |
commit | 9cf335eee40b048fcb43bc0ab1888785aea3db97 (patch) | |
tree | e4f2422bcf78f3c7a812aebb33feefc733cf702e /retired | |
parent | f5d89cd1f3949a3ac013d86bef157aa8be877e6a (diff) |
Retire some CVEs
Diffstat (limited to 'retired')
-rw-r--r-- | retired/CVE-2021-20292 | 19 | ||||
-rw-r--r-- | retired/CVE-2021-22543 | 17 | ||||
-rw-r--r-- | retired/CVE-2021-38198 | 14 | ||||
-rw-r--r-- | retired/CVE-2021-38199 | 12 | ||||
-rw-r--r-- | retired/CVE-2021-45100 | 15 | ||||
-rw-r--r-- | retired/CVE-2021-45402 | 17 | ||||
-rw-r--r-- | retired/CVE-2022-0185 | 19 | ||||
-rw-r--r-- | retired/CVE-2022-0286 | 14 | ||||
-rw-r--r-- | retired/CVE-2022-0433 | 17 | ||||
-rw-r--r-- | retired/CVE-2022-23222 | 20 | ||||
-rw-r--r-- | retired/CVE-2022-24122 | 18 |
11 files changed, 182 insertions, 0 deletions
diff --git a/retired/CVE-2021-20292 b/retired/CVE-2021-20292 new file mode 100644 index 000000000..e2648933a --- /dev/null +++ b/retired/CVE-2021-20292 @@ -0,0 +1,19 @@ +Description: drm/ttm/nouveau: don't call tt destroy callback on alloc failure. +References: + https://bugzilla.redhat.com/show_bug.cgi?id=1939686 +Notes: + bwh> From my reading of the fix, the bug did not affect nouveau but + bwh> all the other ttm-based drivers (amdgpu, qxl, radeon, virtgpu, + bwh> and vmwgfx). The fix is to make the API behave the way the + bwh> other drivers expected it to, and change nouveau accordingly. + bwh> This will create a potential memory leak in any OOT drivers + bwh> that were using the API correctly. +Bugs: +upstream: released (5.9-rc1) [5de5b6ecf97a021f29403aa272cb4e03318ef586] +5.10-upstream-stable: N/A "Fixed before branching point" +4.19-upstream-stable: released (4.19.140) [10c8a526b2db1fcdf9e2d59d4885377b91939c55] +4.9-upstream-stable: released (4.9.298) [70f44dfbde027f444412cfb4ea9b485a4c1dec0e] +sid: released (5.7.17-1) +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: released (4.19.146-1) +4.9-stretch-security: released (4.9.272-1) [bugfix/all/drm-ttm-nouveau-don-t-call-tt-destroy-callback-on-al.patch] diff --git a/retired/CVE-2021-22543 b/retired/CVE-2021-22543 new file mode 100644 index 000000000..4b8ec6fb1 --- /dev/null +++ b/retired/CVE-2021-22543 @@ -0,0 +1,17 @@ +Description: Linux: KVM VM_IO|VM_PFNMAP vma mishandling +References: + https://github.com/google/security-research/security/advisories/GHSA-7wq5-phmq-m584 + https://www.openwall.com/lists/oss-security/2021/05/26/3 +Notes: + bwh> For 4.9, at least commits bd2fae8da794 "KVM: do not assume PTE is + bwh> writable after follow_pfn" and 097963959594 "mm: add follow_pte_pmd()" + bwh> need to be applied first. +Bugs: +upstream: released (5.13) [f8be156be163a052a067306417cd0ff679068c97] +5.10-upstream-stable: released (5.10.47) [dd8ed6c9bc2224c1ace5292d01089d3feb7ebbc3] +4.19-upstream-stable: released (4.19.199) [117777467bc015f0dc5fc079eeba0fa80c965149] +4.9-upstream-stable: released (4.9.298) [f4b2bfed80e8d0e91b431dd1c21bc3c2c4d5f07e] +sid: released (5.10.46-2) [bugfix/all/KVM-do-not-allow-mapping-valid-but-non-reference-cou.patch] +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: released (4.19.208-1) +4.9-stretch-security: released (4.9.290-1) [bugfix/all/kvm-do-not-allow-mapping-valid-but-non-reference-cou.patch] diff --git a/retired/CVE-2021-38198 b/retired/CVE-2021-38198 new file mode 100644 index 000000000..f03fc8a18 --- /dev/null +++ b/retired/CVE-2021-38198 @@ -0,0 +1,14 @@ +Description: KVM: X86: MMU: Use the correct inherited permissions to get shadow page +References: +Notes: + bwh> For 4.9, commit 0780516a18f8 "KVM: nVMX: fix EPT permissions as reported + bwh> in exit qualification" needs to be applied first. +Bugs: +upstream: released (5.13-rc6) [b1bd5cba3306691c771d558e94baa73e8b0b96b7] +5.10-upstream-stable: released (5.10.44) [6b6ff4d1f349cb35a7c7d2057819af1b14f80437] +4.19-upstream-stable: released (4.19.204) [4c07e70141eebd3db64297515a427deea4822957] +4.9-upstream-stable: released (4.9.299) [e262acbda232b6a2a9adb53f5d2b2065f7626625] +sid: released (5.10.46-1) +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: released (4.19.208-1) +4.9-stretch-security: released (4.9.290-1) [bugfix/x86/kvm-x86-mmu-use-the-correct-inherited-permissions-to.patch] diff --git a/retired/CVE-2021-38199 b/retired/CVE-2021-38199 new file mode 100644 index 000000000..14d0c23ad --- /dev/null +++ b/retired/CVE-2021-38199 @@ -0,0 +1,12 @@ +Description: NFSv4: Initialise connection to the server in nfs4_alloc_client() +References: +Notes: +Bugs: +upstream: released (5.14-rc1) [dd99e9f98fbf423ff6d365b37a98e8879170f17c] +5.10-upstream-stable: released (5.10.52) [ff4023d0194263a0827c954f623c314978cf7ddd] +4.19-upstream-stable: released (4.19.198) [743f6b973c8ba8a0a5ed15ab11e1d07fa00d5368] +4.9-upstream-stable: released (4.9.299) [993892ed82350d0b4eb7d321d2bb225219bd1cfc] +sid: released (5.14.6-1) +5.10-bullseye-security: released (5.10.46-5) [bugfix/all/NFSv4-Initialise-connection-to-the-server-in-nfs4_al.patch] +4.19-buster-security: released (4.19.208-1) +4.9-stretch-security: released (4.9.290-1) [bugfix/all/nfsv4-initialise-connection-to-the-server-in-nfs4_al.patch] diff --git a/retired/CVE-2021-45100 b/retired/CVE-2021-45100 new file mode 100644 index 000000000..ba086e6c6 --- /dev/null +++ b/retired/CVE-2021-45100 @@ -0,0 +1,15 @@ +Description: ksmbd: disable SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1 +References: + https://github.com/cifsd-team/ksmbd/issues/550 + https://github.com/cifsd-team/ksmbd/pull/551 + https://marc.info/?l=linux-kernel&m=163961726017023&w=2 +Notes: +Bugs: +upstream: released (5.16-rc7) [83912d6d55be10d65b5268d1871168b9ebe1ec4b] +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +4.9-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.15.15-1) +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" +4.9-stretch-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2021-45402 b/retired/CVE-2021-45402 new file mode 100644 index 000000000..2bc13bbba --- /dev/null +++ b/retired/CVE-2021-45402 @@ -0,0 +1,17 @@ +Description: check_alu_op() function in kernel/bpf/verifier.c does not properly update bounds while handling the mov32 instruction +References: + https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=3cf2b61eb06765e27fec6799292d9fb46d0b7e60 + https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=b1a7288dedc6caf9023f2676b4f5ed34cf0d4029 + https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=e572ff80f05c33cd0cb4860f864f5c9c044280b6 +Notes: + carnil> Commit fixes 3f50f132d840 ("bpf: Verifier, do explicit ALU32 + carnil> bounds tracking") in v5.7-rc1. +Bugs: +upstream: released (5.16-rc6) [3cf2b61eb06765e27fec6799292d9fb46d0b7e60, e572ff80f05c33cd0cb4860f864f5c9c044280b6] +5.10-upstream-stable: released (5.10.88) [e2aad0b5f2cbf71a31d00ce7bb4dee948adff5a9, 279e0bf80d95184666c9d41361b1625c045d1dcb] +4.19-upstream-stable: N/A "Vulnerable code introduced later" +4.9-upstream-stable: N/A "Vulnerable code introduced later" +sid: released (5.15.15-1) +5.10-bullseye-security: released (5.10.92-1) +4.19-buster-security: N/A "Vulnerable code introduced later" +4.9-stretch-security: N/A "Vulnerable code introduced later" diff --git a/retired/CVE-2022-0185 b/retired/CVE-2022-0185 new file mode 100644 index 000000000..6d62a9c46 --- /dev/null +++ b/retired/CVE-2022-0185 @@ -0,0 +1,19 @@ +Description: vfs: fs_context: fix up param length parsing in legacy_parse_param +References: + https://www.openwall.com/lists/oss-security/2022/01/18/7 + https://www.openwall.com/lists/oss-security/2022/01/25/14 + https://twitter.com/cor_ctf/status/1486022971034529794 + https://github.com/Crusaders-of-Rust/CVE-2022-0185 + https://www.willsroot.io/2022/01/cve-2022-0185.html +Notes: + carnil> Introduced with 3e1aeb00e6d1 ("vfs: Implement a filesystem + carnil> superblock creation/configuration context") in 5.1-rc1. +Bugs: +upstream: released (5.17-rc1) [722d94847de29310e8aa03fcbdb41fc92c521756] +5.10-upstream-stable: released (5.10.93) [eadde287a62e66b2f9e62d007c59a8f50d4b8413] +4.19-upstream-stable: N/A "Vulnerable code not present" +4.9-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.15.15-1) [bugfix/all/vfs-fs_context-fix-up-param-length-parsing-in-legacy.patch] +5.10-bullseye-security: released (5.10.92-1) [bugfix/all/vfs-fs_context-fix-up-param-length-parsing-in-legacy.patch] +4.19-buster-security: N/A "Vulnerable code not present" +4.9-stretch-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2022-0286 b/retired/CVE-2022-0286 new file mode 100644 index 000000000..0968ce7f6 --- /dev/null +++ b/retired/CVE-2022-0286 @@ -0,0 +1,14 @@ +Description: bonding: fix null dereference in bond_ipsec_add_sa() +References: + https://syzkaller.appspot.com/bug?id=160f641886d88bf11cbf1236cc4db994bb210626 + https://bugzilla.redhat.com/show_bug.cgi?id=2037019 +Notes: +Bugs: +upstream: released (5.14-rc2) [105cd17a866017b45f3c45901b394c711c97bf40] +5.10-upstream-stable: released (5.10.54) [ba7bfcdff1ad4ea475395079add1cd7b79f81684] +4.19-upstream-stable: N/A "Vulnerable code not present" +4.9-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.14.6-1) +5.10-bullseye-security: released (5.10.70-1) +4.19-buster-security: N/A "Vulnerable code not present" +4.9-stretch-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2022-0433 b/retired/CVE-2022-0433 new file mode 100644 index 000000000..07038af56 --- /dev/null +++ b/retired/CVE-2022-0433 @@ -0,0 +1,17 @@ +Description: bpf: Add missing map_get_next_key method to bloom filter map. +References: + https://bugzilla.redhat.com/show_bug.cgi?id=2048259 + https://lore.kernel.org/bpf/20210921210225.4095056-2-joannekoong@fb.com/ + https://lore.kernel.org/bpf/d5776f5d-3416-4e3b-8751-8a5a9e6a0d4d@iogearbox.net/T/ +Notes: + carnil> Introduced with 9330986c0300 ("bpf: Add bloom filter map + carnil> implementation") in 5.16-rc1. +Bugs: +upstream: released (5.17-rc1) [3ccdcee28415c4226de05438b4d89eb5514edf73] +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +4.9-upstream-stable: N/A "Vulnerable code not present" +sid: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" +4.9-stretch-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2022-23222 b/retired/CVE-2022-23222 new file mode 100644 index 000000000..a14b4646c --- /dev/null +++ b/retired/CVE-2022-23222 @@ -0,0 +1,20 @@ +Description: bpf: Fix out of bounds access from invalid *_or_null type verification +References: + https://www.openwall.com/lists/oss-security/2022/01/13/1 + https://www.openwall.com/lists/oss-security/2022/01/18/2 +Notes: + carnil> For stable series in 5.10.y, 5.15.y and 5.16.y the commit "bpf: + carnil> Fix out of bounds access from invalid *_or_null type + carnil> verification" was backported for fixing the issue as the issue + carnil> was fixed in mainline through the larger refactoring in + carnil> c25b2ae136039ffa820c26138ed4a5e5f3ab3841. + carnil> Fixed as well in 5.16.1 for 5.16.y, 5.15.15 for 5.15.y. +Bugs: +upstream: released (5.17-rc1) [c25b2ae136039ffa820c26138ed4a5e5f3ab3841] +5.10-upstream-stable: released (5.10.92) [35ab8c9085b0af847df7fac9571ccd26d9f0f513] +4.19-upstream-stable: N/A "Vulnerable code not present" +4.9-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.15.15-1) +5.10-bullseye-security: released (5.10.92-1) +4.19-buster-security: N/A "Vulnerable code not present" +4.9-stretch-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2022-24122 b/retired/CVE-2022-24122 new file mode 100644 index 000000000..06c6eae31 --- /dev/null +++ b/retired/CVE-2022-24122 @@ -0,0 +1,18 @@ +Description: ucount: Make get_ucount a safe get_user replacement +References: + https://www.openwall.com/lists/oss-security/2022/01/29/1 +Notes: + carnil> Introduced in v5.14-rc1 with merge of d64696905554 + carnil> ("Reimplement RLIMIT_SIGPENDING on top of ucounts"), + carnil> 6e52a9f0532f ("Reimplement RLIMIT_MSGQUEUE on top of ucounts") + carnil> and d7c9e99aee48 ("Reimplement RLIMIT_MEMLOCK on top of + carnil> ucounts"). +Bugs: +upstream: released (5.17-rc2) [f9d87929d451d3e649699d0f1d74f71f77ad38f5] +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +4.9-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.15.15-2) [bugfix/all/ucount-Make-get_ucount-a-safe-get_user-replacement.patch] +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" +4.9-stretch-security: N/A "Vulnerable code not present" |