Retire some CVEs

11 files changed, 182 insertions, 0 deletions

diff --git a/retired/CVE-2021-20292 b/retired/CVE-2021-20292
new file mode 100644
index 000000000..e2648933a
--- /dev/null
+++ b/retired/CVE-2021-20292
@@ -0,0 +1,19 @@
+Description: drm/ttm/nouveau: don't call tt destroy callback on alloc failure.
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1939686
+Notes:
+ bwh> From my reading of the fix, the bug did not affect nouveau but
+ bwh> all the other ttm-based drivers (amdgpu, qxl, radeon, virtgpu,
+ bwh> and vmwgfx).  The fix is to make the API behave the way the
+ bwh> other drivers expected it to, and change nouveau accordingly.
+ bwh> This will create a potential memory leak in any OOT drivers
+ bwh> that were using the API correctly.
+Bugs:
+upstream: released (5.9-rc1) [5de5b6ecf97a021f29403aa272cb4e03318ef586]
+5.10-upstream-stable: N/A "Fixed before branching point"
+4.19-upstream-stable: released (4.19.140) [10c8a526b2db1fcdf9e2d59d4885377b91939c55]
+4.9-upstream-stable: released (4.9.298) [70f44dfbde027f444412cfb4ea9b485a4c1dec0e]
+sid: released (5.7.17-1)
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.146-1)
+4.9-stretch-security: released (4.9.272-1) [bugfix/all/drm-ttm-nouveau-don-t-call-tt-destroy-callback-on-al.patch]
diff --git a/retired/CVE-2021-22543 b/retired/CVE-2021-22543
new file mode 100644
index 000000000..4b8ec6fb1
--- /dev/null
+++ b/retired/CVE-2021-22543
@@ -0,0 +1,17 @@
+Description: Linux: KVM VM_IO|VM_PFNMAP vma mishandling
+References:
+ https://github.com/google/security-research/security/advisories/GHSA-7wq5-phmq-m584
+ https://www.openwall.com/lists/oss-security/2021/05/26/3
+Notes:
+ bwh> For 4.9, at least commits bd2fae8da794 "KVM: do not assume PTE is
+ bwh> writable after follow_pfn" and 097963959594 "mm: add follow_pte_pmd()"
+ bwh> need to be applied first.
+Bugs:
+upstream: released (5.13) [f8be156be163a052a067306417cd0ff679068c97]
+5.10-upstream-stable: released (5.10.47) [dd8ed6c9bc2224c1ace5292d01089d3feb7ebbc3]
+4.19-upstream-stable: released (4.19.199) [117777467bc015f0dc5fc079eeba0fa80c965149]
+4.9-upstream-stable: released (4.9.298) [f4b2bfed80e8d0e91b431dd1c21bc3c2c4d5f07e]
+sid: released (5.10.46-2) [bugfix/all/KVM-do-not-allow-mapping-valid-but-non-reference-cou.patch]
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.208-1)
+4.9-stretch-security: released (4.9.290-1) [bugfix/all/kvm-do-not-allow-mapping-valid-but-non-reference-cou.patch]
diff --git a/retired/CVE-2021-38198 b/retired/CVE-2021-38198
new file mode 100644
index 000000000..f03fc8a18
--- /dev/null
+++ b/retired/CVE-2021-38198
@@ -0,0 +1,14 @@
+Description: KVM: X86: MMU: Use the correct inherited permissions to get shadow page
+References:
+Notes:
+ bwh> For 4.9, commit 0780516a18f8 "KVM: nVMX: fix EPT permissions as reported
+ bwh> in exit qualification" needs to be applied first.
+Bugs:
+upstream: released (5.13-rc6) [b1bd5cba3306691c771d558e94baa73e8b0b96b7]
+5.10-upstream-stable: released (5.10.44) [6b6ff4d1f349cb35a7c7d2057819af1b14f80437]
+4.19-upstream-stable: released (4.19.204) [4c07e70141eebd3db64297515a427deea4822957]
+4.9-upstream-stable: released (4.9.299) [e262acbda232b6a2a9adb53f5d2b2065f7626625]
+sid: released (5.10.46-1)
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.208-1)
+4.9-stretch-security: released (4.9.290-1) [bugfix/x86/kvm-x86-mmu-use-the-correct-inherited-permissions-to.patch]
diff --git a/retired/CVE-2021-38199 b/retired/CVE-2021-38199
new file mode 100644
index 000000000..14d0c23ad
--- /dev/null
+++ b/retired/CVE-2021-38199
@@ -0,0 +1,12 @@
+Description: NFSv4: Initialise connection to the server in nfs4_alloc_client()
+References:
+Notes:
+Bugs:
+upstream: released (5.14-rc1) [dd99e9f98fbf423ff6d365b37a98e8879170f17c]
+5.10-upstream-stable: released (5.10.52) [ff4023d0194263a0827c954f623c314978cf7ddd]
+4.19-upstream-stable: released (4.19.198) [743f6b973c8ba8a0a5ed15ab11e1d07fa00d5368]
+4.9-upstream-stable: released (4.9.299) [993892ed82350d0b4eb7d321d2bb225219bd1cfc]
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.46-5) [bugfix/all/NFSv4-Initialise-connection-to-the-server-in-nfs4_al.patch]
+4.19-buster-security: released (4.19.208-1)
+4.9-stretch-security: released (4.9.290-1) [bugfix/all/nfsv4-initialise-connection-to-the-server-in-nfs4_al.patch]
diff --git a/retired/CVE-2021-45100 b/retired/CVE-2021-45100
new file mode 100644
index 000000000..ba086e6c6
--- /dev/null
+++ b/retired/CVE-2021-45100
@@ -0,0 +1,15 @@
+Description: ksmbd: disable SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1
+References:
+ https://github.com/cifsd-team/ksmbd/issues/550
+ https://github.com/cifsd-team/ksmbd/pull/551
+ https://marc.info/?l=linux-kernel&m=163961726017023&w=2
+Notes:
+Bugs:
+upstream: released (5.16-rc7) [83912d6d55be10d65b5268d1871168b9ebe1ec4b]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-45402 b/retired/CVE-2021-45402
new file mode 100644
index 000000000..2bc13bbba
--- /dev/null
+++ b/retired/CVE-2021-45402
@@ -0,0 +1,17 @@
+Description: check_alu_op() function in kernel/bpf/verifier.c does not properly update bounds while handling the mov32 instruction
+References:
+ https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=3cf2b61eb06765e27fec6799292d9fb46d0b7e60
+ https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=b1a7288dedc6caf9023f2676b4f5ed34cf0d4029
+ https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=e572ff80f05c33cd0cb4860f864f5c9c044280b6 
+Notes:
+ carnil> Commit fixes 3f50f132d840 ("bpf: Verifier, do explicit ALU32
+ carnil> bounds tracking") in v5.7-rc1.
+Bugs:
+upstream: released (5.16-rc6) [3cf2b61eb06765e27fec6799292d9fb46d0b7e60, e572ff80f05c33cd0cb4860f864f5c9c044280b6]
+5.10-upstream-stable: released (5.10.88) [e2aad0b5f2cbf71a31d00ce7bb4dee948adff5a9, 279e0bf80d95184666c9d41361b1625c045d1dcb]
+4.19-upstream-stable: N/A "Vulnerable code introduced later"
+4.9-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (5.15.15-1)
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: N/A "Vulnerable code introduced later"
+4.9-stretch-security: N/A "Vulnerable code introduced later"
diff --git a/retired/CVE-2022-0185 b/retired/CVE-2022-0185
new file mode 100644
index 000000000..6d62a9c46
--- /dev/null
+++ b/retired/CVE-2022-0185
@@ -0,0 +1,19 @@
+Description: vfs: fs_context: fix up param length parsing in legacy_parse_param
+References:
+ https://www.openwall.com/lists/oss-security/2022/01/18/7
+ https://www.openwall.com/lists/oss-security/2022/01/25/14
+ https://twitter.com/cor_ctf/status/1486022971034529794
+ https://github.com/Crusaders-of-Rust/CVE-2022-0185
+ https://www.willsroot.io/2022/01/cve-2022-0185.html
+Notes:
+ carnil> Introduced with 3e1aeb00e6d1 ("vfs: Implement a filesystem
+ carnil> superblock creation/configuration context") in 5.1-rc1.
+Bugs:
+upstream: released (5.17-rc1) [722d94847de29310e8aa03fcbdb41fc92c521756]
+5.10-upstream-stable: released (5.10.93) [eadde287a62e66b2f9e62d007c59a8f50d4b8413]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1) [bugfix/all/vfs-fs_context-fix-up-param-length-parsing-in-legacy.patch]
+5.10-bullseye-security: released (5.10.92-1) [bugfix/all/vfs-fs_context-fix-up-param-length-parsing-in-legacy.patch]
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-0286 b/retired/CVE-2022-0286
new file mode 100644
index 000000000..0968ce7f6
--- /dev/null
+++ b/retired/CVE-2022-0286
@@ -0,0 +1,14 @@
+Description: bonding: fix null dereference in bond_ipsec_add_sa()
+References:
+ https://syzkaller.appspot.com/bug?id=160f641886d88bf11cbf1236cc4db994bb210626
+ https://bugzilla.redhat.com/show_bug.cgi?id=2037019
+Notes:
+Bugs:
+upstream: released (5.14-rc2) [105cd17a866017b45f3c45901b394c711c97bf40]
+5.10-upstream-stable: released (5.10.54) [ba7bfcdff1ad4ea475395079add1cd7b79f81684]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.70-1)
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-0433 b/retired/CVE-2022-0433
new file mode 100644
index 000000000..07038af56
--- /dev/null
+++ b/retired/CVE-2022-0433
@@ -0,0 +1,17 @@
+Description: bpf: Add missing map_get_next_key method to bloom filter map.
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2048259
+ https://lore.kernel.org/bpf/20210921210225.4095056-2-joannekoong@fb.com/
+ https://lore.kernel.org/bpf/d5776f5d-3416-4e3b-8751-8a5a9e6a0d4d@iogearbox.net/T/
+Notes:
+ carnil> Introduced with 9330986c0300 ("bpf: Add bloom filter map
+ carnil> implementation") in 5.16-rc1.
+Bugs:
+upstream: released (5.17-rc1) [3ccdcee28415c4226de05438b4d89eb5514edf73]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-23222 b/retired/CVE-2022-23222
new file mode 100644
index 000000000..a14b4646c
--- /dev/null
+++ b/retired/CVE-2022-23222
@@ -0,0 +1,20 @@
+Description: bpf: Fix out of bounds access from invalid *_or_null type verification
+References:
+ https://www.openwall.com/lists/oss-security/2022/01/13/1
+ https://www.openwall.com/lists/oss-security/2022/01/18/2
+Notes:
+ carnil> For stable series in 5.10.y, 5.15.y and 5.16.y the commit "bpf:
+ carnil> Fix out of bounds access from invalid *_or_null type
+ carnil> verification" was backported for fixing the issue as the issue
+ carnil> was fixed in mainline through the larger refactoring in
+ carnil> c25b2ae136039ffa820c26138ed4a5e5f3ab3841.
+ carnil> Fixed as well in 5.16.1 for 5.16.y, 5.15.15 for 5.15.y.
+Bugs:
+upstream: released (5.17-rc1) [c25b2ae136039ffa820c26138ed4a5e5f3ab3841]
+5.10-upstream-stable: released (5.10.92) [35ab8c9085b0af847df7fac9571ccd26d9f0f513]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-1)
+5.10-bullseye-security: released (5.10.92-1)
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2022-24122 b/retired/CVE-2022-24122
new file mode 100644
index 000000000..06c6eae31
--- /dev/null
+++ b/retired/CVE-2022-24122
@@ -0,0 +1,18 @@
+Description: ucount:  Make get_ucount a safe get_user replacement
+References:
+ https://www.openwall.com/lists/oss-security/2022/01/29/1
+Notes:
+ carnil> Introduced in v5.14-rc1 with merge of d64696905554
+ carnil> ("Reimplement RLIMIT_SIGPENDING on top of ucounts"),
+ carnil> 6e52a9f0532f ("Reimplement RLIMIT_MSGQUEUE on top of ucounts")
+ carnil> and d7c9e99aee48 ("Reimplement RLIMIT_MEMLOCK on top of
+ carnil> ucounts").
+Bugs:
+upstream: released (5.17-rc2) [f9d87929d451d3e649699d0f1d74f71f77ad38f5]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.15-2) [bugfix/all/ucount-Make-get_ucount-a-safe-get_user-replacement.patch]
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"