Retire several CVEs

author: Salvatore Bonaccorso <carnil@debian.org> 2024-04-24 09:59:51 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2024-04-24 09:59:51 +0200
commit: ac7dd58121bfa54c84c1d24e0cf506878ab0e2d4 (patch)
tree: abea21f77cab9916d3af7f1dddeb13b56f7d5478 /retired
parent: 77acbd7c01339dfeb0f67418ff00bf38d92d3645 (diff)
43 files changed, 730 insertions, 0 deletions
diff --git a/retired/CVE-2023-52643 b/retired/CVE-2023-52643
new file mode 100644
index 00000000..633bd7b8
--- /dev/null
+++ b/retired/CVE-2023-52643
@@ -0,0 +1,17 @@
+Description: iio: core: fix memleak in iio_device_register_sysfs
+References:
+Notes:
+ carnil> Introduced in 32f171724e5c ("iio: core: rework iio device group creation").
+ carnil> Vulnerable versions: 5.13-rc1.
+Bugs:
+upstream: released (6.8-rc5) [95a0d596bbd0552a78e13ced43f2be1038883c81]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.6) [3db312e06851996e7fb27cb5a8ccab4c0f9cdb93]
+6.6-upstream-stable: released (6.6.18) [b90126c86d83912688501826643ea698f0df1728]
+6.1-upstream-stable: released (6.1.79) [359f220d0e753bba840eac19ffedcdc816b532f2]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52645 b/retired/CVE-2023-52645
new file mode 100644
index 00000000..21a17a4e
--- /dev/null
+++ b/retired/CVE-2023-52645
@@ -0,0 +1,17 @@
+Description: pmdomain: mediatek: fix race conditions with genpd
+References:
+Notes:
+ carnil> Introduced in 59b644b01cf4 ("soc: mediatek: Add MediaTek SCPSYS power
+ carnil> domains"). Vulnerable versions: 5.11-rc1.
+Bugs:
+upstream: released (6.8-rc4) [c41336f4d69057cbf88fed47951379b384540df5]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.6) [3cd1d92ee1dbf3e8f988767eb75f26207397792b]
+6.6-upstream-stable: released (6.6.18) [f83b9abee9faa4868a6fac4669b86f4c215dae25]
+6.1-upstream-stable: released (6.1.80) [339ddc983bc1622341d95f244c361cda3da3a4ff]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26652 b/retired/CVE-2024-26652
new file mode 100644
index 00000000..efc7688f
--- /dev/null
+++ b/retired/CVE-2024-26652
@@ -0,0 +1,16 @@
+Description: net: pds_core: Fix possible double free in error handling path
+References:
+Notes:
+ carnil> Introduced in 4569cce43bc6 ("pds_core: add auxiliary_bus devices"). Vulnerable
+ carnil> versions: 6.4-rc1.
+Bugs:
+upstream: released (6.8) [ba18deddd6d502da71fd6b6143c53042271b82bd]
+6.7-upstream-stable: released (6.7.10) [ffda0e962f270b3ec937660afd15b685263232d3]
+6.6-upstream-stable: released (6.6.22) [995f802abff209514ac2ee03b96224237646cec3]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26653 b/retired/CVE-2024-26653
new file mode 100644
index 00000000..bd49c2b5
--- /dev/null
+++ b/retired/CVE-2024-26653
@@ -0,0 +1,16 @@
+Description: usb: misc: ljca: Fix double free in error handling path
+References:
+Notes:
+ carnil> Introduced in acd6199f195d ("usb: Add support for Intel LJCA device").
+ carnil> Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.9-rc2) [7c9631969287a5366bc8e39cd5abff154b35fb80]
+6.7-upstream-stable: released (6.7.12) [420babea4f1881a7c4ea22a8e218b8c6895d3f21]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26655 b/retired/CVE-2024-26655
new file mode 100644
index 00000000..52345cbb
--- /dev/null
+++ b/retired/CVE-2024-26655
@@ -0,0 +1,16 @@
+Description: Fix memory leak in posix_clock_open()
+References:
+Notes:
+ carnil> Introduced in 60c6946675fc ("posix-clock: introduce posix_clock_context
+ carnil> concept"). Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.9-rc2) [5b4cdd9c5676559b8a7c944ac5269b914b8c0bb8]
+6.7-upstream-stable: released (6.7.12) [a88649b49523e8cbe95254440d803e38c19d2341]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26657 b/retired/CVE-2024-26657
new file mode 100644
index 00000000..3bb2b2d4
--- /dev/null
+++ b/retired/CVE-2024-26657
@@ -0,0 +1,16 @@
+Description: drm/sched: fix null-ptr-deref in init entity
+References:
+Notes:
+ carnil> Introduced in 56e449603f0a ("drm/sched: Convert the GPU scheduler to variable
+ carnil> number of run-queues"). Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.9-rc2) [f34e8bb7d6c6626933fe993e03ed59ae85e16abb]
+6.7-upstream-stable: released (6.7.12) [74cd204c7afe498aa9dcc3ebf0ecac53d477a429]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26815 b/retired/CVE-2024-26815
new file mode 100644
index 00000000..1e026c2a
--- /dev/null
+++ b/retired/CVE-2024-26815
@@ -0,0 +1,17 @@
+Description: net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check
+References:
+Notes:
+ carnil> Introduced in a54fc09e4cba ("net/sched: taprio: allow user input of per-tc max
+ carnil> SDU"). Vulnerable versions: 6.1-rc1.
+Bugs:
+upstream: released (6.9-rc1) [343041b59b7810f9cdca371f445dd43b35c740b1]
+6.8-upstream-stable: released (6.8.2) [9b720bb1a69a9f12a4a5c86b6f89386fe05ed0f2]
+6.7-upstream-stable: released (6.7.11) [860e838fb089d652a446ced52cbdf051285b68e7]
+6.6-upstream-stable: released (6.6.23) [6915b1b28fe57e92c78e664366dc61c4f15ff03b]
+6.1-upstream-stable: released (6.1.83) [bd2474a45df7c11412c2587de3d4e43760531418]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26818 b/retired/CVE-2024-26818
new file mode 100644
index 00000000..722dee94
--- /dev/null
+++ b/retired/CVE-2024-26818
@@ -0,0 +1,17 @@
+Description: tools/rtla: Fix clang warning about mount_point var size
+References:
+Notes:
+ carnil> Introduced in a957cbc02531 ("rtla: Add -C cgroup support"). Vulnerable
+ carnil> versions: 6.5-rc1.
+Bugs:
+upstream: released (6.8-rc5) [30369084ac6e27479a347899e74f523e6ca29b89]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.6) [6bdd43f62ab3bb5a306af7f0ab857af45777f5a8]
+6.6-upstream-stable: released (6.6.18) [8a585914c266dc044f53b5c83c170f79b45fcf9a]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26823 b/retired/CVE-2024-26823
new file mode 100644
index 00000000..91df8a97
--- /dev/null
+++ b/retired/CVE-2024-26823
@@ -0,0 +1,17 @@
+Description: irqchip/gic-v3-its: Restore quirk probing for ACPI-based systems
+References:
+Notes:
+ carnil> Introduced in 9585a495ac93 ("irqchip/gic-v3-its: Split allocation from
+ carnil> initialisation of its_node"). Vulnerable versions: 6.6-rc6.
+Bugs:
+upstream: released (6.8-rc5) [8b02da04ad978827e5ccd675acf170198f747a7a]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.6) [4c60c611441f1f1e5de8e00e98ee5a4970778a00]
+6.6-upstream-stable: released (6.6.18) [91a80fff3eeed928b6fba21271f6a9719b22a5d8]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26824 b/retired/CVE-2024-26824
new file mode 100644
index 00000000..f30aef4d
--- /dev/null
+++ b/retired/CVE-2024-26824
@@ -0,0 +1,17 @@
+Description: crypto: algif_hash - Remove bogus SGL free on zero-length error path
+References:
+Notes:
+ carnil> Introduced in b6d972f68983 ("crypto: af_alg/hash: Fix recvmsg() after
+ carnil> sendmsg(MSG_MORE)"). Vulnerable versions: 6.5-rc1.
+Bugs:
+upstream: released (6.8-rc4) [24c890dd712f6345e382256cae8c97abb0406b70]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.6) [775f3c1882a493168e08fdb8cde0865c8f3a8a29]
+6.6-upstream-stable: released (6.6.18) [9c82920359b7c1eddaf72069bcfe0ffddf088cd0]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26826 b/retired/CVE-2024-26826
new file mode 100644
index 00000000..eba87e14
--- /dev/null
+++ b/retired/CVE-2024-26826
@@ -0,0 +1,17 @@
+Description: mptcp: fix data re-injection from stale subflow
+References:
+Notes:
+ carnil> Introduced in 1e1d9d6f119c ("mptcp: handle pending data on closed subflow").
+ carnil> Vulnerable versions: 5.15-rc1.
+Bugs:
+upstream: released (6.8-rc3) [b6c620dc43ccb4e802894e54b651cf81495e9598]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.6) [624902eab7abcb8731b333ec73f206d38d839cd8]
+6.6-upstream-stable: released (6.6.18) [b609c783c535493aa3fca22c7e40a120370b1ca5]
+6.1-upstream-stable: released (6.1.79) [6673d9f1c2cd984390550dbdf7d5ae07b20abbf8]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26829 b/retired/CVE-2024-26829
new file mode 100644
index 00000000..a1c24cd0
--- /dev/null
+++ b/retired/CVE-2024-26829
@@ -0,0 +1,17 @@
+Description: media: ir_toy: fix a memleak in irtoy_tx
+References:
+Notes:
+ carnil> Introduced in 4114978dcd24 ("media: ir_toy: prevent device from hanging during
+ carnil> transmit"). Vulnerable versions: 5.15.54 5.16-rc1.
+Bugs:
+upstream: released (6.8-rc5) [dc9ceb90c4b42c6e5c6757df1d6257110433788e]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.6) [b37259448bbc70af1d0e52a9dd5559a9c29c9621]
+6.6-upstream-stable: released (6.6.18) [7219a692ffc00089015ada33b85b334d1a4b6e8e]
+6.1-upstream-stable: released (6.1.79) [be76ad74a43f90f340f9f479e6b04f02125f6aef]
+5.10-upstream-stable: released (5.10.210) [486a4176bc783df798bce2903824801af8d2c3ae]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26831 b/retired/CVE-2024-26831
new file mode 100644
index 00000000..d57ef43b
--- /dev/null
+++ b/retired/CVE-2024-26831
@@ -0,0 +1,17 @@
+Description: net/handshake: Fix handshake_req_destroy_test1
+References:
+Notes:
+ carnil> Introduced in 4a0f07d71b04 ("net/handshake: Fix memory leak in __sock_create()
+ carnil> and sock_alloc_file()"). Vulnerable versions: 6.5.6 6.6-rc3.
+Bugs:
+upstream: released (6.8-rc5) [4e1d71cabb19ec2586827adfc60d68689c68c194]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.6) [7f97805b8df6e33850e225e6bd3ebd9e246920af]
+6.6-upstream-stable: released (6.6.18) [d74226e03df1bf19848f18344401f254345af912]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26832 b/retired/CVE-2024-26832
new file mode 100644
index 00000000..01184caa
--- /dev/null
+++ b/retired/CVE-2024-26832
@@ -0,0 +1,17 @@
+Description: mm: zswap: fix missing folio cleanup in writeback race path
+References:
+Notes:
+ carnil> Introduced in 04fc7816089c ("mm: fix zswap writeback race condition").
+ carnil> Vulnerable versions: 6.1.30 6.3.4 6.4-rc3.
+Bugs:
+upstream: released (6.8-rc6) [e3b63e966cac0bf78aaa1efede1827a252815a1d]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.7) [e2891c763aa2cff74dd6b5e978411ccf0cf94abe]
+6.6-upstream-stable: released (6.6.19) [6156277d1b26cb3fdb6fcbf0686ab78268571644]
+6.1-upstream-stable: released (6.1.80) [14f1992430ef9e647b02aa8ca12c5bcb9a1dffea]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26834 b/retired/CVE-2024-26834
new file mode 100644
index 00000000..89c8861e
--- /dev/null
+++ b/retired/CVE-2024-26834
@@ -0,0 +1,17 @@
+Description: netfilter: nft_flow_offload: release dst in case direct xmit path is used
+References:
+Notes:
+ carnil> Introduced in fa502c865666 ("netfilter: flowtable: simplify route logic").
+ carnil> Vulnerable versions: 5.15.150 6.1.80 6.5-rc1.
+Bugs:
+upstream: released (6.8-rc6) [8762785f459be1cfe6fcf7285c123aad6a3703f0]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.7) [2d17cf10179a7de6d8f0128168b84ad0b4a1863f]
+6.6-upstream-stable: released (6.6.19) [9256ab9232e35a16af9c30fa4e522e6d1bd3605a]
+6.1-upstream-stable: released (6.1.80) [a6cafdb49a7bbf4a88367db209703eee6941e023]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26837 b/retired/CVE-2024-26837
new file mode 100644
index 00000000..f59ee9e6
--- /dev/null
+++ b/retired/CVE-2024-26837
@@ -0,0 +1,17 @@
+Description: net: bridge: switchdev: Skip MDB replays of deferred events on offload
+References:
+Notes:
+ carnil> Introduced in 4f2673b3a2b6 ("net: bridge: add helper to replay port and
+ carnil> host-joined mdb entries"). Vulnerable versions: 5.13-rc1.
+Bugs:
+upstream: released (6.8-rc6) [dc489f86257cab5056e747344f17a164f63bff4b]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.7) [e0b4c5b1d760008f1dd18c07c35af0442e54f9c8]
+6.6-upstream-stable: released (6.6.19) [603be95437e7fd85ba694e75918067fb9e7754db]
+6.1-upstream-stable: released (6.1.80) [2d5b4b3376fa146a23917b8577064906d643925f]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26838 b/retired/CVE-2024-26838
new file mode 100644
index 00000000..37c3434d
--- /dev/null
+++ b/retired/CVE-2024-26838
@@ -0,0 +1,17 @@
+Description: RDMA/irdma: Fix KASAN issue with tasklet
+References:
+Notes:
+ carnil> Introduced in 44d9e52977a1 ("RDMA/irdma: Implement device initialization
+ carnil> definitions"). Vulnerable versions: 5.14-rc1.
+Bugs:
+upstream: released (6.8-rc6) [bd97cea7b18a0a553773af806dfbfac27a7c4acb]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.7) [0ae8ad0013978f7471f22bcf45b027393e87f5dc]
+6.6-upstream-stable: released (6.6.19) [c6f1ca235f68b22b3e691b2ea87ac285e5946848]
+6.1-upstream-stable: released (6.1.80) [b2e4a5266e3d133b4c7f0e43bf40d13ce14fd1aa]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26847 b/retired/CVE-2024-26847
new file mode 100644
index 00000000..deeb3770
--- /dev/null
+++ b/retired/CVE-2024-26847
@@ -0,0 +1,17 @@
+Description: powerpc/rtas: use correct function name for resetting TCE tables
+References:
+Notes:
+ carnil> Introduced in 8252b88294d2 ("powerpc/rtas: improve function information
+ carnil> lookups"). Vulnerable versions: 6.3-rc1.
+Bugs:
+upstream: released (6.8-rc7) [fad87dbd48156ab940538f052f1820f4b6ed2819]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.9) [dd63817baf334888289877ab1db1d866af2a6479]
+6.6-upstream-stable: released (6.6.21) [6b6282d56b14879124416a23837af9bd52ae2dfb]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.9-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26849 b/retired/CVE-2024-26849
new file mode 100644
index 00000000..f64668a4
--- /dev/null
+++ b/retired/CVE-2024-26849
@@ -0,0 +1,17 @@
+Description: netlink: add nla be16/32 types to minlen array
+References:
+Notes:
+ carnil> Introduced in ecaf75ffd5f5 ("netlink: introduce bigendian integer types").
+ carnil> Vulnerable versions: 6.1-rc4.
+Bugs:
+upstream: released (6.8-rc7) [9a0d18853c280f6a0ee99f91619f2442a17a323a]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.9) [7a9d14c63b35f89563c5ecbadf918ad64979712d]
+6.6-upstream-stable: released (6.6.21) [a2ab028151841cd833cb53eb99427e0cc990112d]
+6.1-upstream-stable: released (6.1.81) [0ac219c4c3ab253f3981f346903458d20bacab32]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.9-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26850 b/retired/CVE-2024-26850
new file mode 100644
index 00000000..f7423a3e
--- /dev/null
+++ b/retired/CVE-2024-26850
@@ -0,0 +1,17 @@
+Description: mm/debug_vm_pgtable: fix BUG_ON with pud advanced test
+References:
+Notes:
+ carnil> Introduced in 27af67f35631 ("powerpc/book3s64/mm: enable transparent pud
+ carnil> hugepage"). Vulnerable versions: 6.6-rc1.
+Bugs:
+upstream: released (6.8-rc7) [720da1e593b85a550593b415bf1d79a053133451]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.9) [eeeddf85fc58d48c58ad916e4ca12363ebd8ab21]
+6.6-upstream-stable: released (6.6.21) [d2a9510c0e39d06f5544075c13040407bdbf2803]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.9-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26853 b/retired/CVE-2024-26853
new file mode 100644
index 00000000..3cefb5b1
--- /dev/null
+++ b/retired/CVE-2024-26853
@@ -0,0 +1,17 @@
+Description: igc: avoid returning frame twice in XDP_REDIRECT
+References:
+Notes:
+ carnil> Introduced in 4ff320361092 ("igc: Add support for XDP_REDIRECT action").
+ carnil> Vulnerable versions: 5.13-rc1.
+Bugs:
+upstream: released (6.8) [ef27f655b438bed4c83680e4f01e1cde2739854b]
+6.8-upstream-stable: released (6.8) [ef27f655b438bed4c83680e4f01e1cde2739854b]
+6.7-upstream-stable: released (6.7.10) [1b3b8231386a572bac8cd5b6fd7e944b84f9bb1f]
+6.6-upstream-stable: released (6.6.22) [8df393af9e7e8dfd62e9c41dbaa4d2ff53bf794a]
+6.1-upstream-stable: released (6.1.82) [63a3c1f3c9ecc654d851e7906d05334cd0c236e2]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26854 b/retired/CVE-2024-26854
new file mode 100644
index 00000000..6d0af286
--- /dev/null
+++ b/retired/CVE-2024-26854
@@ -0,0 +1,17 @@
+Description: ice: fix uninitialized dplls mutex usage
+References:
+Notes:
+ carnil> Introduced in d7999f5ea64b ("ice: implement dpll interface to control cgu").
+ carnil> Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.8) [9224fc86f1776193650a33a275cac628952f80a9]
+6.8-upstream-stable: released (6.8) [9224fc86f1776193650a33a275cac628952f80a9]
+6.7-upstream-stable: released (6.7.10) [db29ceff3e25c48907016da456a7cbee6310fd83]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26856 b/retired/CVE-2024-26856
new file mode 100644
index 00000000..fc70e562
--- /dev/null
+++ b/retired/CVE-2024-26856
@@ -0,0 +1,17 @@
+Description: net: sparx5: Fix use after free inside sparx5_del_mact_entry
+References:
+Notes:
+ carnil> Introduced in b37a1bae742f ("net: sparx5: add mactable support"). Vulnerable
+ carnil> versions: 5.14-rc1.
+Bugs:
+upstream: released (6.8) [89d72d4125e94aa3c2140fedd97ce07ba9e37674]
+6.8-upstream-stable: released (6.8) [89d72d4125e94aa3c2140fedd97ce07ba9e37674]
+6.7-upstream-stable: released (6.7.10) [71809805b95052ff551922f11660008fb3666025]
+6.6-upstream-stable: released (6.6.22) [e83bebb718fd1f42549358730e1206164e0861d6]
+6.1-upstream-stable: released (6.1.82) [0de693d68b0a18d5e256556c7c62d92cca35ad52]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26858 b/retired/CVE-2024-26858
new file mode 100644
index 00000000..e6c79fea
--- /dev/null
+++ b/retired/CVE-2024-26858
@@ -0,0 +1,17 @@
+Description: net/mlx5e: Use a memory barrier to enforce PTP WQ xmit submission tracking occurs after populating the metadata_map
+References:
+Notes:
+ carnil> Introduced in 7e3f3ba97e6c ("net/mlx5e: Track xmit submission to PTP WQ after
+ carnil> populating metadata map"). Vulnerable versions: 6.5.13 6.6.3 6.7-rc2.
+Bugs:
+upstream: released (6.8) [b7cf07586c40f926063d4d09f7de28ff82f62b2a]
+6.8-upstream-stable: released (6.8) [b7cf07586c40f926063d4d09f7de28ff82f62b2a]
+6.7-upstream-stable: released (6.7.10) [936ef086161ab89a7f38f7a0761d6a3063c3277e]
+6.6-upstream-stable: released (6.6.22) [d1f71615dbb305f14f3b756cce015d70d8667549]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26860 b/retired/CVE-2024-26860
new file mode 100644
index 00000000..40c02779
--- /dev/null
+++ b/retired/CVE-2024-26860
@@ -0,0 +1,17 @@
+Description: dm-integrity: fix a memory leak when rechecking the data
+References:
+Notes:
+ carnil> Introduced in c88f5e553fe3 ("dm-integrity: recheck the integrity tag after a
+ carnil> failure"). Vulnerable versions: 6.1.80 6.6.19 6.7.7 6.8-rc6.
+Bugs:
+upstream: released (6.9-rc1) [55e565c42dce81a4e49c13262d5bc4eb4c2e588a]
+6.8-upstream-stable: released (6.8.2) [6d35654f03c35c273240d85ec67e3f2c3596c4e0]
+6.7-upstream-stable: released (6.7.11) [74abc2fe09691f3d836d8a54d599ca71f1e4287b]
+6.6-upstream-stable: released (6.6.23) [338580a7fb9b0930bb38098007e89cc0fc496bf7]
+6.1-upstream-stable: released (6.1.83) [20e21c3c0195d915f33bc7321ee6b362177bf5bf]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26864 b/retired/CVE-2024-26864
new file mode 100644
index 00000000..b1949e8c
--- /dev/null
+++ b/retired/CVE-2024-26864
@@ -0,0 +1,18 @@
+Description: tcp: Fix refcnt handling in __inet_hash_connect().
+References:
+Notes:
+ carnil> Introduced in 66b60b0c8c4a ("dccp/tcp: Unhash sk from ehash for tb2 alloc
+ carnil> failure after check_estalblished()."). Vulnerable versions: 6.1.80 6.6.19 6.7.7
+ carnil> 6.8-rc6.
+Bugs:
+upstream: released (6.9-rc1) [04d9d1fc428ac9f581d55118d67e0cb546701feb]
+6.8-upstream-stable: released (6.8.2) [ad105cde6b261b8b05ec872fe7d1987417d7fe5a]
+6.7-upstream-stable: released (6.7.11) [1b20e61d36f490319d3fbdedd410155232ab5190]
+6.6-upstream-stable: released (6.6.23) [856baaa100cd288d3685eedae9a129c996e7e755]
+6.1-upstream-stable: released (6.1.83) [86d9b040421bbd26425f5a3edc226f57ecdecbfe]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26867 b/retired/CVE-2024-26867
new file mode 100644
index 00000000..c89cc59a
--- /dev/null
+++ b/retired/CVE-2024-26867
@@ -0,0 +1,17 @@
+Description: comedi: comedi_8255: Correct error in subdevice initialization
+References:
+Notes:
+ carnil> Introduced in 5c57b1ccecc7 ("comedi: comedi_8255: Rework subdevice
+ carnil> initialization functions"). Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.8) [cfa9ba1ae0bef0681833a22d326174fe633caab5]
+6.8-upstream-stable: released (6.8) [cfa9ba1ae0bef0681833a22d326174fe633caab5]
+6.7-upstream-stable: released (6.7.11) [4a825457a45d8debc46ab8cba57d47462411710d]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26868 b/retired/CVE-2024-26868
new file mode 100644
index 00000000..e2e971b6
--- /dev/null
+++ b/retired/CVE-2024-26868
@@ -0,0 +1,17 @@
+Description: nfs: fix panic when nfs4_ff_layout_prepare_ds() fails
+References:
+Notes:
+ carnil> Introduced in b739a5bd9d9f ("NFSv4/flexfiles: Cancel I/O if the layout is
+ carnil> recalled or revoked"). Vulnerable versions: 6.1-rc1.
+Bugs:
+upstream: released (6.9-rc1) [719fcafe07c12646691bd62d7f8d94d657fa0766]
+6.8-upstream-stable: released (6.8.2) [dac068f164ad05b35e7c0be13f138c3f6adca58f]
+6.7-upstream-stable: released (6.7.11) [5ada9016b1217498fad876a3d5b07645cc955608]
+6.6-upstream-stable: released (6.6.23) [7ca651b4ec4a049f5a46a0e5ff921b86b91c47c5]
+6.1-upstream-stable: released (6.1.83) [31db25e3141b20e2a76a9f219eeca52e3cab126c]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26871 b/retired/CVE-2024-26871
new file mode 100644
index 00000000..9cbcac41
--- /dev/null
+++ b/retired/CVE-2024-26871
@@ -0,0 +1,17 @@
+Description: f2fs: fix NULL pointer dereference in f2fs_submit_page_write()
+References:
+Notes:
+ carnil> Introduced in e067dc3c6b9c ("f2fs: maintain six open zones for zoned devices").
+ carnil> Vulnerable versions: 6.5-rc1.
+Bugs:
+upstream: released (6.9-rc1) [c2034ef6192a65a986a45c2aa2ed05824fdc0e9f]
+6.8-upstream-stable: released (6.8.2) [6d102382a11d5e6035f6c98f6e508a38541f7af3]
+6.7-upstream-stable: released (6.7.11) [4c122a32582b67bdd44ca8d25f894ee2dc54f566]
+6.6-upstream-stable: released (6.6.23) [8e2ea8b04cb8d976110c4568509e67d6a39b2889]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26873 b/retired/CVE-2024-26873
new file mode 100644
index 00000000..8fd1e910
--- /dev/null
+++ b/retired/CVE-2024-26873
@@ -0,0 +1,17 @@
+Description: scsi: hisi_sas: Fix a deadlock issue related to automatic dump
+References:
+Notes:
+ carnil> Introduced in 2ff07b5c6fe9 ("scsi: hisi_sas: Directly call register snapshot
+ carnil> instead of using workqueue"). Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.9-rc1) [3c4f53b2c341ec6428b98cb51a89a09b025d0953]
+6.8-upstream-stable: released (6.8.2) [85c98073ffcfe9e46abfb9c66f3364467119d563]
+6.7-upstream-stable: released (6.7.11) [e022dd3b875315a2d2001a512e98d1dc8c991f4a]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26879 b/retired/CVE-2024-26879
new file mode 100644
index 00000000..f3032332
--- /dev/null
+++ b/retired/CVE-2024-26879
@@ -0,0 +1,17 @@
+Description: clk: meson: Add missing clocks to axg_clk_regmaps
+References:
+Notes:
+ carnil> Introduced in 14ebb3154b8f ("clk: meson: axg: add Video Clocks"). Vulnerable
+ carnil> versions: 5.11-rc1.
+Bugs:
+upstream: released (6.9-rc1) [ba535bce57e71463a86f8b33a0ea88c26e3a6418]
+6.8-upstream-stable: released (6.8.2) [9f3e5df38b4528213449e55b80f0316864f2a1c8]
+6.7-upstream-stable: released (6.7.11) [a860aaebacbc908fa06e2642402058f40bfffe10]
+6.6-upstream-stable: released (6.6.23) [0cbefc7b5bdad86b18a263d837450cdc9a56f8d7]
+6.1-upstream-stable: released (6.1.83) [7ae1b0dc12ec407f12f80b49d22c6ad2308e2202]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26881 b/retired/CVE-2024-26881
new file mode 100644
index 00000000..b491b97b
--- /dev/null
+++ b/retired/CVE-2024-26881
@@ -0,0 +1,17 @@
+Description: net: hns3: fix kernel crash when 1588 is received on HIP08 devices
+References:
+Notes:
+ carnil> Introduced in 0bf5eb788512 ("net: hns3: add support for PTP"). Vulnerable
+ carnil> versions: 5.14-rc1.
+Bugs:
+upstream: released (6.9-rc1) [0fbcf2366ba9888cf02eda23e35fde7f7fcc07c3]
+6.8-upstream-stable: released (6.8.2) [11b998360d96f6c76f04a95f54b49f24d3c858e4]
+6.7-upstream-stable: released (6.7.11) [b2bb19114c079dcfec1ea46e761f510e30505e70]
+6.6-upstream-stable: released (6.6.23) [f0b5225a7dfc1bf53c98215db8c2f0b4efd3f108]
+6.1-upstream-stable: released (6.1.83) [b3cf70472a600bcb2efe24906bc9bc6014d4c6f6]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26887 b/retired/CVE-2024-26887
new file mode 100644
index 00000000..41ae4857
--- /dev/null
+++ b/retired/CVE-2024-26887
@@ -0,0 +1,17 @@
+Description: Bluetooth: btusb: Fix memory leak
+References:
+Notes:
+ carnil> Introduced in 0b7015132878 ("Bluetooth: btusb: mediatek: add MediaTek
+ carnil> devcoredump support"). Vulnerable versions: 6.6-rc1.
+Bugs:
+upstream: released (6.9-rc1) [79f4127a502c5905f04da1f20a7bbe07103fb77c]
+6.8-upstream-stable: released (6.8.2) [b08bd8f02a24e2b82fece5ac51dc1c3d9aa6c404]
+6.7-upstream-stable: released (6.7.11) [b10e6f6b160a60b98fb7476028f5a95405bbd725]
+6.6-upstream-stable: released (6.6.23) [620b9e60e4b55fa55540ce852a0f3c9e6091dbbc]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26888 b/retired/CVE-2024-26888
new file mode 100644
index 00000000..4fb7b9c4
--- /dev/null
+++ b/retired/CVE-2024-26888
@@ -0,0 +1,17 @@
+Description: Bluetooth: msft: Fix memory leak
+References:
+Notes:
+ carnil> Introduced in 9e14606d8f38 ("Bluetooth: msft: Extended monitor tracking by
+ carnil> address filter"). Vulnerable versions: 6.4.16 6.5.3 6.6-rc1.
+Bugs:
+upstream: released (6.9-rc1) [a6e06258f4c31eba0fcd503e19828b5f8fe7b08b]
+6.8-upstream-stable: released (6.8.2) [5cb93417c93716a5404f762f331f5de3653fd952]
+6.7-upstream-stable: released (6.7.11) [5987b9f7d9314c7411136005b3a52f61a8cc0911]
+6.6-upstream-stable: released (6.6.23) [98e9920c75e0790bff947a00d192d24bf1c724e0]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26890 b/retired/CVE-2024-26890
new file mode 100644
index 00000000..947da54d
--- /dev/null
+++ b/retired/CVE-2024-26890
@@ -0,0 +1,18 @@
+Description: Bluetooth: btrtl: fix out of bounds memory access
+References:
+Notes:
+ carnil> Introduced in 5b355944b190 ("Bluetooth: btrtl: Add btrealtek data struct")
+ carnil> 044014ce85a1 ("Bluetooth: btrtl: Add Realtek devcoredump support"). Vulnerable
+ carnil> versions: 6.2-rc1.
+Bugs:
+upstream: released (6.9-rc1) [de4e88ec58c4202efd1f02eebb4939bbf6945358]
+6.8-upstream-stable: released (6.8.2) [0c657e641df1e77d6087688190f632cad9c0439b]
+6.7-upstream-stable: released (6.7.11) [2f232bc389a4f5943c40733582f9edf77b89e499]
+6.6-upstream-stable: released (6.6.23) [dd163fa34c483f1674aa2510accce11a224f649e]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26892 b/retired/CVE-2024-26892
new file mode 100644
index 00000000..3f5c3f8d
--- /dev/null
+++ b/retired/CVE-2024-26892
@@ -0,0 +1,17 @@
+Description: wifi: mt76: mt7921e: fix use-after-free in free_irq()
+References:
+Notes:
+ carnil> Introduced in 9270270d6219 ("wifi: mt76: mt7921: fix PCI DMA hang after
+ carnil> reboot"). Vulnerable versions: 6.2.15 6.3.2 6.4-rc1.
+Bugs:
+upstream: released (6.9-rc1) [c957280ef6ab6bdf559a91ae693a6b34310697e3]
+6.8-upstream-stable: released (6.8.2) [bfeaef901194c5923ce3330272786eff2fac513a]
+6.7-upstream-stable: released (6.7.11) [bfe1adf1606f76c180324e53b130f0e76d5cc6c3]
+6.6-upstream-stable: released (6.6.23) [c7dd42fbebcfb02bef070fd48f774d6412d0b49d]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26899 b/retired/CVE-2024-26899
new file mode 100644
index 00000000..1a94bf69
--- /dev/null
+++ b/retired/CVE-2024-26899
@@ -0,0 +1,17 @@
+Description: block: fix deadlock between bd_link_disk_holder and partition scan
+References:
+Notes:
+ carnil> Introduced in 1b0a2d950ee2 ("md: use new apis to suspend array for ioctls
+ carnil> involed array reconfiguration"). Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.9-rc1) [03f12122b20b6e6028e9ed69030a49f9cffcbb75]
+6.8-upstream-stable: released (6.8.2) [5a87c1f7993bc8ac358a3766bac5dc7126e01e98]
+6.7-upstream-stable: released (6.7.11) [1e5c5b0abaee7b62a10b9707a62083b71ad21f62]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26909 b/retired/CVE-2024-26909
new file mode 100644
index 00000000..d6efe549
--- /dev/null
+++ b/retired/CVE-2024-26909
@@ -0,0 +1,18 @@
+Description: soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free
+References:
+Notes:
+ carnil> Introduced in 080b4e24852b ("soc: qcom: pmic_glink: Introduce altmode support")
+ carnil> 2bcca96abfbf ("soc: qcom: pmic-glink: switch to DRM_AUX_HPD_BRIDGE").
+ carnil> Vulnerable versions: 6.3-rc1.
+Bugs:
+upstream: released (6.8-rc7) [b979f2d50a099f3402418d7ff5f26c3952fb08bb]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.11) [ef45aa2841e15b649e5417fe3d4de395fe462781]
+6.6-upstream-stable: released (6.6.23) [2bbd65c6ca567ed8dbbfc4fb945f57ce64bef342]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26911 b/retired/CVE-2024-26911
new file mode 100644
index 00000000..57f0da04
--- /dev/null
+++ b/retired/CVE-2024-26911
@@ -0,0 +1,17 @@
+Description: drm/buddy: Fix alloc_range() error handling code
+References:
+Notes:
+ carnil> Introduced in 0a1844bf0b53 ("drm/buddy: Improve contiguous memory allocation").
+ carnil> Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.8-rc5) [8746c6c9dfa31d269c65dd52ab42fde0720b7d91]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.6) [4b59c3fada06e5e8010ef7700689c71986e667a2]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26912 b/retired/CVE-2024-26912
new file mode 100644
index 00000000..50e2a47e
--- /dev/null
+++ b/retired/CVE-2024-26912
@@ -0,0 +1,17 @@
+Description: drm/nouveau: fix several DMA buffer leaks
+References:
+Notes:
+ carnil> Introduced in 176fdcbddfd2 ("drm/nouveau/gsp/r535: add support for booting
+ carnil> GSP-RM"). Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.8-rc4) [042b5f83841fbf7ce39474412db3b5e4765a7ea7]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.6) [6190d4c08897d748dd25f0b78267a90aa1694e15]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26916 b/retired/CVE-2024-26916
new file mode 100644
index 00000000..b9bb7373
--- /dev/null
+++ b/retired/CVE-2024-26916
@@ -0,0 +1,17 @@
+Description: Revert "drm/amd: flush any delayed gfxoff on suspend entry"
+References:
+Notes:
+ carnil> Introduced in ab4750332dbe ("drm/amdgpu/sdma5.2: add begin/end_use ring
+ carnil> callbacks"). Vulnerable versions: 5.15.144 6.1.69 6.6.8 6.7-rc6.
+Bugs:
+upstream: released (6.8-rc5) [916361685319098f696b798ef1560f69ed96e934]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.6) [d855ceb6a5fde668c5431156bc60fae0cc52b764]
+6.6-upstream-stable: released (6.6.18) [caa2565a2e13899be31f7b1e069e6465d3e2adb0]
+6.1-upstream-stable: released (6.1.79) [ff70e6ff6fc2413caf33410af7462d1f584d927e]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26918 b/retired/CVE-2024-26918
new file mode 100644
index 00000000..155ba252
--- /dev/null
+++ b/retired/CVE-2024-26918
@@ -0,0 +1,17 @@
+Description: PCI: Fix active state requirement in PME polling
+References:
+Notes:
+ carnil> Introduced in d3fcd7360338 ("PCI: Fix runtime PM race with PME polling").
+ carnil> Vulnerable versions: 6.6-rc1.
+Bugs:
+upstream: released (6.8-rc5) [41044d5360685e78a869d40a168491a70cdb7e73]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.6) [a4f12e5cbac2865c151d1e97e36eb24205afb23b]
+6.6-upstream-stable: released (6.6.18) [63b1a3d9dd3b3f6d67f524e76270e66767090583]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26919 b/retired/CVE-2024-26919
new file mode 100644
index 00000000..21d9e476
--- /dev/null
+++ b/retired/CVE-2024-26919
@@ -0,0 +1,17 @@
+Description: usb: ulpi: Fix debugfs directory leak
+References:
+Notes:
+ carnil> Introduced in bd0a0a024f2a ("usb: ulpi: Add debugfs support"). Vulnerable
+ carnil> versions: 5.18-rc1.
+Bugs:
+upstream: released (6.8-rc3) [3caf2b2ad7334ef35f55b95f3e1b138c6f77b368]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.6) [33713945cc92ea9c4a1a9479d5c1b7acb7fc4df3]
+6.6-upstream-stable: released (6.6.18) [330d22aba17a4d30a56f007d0f51291d7e00862b]
+6.1-upstream-stable: released (6.1.79) [d31b886ed6a5095214062ee4fb55037eb930adb6]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
author	Salvatore Bonaccorso <carnil@debian.org>	2024-04-24 09:59:51 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2024-04-24 09:59:51 +0200
commit	ac7dd58121bfa54c84c1d24e0cf506878ab0e2d4 (patch)
tree	abea21f77cab9916d3af7f1dddeb13b56f7d5478 /retired
parent	77acbd7c01339dfeb0f67418ff00bf38d92d3645 (diff)