Retire some CVEs

4 files changed, 64 insertions, 0 deletions

diff --git a/retired/CVE-2023-5090 b/retired/CVE-2023-5090
new file mode 100644
index 00000000..e073e0a7
--- /dev/null
+++ b/retired/CVE-2023-5090
@@ -0,0 +1,14 @@
+Description: x86: KVM: SVM: always update the x2avic msr interception
+References:
+Notes:
+ carnil> Commit fixes 4d1d7942e36a ("KVM: SVM: Introduce logic to
+ carnil> (de)activate x2AVIC mode") in 6.0-rc1.
+Bugs:
+upstream: released (6.6-rc7) [b65235f6e102354ccafda601eaa1c5bef5284d21]
+6.1-upstream-stable: released (6.1.62) [7ab62e3415fb59289ab6dea31f0cc0237b949200]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.8-1) [bugfix/x86/x86-KVM-SVM-always-update-the-x2avic-msr-interceptio.patch]
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-5158 b/retired/CVE-2023-5158
new file mode 100644
index 00000000..4355df09
--- /dev/null
+++ b/retired/CVE-2023-5158
@@ -0,0 +1,16 @@
+Description: vringh: don't use vringh_kiov_advance() in vringh_iov_xfer()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2240561
+ https://lore.kernel.org/virtualization/20230925103057.104541-1-sgarzare@redhat.com/T/#u
+Notes:
+ carnil> Introduced with b8c06ad4d67d ("vringh: implement
+ carnil> vringh_kiov_advance()") in 5.13-rc1.
+Bugs:
+upstream: released (6.6-rc5) [7aed44babc7f97e82b38e9a68515e699692cc100]
+6.1-upstream-stable: released (6.1.57) [3a72decd6b49ff11a894aabd4d9b3025f046fe61]
+5.10-upstream-stable: N/A "Vulnerable code introduced later"
+4.19-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code introduced later"
+4.19-buster-security: N/A "Vulnerable code introduced later"
diff --git a/retired/CVE-2023-5345 b/retired/CVE-2023-5345
new file mode 100644
index 00000000..9ca8bdbb
--- /dev/null
+++ b/retired/CVE-2023-5345
@@ -0,0 +1,16 @@
+Description: fs/smb/client: Reset password pointer to NULL
+References:
+ https://kernel.dance/#e6e43b8aa7cd3c3af686caf0c2e11819a886d705
+Notes:
+ carnil> For 6.5.y fixed as well in 6.5.6.
+ carnil> Introduced in e6e43b8aa7cd ("fs/smb/client: Reset password
+ carnil> pointer to NULL") in 6.1-rc1.
+Bugs:
+upstream: released (6.6-rc4) [e6e43b8aa7cd3c3af686caf0c2e11819a886d705]
+6.1-upstream-stable: released (6.1.56) [f555a508087ab8210b4658120ac6413d6fe2b4c7]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-6111 b/retired/CVE-2023-6111
new file mode 100644
index 00000000..a29138fa
--- /dev/null
+++ b/retired/CVE-2023-6111
@@ -0,0 +1,18 @@
+Description: netfilter: nf_tables: remove catchall element in GC sync path
+References:
+ https://kernel.dance/93995bf4af2c5a99e2a87f0cd5ce547d31eb7630
+Notes:
+ carnil> Introduced in 4a9e12ea7e70 ("netfilter: nft_set_pipapo: call
+ carnil> nft_trans_gc_queue_sync() in catchall GC") in 6.6-rc3 (which
+ carnil> got backported to 6.5.6, 6.1.56, 5.15.134).
+ carnil> Fixed as well in 6.6.3 for 6.6.y and in 6.5.13 for 6.5.y.
+ carnil> We did backport the commit as well in 6.1.55-1.
+Bugs:
+upstream: released (6.7-rc1) [93995bf4af2c5a99e2a87f0cd5ce547d31eb7630]
+6.1-upstream-stable: released (6.1.64) [13e2d49647a7f137ebc063a4a9702dda80371b2e]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.13-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"