diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2023-12-11 21:25:19 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2023-12-11 21:25:19 +0100 |
commit | b1b41f68e64aa573b744d1846b1bb480b208b871 (patch) | |
tree | 2e055daddfb7d97a88bba0938673032b72eaa331 /retired | |
parent | 1795a2f8d4a83b718a2e227c6abd9a8bfe8fe3c4 (diff) |
Retire some CVEs
Diffstat (limited to 'retired')
-rw-r--r-- | retired/CVE-2023-5090 | 14 | ||||
-rw-r--r-- | retired/CVE-2023-5158 | 16 | ||||
-rw-r--r-- | retired/CVE-2023-5345 | 16 | ||||
-rw-r--r-- | retired/CVE-2023-6111 | 18 |
4 files changed, 64 insertions, 0 deletions
diff --git a/retired/CVE-2023-5090 b/retired/CVE-2023-5090 new file mode 100644 index 00000000..e073e0a7 --- /dev/null +++ b/retired/CVE-2023-5090 @@ -0,0 +1,14 @@ +Description: x86: KVM: SVM: always update the x2avic msr interception +References: +Notes: + carnil> Commit fixes 4d1d7942e36a ("KVM: SVM: Introduce logic to + carnil> (de)activate x2AVIC mode") in 6.0-rc1. +Bugs: +upstream: released (6.6-rc7) [b65235f6e102354ccafda601eaa1c5bef5284d21] +6.1-upstream-stable: released (6.1.62) [7ab62e3415fb59289ab6dea31f0cc0237b949200] +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.5.8-1) [bugfix/x86/x86-KVM-SVM-always-update-the-x2avic-msr-interceptio.patch] +6.1-bookworm-security: released (6.1.64-1) +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2023-5158 b/retired/CVE-2023-5158 new file mode 100644 index 00000000..4355df09 --- /dev/null +++ b/retired/CVE-2023-5158 @@ -0,0 +1,16 @@ +Description: vringh: don't use vringh_kiov_advance() in vringh_iov_xfer() +References: + https://bugzilla.redhat.com/show_bug.cgi?id=2240561 + https://lore.kernel.org/virtualization/20230925103057.104541-1-sgarzare@redhat.com/T/#u +Notes: + carnil> Introduced with b8c06ad4d67d ("vringh: implement + carnil> vringh_kiov_advance()") in 5.13-rc1. +Bugs: +upstream: released (6.6-rc5) [7aed44babc7f97e82b38e9a68515e699692cc100] +6.1-upstream-stable: released (6.1.57) [3a72decd6b49ff11a894aabd4d9b3025f046fe61] +5.10-upstream-stable: N/A "Vulnerable code introduced later" +4.19-upstream-stable: N/A "Vulnerable code introduced later" +sid: released (6.5.8-1) +6.1-bookworm-security: released (6.1.64-1) +5.10-bullseye-security: N/A "Vulnerable code introduced later" +4.19-buster-security: N/A "Vulnerable code introduced later" diff --git a/retired/CVE-2023-5345 b/retired/CVE-2023-5345 new file mode 100644 index 00000000..9ca8bdbb --- /dev/null +++ b/retired/CVE-2023-5345 @@ -0,0 +1,16 @@ +Description: fs/smb/client: Reset password pointer to NULL +References: + https://kernel.dance/#e6e43b8aa7cd3c3af686caf0c2e11819a886d705 +Notes: + carnil> For 6.5.y fixed as well in 6.5.6. + carnil> Introduced in e6e43b8aa7cd ("fs/smb/client: Reset password + carnil> pointer to NULL") in 6.1-rc1. +Bugs: +upstream: released (6.6-rc4) [e6e43b8aa7cd3c3af686caf0c2e11819a886d705] +6.1-upstream-stable: released (6.1.56) [f555a508087ab8210b4658120ac6413d6fe2b4c7] +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.5.6-1) +6.1-bookworm-security: released (6.1.64-1) +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2023-6111 b/retired/CVE-2023-6111 new file mode 100644 index 00000000..a29138fa --- /dev/null +++ b/retired/CVE-2023-6111 @@ -0,0 +1,18 @@ +Description: netfilter: nf_tables: remove catchall element in GC sync path +References: + https://kernel.dance/93995bf4af2c5a99e2a87f0cd5ce547d31eb7630 +Notes: + carnil> Introduced in 4a9e12ea7e70 ("netfilter: nft_set_pipapo: call + carnil> nft_trans_gc_queue_sync() in catchall GC") in 6.6-rc3 (which + carnil> got backported to 6.5.6, 6.1.56, 5.15.134). + carnil> Fixed as well in 6.6.3 for 6.6.y and in 6.5.13 for 6.5.y. + carnil> We did backport the commit as well in 6.1.55-1. +Bugs: +upstream: released (6.7-rc1) [93995bf4af2c5a99e2a87f0cd5ce547d31eb7630] +6.1-upstream-stable: released (6.1.64) [13e2d49647a7f137ebc063a4a9702dda80371b2e] +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.5.13-1) +6.1-bookworm-security: released (6.1.64-1) +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" |