Retire two CVEs

author: Salvatore Bonaccorso <carnil@debian.org> 2023-08-14 21:21:08 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2023-08-14 21:21:08 +0200
commit: b66a0410dc23c6bad283d50a9e50f69fb4efcc78 (patch)
tree: e3dafe75bfeda41560e7eceb30e7c7dc81ec2fe5 /retired
parent: f5da24cf8b4f4e4e11bb418586c1cd4dd8f42d85 (diff)
2 files changed, 33 insertions, 0 deletions
diff --git a/retired/CVE-2022-40982 b/retired/CVE-2022-40982
new file mode 100644
index 00000000..5c7f0bcb
--- /dev/null
+++ b/retired/CVE-2022-40982
@@ -0,0 +1,15 @@
+Description: Gather Data Sampling (GDS)
+References:
+ https://www.openwall.com/lists/oss-security/2023/08/08/5
+ https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/gather-data-sampling.html
+ https://downfall.page/
+Notes:
+Bugs:
+upstream: released (6.5-rc6) [8974eb588283b7d44a7c91fa09fcbaf380339f3a, 553a5c03e90a6087e88f8ff878335ef0621536fb, 53cf5797f114ba2bd86d23a862302119848eff19, 81ac7e5d741742d650b4ed6186c4826c1a0631a7, 1b0fc0345f2852ffe54fb9ae0e12e2ee69ad6a20]
+6.1-upstream-stable: released (6.1.44) [d5501f2ff80d30d615d59531825d3a5f0bb0d35d, 7918a3555a2502a4d86b831da089f3b985d1bca9, e2e06240ae4780977387906e2e11774283ca7997, 403e4cc67e4cf9226c57a7cb27c7f4365d2143b7, 08e86d42e2c916e362d124e3bc6c824eb1862498, 489ae02c89936c7e40f04191e8c160ac53649526, 6a90583dbd9b794071b8b54d8c36f40a459d1051, 84f585542ec69226311be5a4500a4b3cbad6fb5b, ce97072e10cc844fac8176681b2cb17bf3eaaa7b, 8beabde0ed8d31e45a3d9484f0591a18c0c94cc7, a3342c60dcc58007cc14b2cf1ebc7e2b563423a8, 8183a89caf67a1f56f1da1d6081e26a0ae7a5fdf, b0837880fa65fa4a6dc407b42e9b33e18f7b44e3, c956807d8462e94a1450dc0737728c25917b1d67, 9e8d9d399094dd911059ff337dd8a104f052e1ca, e26932942b2c505d5e8a9f263cbe66de4fab1b24, f25ad76d92176f41a543a812972e9937ce4f7d08, c66ebe070d9641c9339e42e1c2d707a5052e9904, 92fc27c79bc7f3e2bfd2b88e197762566daf02a1, c04579e95492dff342cb4976dd2f5728c0f87eee, b6fd07c41b4c64faff368728cef13439ee62860d, baa7b7501e41344f95da0bd3042dd04110d58edb, 7f3982de36c6620c2faae6fd960fa4021d71e16a, d972c8c08f96518ff02efd87c4fef594a833f6ea, 9ae15aaff39c831e2f9d8b029e85a2d70c7c8a68, e0fd83a193c530fdeced8b2e2ec83039ffdb884b, 051f5dcf144aa7659c4f4be04c66c3eda9b1bad3, dacb0bac2edb649ce01c25da9f8898769516d716]
+5.10-upstream-stable: released (5.10.189) [6e606e681873b37aa252486d43be4cf007544e85, e5eb18e164d08986543f8259d0cc10e120fb8746, c0fff20d4efa3bdb3ef203a8ae6e703e0c010199, 12d93c6c98d5478128d90ad4fbdf705753a0197e, 1cd3fc18eb169e2f81a34eeaf8147f9395ee8a11, 75bb54c951e92714a50cdc063f9953d11e8d36a2, 3c45134b38b417d17103f1f0b9a8b32f98ac358c, 2edb3b39ca793bf13a123ea6a25da640be36e7a5, b05031c2bca790afed717bc59cde2dac722efb94, bf2fa3a9d0e65326917273d17a8e9c6880d7b97c, 09658b81d158c15112a56323d8db8fed83e8cd4a, 18fcd72da1ed6166f1cbb03f713bed50c839fc22, 7a2f42bce9ab23fb9e59fe6de45bfedb5d611eee, 2462bc3ef0611646d94658ff250bb16669347361, 4ae1cbb730bd574d57d3996d4c20974972d47009, 288a2f6bc1ce03ddb3f05fd8c79b00d5d7160b4a, 363c98f9cfa8124cc49b2dfc5d48666b138f7e2e, 7db4ddcb8d8e356387a773728b2479d390488b1e, eb13cce488745176db654b20ea438f4b5b91ab9c, 583016037a092e4189c86bad7946c6d88669b4ca, f076d081787803b972a9939e477c6456f0c8fd70, 6ee042fd240fb669f4637f8cd89899b15911e5df, 1ff14defdfc9180bfcfd76a70463a5feb188a5db, 79972c2b95eca5e7d3d237d728339b21e9075629, 6750468784314bc8a336f80493cd82cde2afa655]
+4.19-upstream-stable: released (4.19.290) [ecc9d725a30dc53046f3739be9b7ac800d66c11b, 047ac82a3a9792264ec261f8812a14df28f28302, c3188cac78ced4eafdc4280feaeb08a47585151d, 6c18fb3d9d3876a709b43c42c8d45a8a4e5ca6f0, edb21f8093a187c9e17acb507900eaab80e516df, c0f82528e7afa445c5e8d67e2a7615e1ed87aa00, 15f5646fd2dbfa7298216418d383be36b470d01b, b698b5d11a169b4d41d7afe488ab3c408e39e5bc, 504aece3f6bcf88b31a809b3bbbe6b1931f78d18, ecc68c37bba469401a2cdc1a73661c31ef014742, 82f4acbce852b4795c32d38be2b164af27d1d125, 211ec614c9f107dfd1c3a1c14d097be474bb6b53, 7c7bb95ece11a94b9fa1cf117cf27ce6324bbe3b, 542dac06335106f81149ae96577f28d6123506e0, 2323f105866e6a456b219b9e3cde53d560464c43, e81494b7259b6b1ab81a9f9be3385b4aa99a7a59, 91e24758cd8e53b030146fbe7ff5c2b258e60c66, 0461f6027566f1bc68c7de160213813d340abf75, 1af834f2f4f824fd36130d3efe52922aec5a852c, 64f142253bd20cf39de9f931bb910f0e6de0d268, b8d22bdfef99923c3727950ae4158ee07ecc8740]
+sid: released (6.4.4-3) [bugfix/x86/gds/init-provide-arch_cpu_finalize_init.patch, bugfix/x86/gds/x86-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/arm-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/ia64-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/loongarch-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/m68k-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/mips-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/sh-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/sparc-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/um-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/init-remove-check_bugs-leftovers.patch, bugfix/x86/gds/init-invoke-arch_cpu_finalize_init-earlier.patch, bugfix/x86/gds/init-x86-move-mem_encrypt_init-into-arch_cpu_finalize_init.patch, bugfix/x86/gds/x86-init-initialize-signal-frame-size-late.patch, bugfix/x86/gds/x86-fpu-remove-cpuinfo-argument-from-init-functions.patch, bugfix/x86/gds/x86-fpu-mark-init-functions-__init.patch, bugfix/x86/gds/x86-fpu-move-fpu-initialization-into-arch_cpu_finalize_init.patch, bugfix/x86/gds/x86-speculation-add-gather-data-sampling-mitigation.patch, bugfix/x86/gds/x86-speculation-add-force-option-to-gds-mitigation.patch, bugfix/x86/gds/x86-speculation-add-kconfig-option-for-gds.patch, bugfix/x86/gds/kvm-add-gds_no-support-to-kvm.patch, bugfix/x86/gds/x86-mem_encrypt-unbreak-the-amd_mem_encrypt-n-build.patch, bugfix/x86/gds/x86-xen-fix-secondary-processors-fpu-initialization.patch, bugfix/x86/gds/documentation-x86-fix-backwards-on-off-logic-about-ymm-support.patch]
+6.1-bookworm-security: released (6.1.38-3) [bugfix/x86/gds/init-provide-arch_cpu_finalize_init.patch, bugfix/x86/gds/x86-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/arm-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/ia64-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/loongarch-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/m68k-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/mips-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/sh-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/sparc-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/um-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/init-remove-check_bugs-leftovers.patch, bugfix/x86/gds/init-invoke-arch_cpu_finalize_init-earlier.patch, bugfix/x86/gds/init-x86-move-mem_encrypt_init-into-arch_cpu_finalize_init.patch, bugfix/x86/gds/x86-init-initialize-signal-frame-size-late.patch, bugfix/x86/gds/x86-fpu-remove-cpuinfo-argument-from-init-functions.patch, bugfix/x86/gds/x86-fpu-mark-init-functions-__init.patch, bugfix/x86/gds/x86-fpu-move-fpu-initialization-into-arch_cpu_finalize_init.patch, bugfix/x86/gds/x86-speculation-add-gather-data-sampling-mitigation.patch, bugfix/x86/gds/x86-speculation-add-force-option-to-gds-mitigation.patch, bugfix/x86/gds/x86-speculation-add-kconfig-option-for-gds.patch, bugfix/x86/gds/kvm-add-gds_no-support-to-kvm.patch, bugfix/x86/gds/x86-mem_encrypt-unbreak-the-amd_mem_encrypt-n-build.patch, bugfix/x86/gds/x86-xen-fix-secondary-processors-fpu-initialization.patch, bugfix/x86/gds/x86-mm-fix-poking_init-for-xen-pv-guests.patch, bugfix/x86/gds/x86-mm-use-mm_alloc-in-poking_init.patch, bugfix/x86/gds/mm-move-mm_cachep-initialization-to-mm_init.patch, bugfix/x86/gds/x86-mm-initialize-text-poking-earlier.patch, bugfix/x86/gds/documentation-x86-fix-backwards-on-off-logic-about-ymm-support.patch]
+5.10-bullseye-security: released (5.10.179-4) [bugfix/x86/gds/init-provide-arch_cpu_finalize_init.patch, bugfix/x86/gds/x86-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/arm-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/ia64-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/m68k-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/mips-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/sh-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/sparc-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/um-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/init-remove-check_bugs-leftovers.patch, bugfix/x86/gds/init-invoke-arch_cpu_finalize_init-earlier.patch, bugfix/x86/gds/init-x86-move-mem_encrypt_init-into-arch_cpu_finalize_init.patch, bugfix/x86/gds/x86-fpu-remove-cpuinfo-argument-from-init-functions.patch, bugfix/x86/gds/x86-fpu-mark-init-functions-__init.patch, bugfix/x86/gds/x86-fpu-move-fpu-initialization-into-arch_cpu_finalize_init.patch, bugfix/x86/gds/x86-speculation-add-gather-data-sampling-mitigation.patch, bugfix/x86/gds/x86-speculation-add-force-option-to-gds-mitigation.patch, bugfix/x86/gds/x86-speculation-add-kconfig-option-for-gds.patch, bugfix/x86/gds/kvm-add-gds_no-support-to-kvm.patch, bugfix/x86/gds/x86-xen-fix-secondary-processors-fpu-initialization.patch, bugfix/x86/gds/x86-mm-fix-poking_init-for-xen-pv-guests.patch, bugfix/x86/gds/x86-mm-use-mm_alloc-in-poking_init.patch, bugfix/x86/gds/mm-move-mm_cachep-initialization-to-mm_init.patch, bugfix/x86/gds/x86-mm-initialize-text-poking-earlier.patch, bugfix/x86/gds/documentation-x86-fix-backwards-on-off-logic-about-ymm-support.patch]
+4.19-buster-security: released (4.19.289-2) [bugfix/x86/gds/init-provide-arch_cpu_finalize_init.patch, bugfix/x86/gds/x86-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/arm-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/ia64-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/m68k-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/mips-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/sh-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/sparc-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/um-cpu-switch-to-arch_cpu_finalize_init.patch, bugfix/x86/gds/init-remove-check_bugs-leftovers.patch, bugfix/x86/gds/init-invoke-arch_cpu_finalize_init-earlier.patch, bugfix/x86/gds/init-x86-move-mem_encrypt_init-into-arch_cpu_finalize_init.patch, bugfix/x86/gds/x86-fpu-remove-cpuinfo-argument-from-init-functions.patch, bugfix/x86/gds/x86-fpu-mark-init-functions-__init.patch, bugfix/x86/gds/x86-fpu-move-fpu-initialization-into-arch_cpu_finalize_init.patch, bugfix/x86/gds/x86-speculation-add-gather-data-sampling-mitigation.patch, bugfix/x86/gds/x86-speculation-add-force-option-to-gds-mitigation.patch, bugfix/x86/gds/x86-speculation-add-kconfig-option-for-gds.patch, bugfix/x86/gds/kvm-add-gds_no-support-to-kvm.patch, bugfix/x86/gds/x86-xen-fix-secondary-processors-fpu-initialization.patch, bugfix/x86/gds/documentation-x86-fix-backwards-on-off-logic-about-ymm-support.patch]
diff --git a/retired/CVE-2023-20569 b/retired/CVE-2023-20569
new file mode 100644
index 00000000..d2705b0f
--- /dev/null
+++ b/retired/CVE-2023-20569
@@ -0,0 +1,18 @@
+Description: Speculative Return Stack Overflow (SRSO)
+References:
+ https://comsec.ethz.ch/research/microarch/inception/
+ https://comsec.ethz.ch/wp-content/files/inception_sec23.pdf
+ https://github.com/comsec-group/inception
+ https://www.openwall.com/lists/oss-security/2023/08/08/4
+ https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-7005
+ https://www.amd.com/content/dam/amd/en/documents/corporate/cr/speculative-return-stack-overflow-whitepaper.pdf
+Notes:
+Bugs:
+upstream: released (6.5-rc6) [0e52740ffd10c6c316837c6c128f460f1aaba1ea, fb3bd914b3ec28f5fb697ac55c4846ac2d542855, 79113e4060aba744787a81edb9014f2865193854, 1b5277c0ea0b247393a9c426769fde18cff5e2f6, 233d6f68b98d480a7c42ebe78c38f79d44741ca9, d893832d0e1ef41c72cdae444268c1d64a2be8ad, 238ec850b95a02dcdff3edc86781aa913549282f, 3bbbe97ad83db8d9df06daf027b0840188de625d, 5a15d8348881e9371afdf9f5357a135489496955]
+6.1-upstream-stable: released (6.1.44) [dfede4cb8ef732039b7a479d260bd89d3b474f14, dec3b91f2c4b2c9b24d933e2c3f17493e30149ac, ac41e90d8daa8815d8bee774a1975435fbfe1ae7, 9139f4b6dd4fe1003ba79ab317d1a9f48849b369, 98f62883e7519011bf63f85381d637f65d7f180e, 79c8091888ef61aac79ef72122d1e6cd0b620669, c9ae63d773ca182c4ef63fbdd22cdf090d9c1cd7, c7f2cd04554259c2474c4f9fa134528bc2826b22, 77cf32d0dbfbf575fe66561e069228c532dc1da9, 4f25355540ad4d40dd3445f66159a321dad29cc8]
+5.10-upstream-stable: released (5.10.189) [baf6d6c39e2390ef91bec12d057294dd507d1115, 437fa179f2136d349fda78331fd28696e40def9d, 9b7fe7c6fbc007564f97805ff45882e79f0c70d0, 073a28a9b50662991e7d6956c2cf2fc5d54f28cd, 34f23ba8a399ecd38b45c84da257b91d278e88aa, 3f9b7101bea1dcb63410c016ceb266f6e9f733c9, df76a59feba549825f426cb1586bfa86b49c08fa, e47af0c255aed7da91202f26250558a8e34e1c26, 4acaea47e3bcb7cd55cc56c7fd4e5fb60eebdada, 384d41bea948a18288aff668b7bdf3b522b7bf73, 4873939c0e1cec2fd04a38ddf2c03a05e4eeb7ef, 8457fb5740b14311a8941044ff4eb5a3945de9b2]
+4.19-upstream-stable: ignored "Mitigation is too invasive to backport"
+sid: released (6.4.4-3) [bugfix/x86/srso/x86-bugs-increase-the-x86-bugs-vector-size-to-two-u32s.patch, bugfix/x86/srso/x86-srso-add-a-speculative-ras-overflow-mitigation.patch, bugfix/x86/srso/x86-srso-add-ibpb_brtype-support.patch, bugfix/x86/srso/x86-srso-add-srso_no-support.patch, bugfix/x86/srso/x86-srso-add-ibpb.patch, bugfix/x86/srso/x86-srso-add-ibpb-on-vmexit.patch, bugfix/x86/srso/x86-srso-fix-return-thunks-in-generated-code.patch, bugfix/x86/srso/x86-srso-add-a-forgotten-noendbr-annotation.patch, bugfix/x86/srso/x86-srso-tie-sbpb-bit-setting-to-microcode-patch-detection.patch]
+6.1-bookworm-security: released (6.1.38-3) [bugfix/x86/srso/x86-bugs-increase-the-x86-bugs-vector-size-to-two-u32s.patch, bugfix/x86/srso/x86-cpu-kvm-add-support-for-cpuid_80000021_eax.patch, bugfix/x86/srso/x86-srso-add-a-speculative-ras-overflow-mitigation.patch, bugfix/x86/srso/x86-srso-add-ibpb_brtype-support.patch, bugfix/x86/srso/x86-srso-add-srso_no-support.patch, bugfix/x86/srso/x86-srso-add-ibpb.patch, bugfix/x86/srso/x86-srso-add-ibpb-on-vmexit.patch, bugfix/x86/srso/x86-srso-fix-return-thunks-in-generated-code.patch, bugfix/x86/srso/x86-srso-add-a-forgotten-noendbr-annotation.patch, bugfix/x86/srso/x86-srso-tie-sbpb-bit-setting-to-microcode-patch-detection.patch]
+5.10-bullseye-security: released (5.10.179-4) [bugfix/x86/srso/x86-cpu-add-vm-page-flush-msr-availablility-as-a-cpuid-feature.patch, bugfix/x86/srso/x86-cpufeatures-assign-dedicated-feature-word-for-cpuid_0x8000001f.patch, bugfix/x86/srso/tools-headers-cpufeatures-sync-with-the-kernel-sources.patch, bugfix/x86/srso/x86-bugs-increase-the-x86-bugs-vector-size-to-two-u32s.patch, bugfix/x86/srso/x86-cpu-kvm-add-support-for-cpuid_80000021_eax.patch, bugfix/x86/srso/x86-srso-add-a-speculative-ras-overflow-mitigation.patch, bugfix/x86/srso/x86-srso-add-ibpb_brtype-support.patch, bugfix/x86/srso/x86-srso-add-srso_no-support.patch, bugfix/x86/srso/x86-srso-add-ibpb.patch, bugfix/x86/srso/x86-srso-add-ibpb-on-vmexit.patch, bugfix/x86/srso/x86-srso-fix-return-thunks-in-generated-code.patch, bugfix/x86/srso/x86-srso-tie-sbpb-bit-setting-to-microcode-patch-detection.patch]
+4.19-buster-security: ignored "Mitigation is too invasive to backport"
author	Salvatore Bonaccorso <carnil@debian.org>	2023-08-14 21:21:08 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2023-08-14 21:21:08 +0200
commit	b66a0410dc23c6bad283d50a9e50f69fb4efcc78 (patch)
tree	e3dafe75bfeda41560e7eceb30e7c7dc81ec2fe5 /retired
parent	f5da24cf8b4f4e4e11bb418586c1cd4dd8f42d85 (diff)