Retire some CVEs

author: Salvatore Bonaccorso <carnil@debian.org> 2024-05-01 21:27:29 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2024-05-01 21:27:29 +0200
commit: bcce47f6eaa1770d877fcd92df311b9a5efee54f (patch)
tree: 2123e885bc8fdd2405211e6fce0aec1125338bf5 /retired
parent: 52a3eb5c9653ed9b0fa35e48959cc87ff36c3e29 (diff)
29 files changed, 465 insertions, 0 deletions
diff --git a/retired/CVE-2022-48669 b/retired/CVE-2022-48669
new file mode 100644
index 00000000..42133200
--- /dev/null
+++ b/retired/CVE-2022-48669
@@ -0,0 +1,16 @@
+Description: powerpc/pseries: Fix potential memleak in papr_get_attr()
+References:
+Notes:
+ carnil> Introduced in 3c14b73454cf ("powerpc/pseries: Interface to represent PAPR
+ carnil> firmware attributes"). Vulnerable versions: 5.18-rc1.
+Bugs:
+upstream: released (6.9-rc1) [cda9c0d556283e2d4adaa9960b2dc19b16156bae]
+6.8-upstream-stable: released (6.8.2) [d0647c3e81eff62b66d46fd4e475318cb8cb3610]
+6.6-upstream-stable: released (6.6.23) [1699fb915b9f61794d559b55114c09a390aaf234]
+6.1-upstream-stable: released (6.1.83) [a3f22feb2220a945d1c3282e34199e8bcdc5afc4]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52649 b/retired/CVE-2023-52649
new file mode 100644
index 00000000..3e2b3d8e
--- /dev/null
+++ b/retired/CVE-2023-52649
@@ -0,0 +1,16 @@
+Description: drm/vkms: Avoid reading beyond LUT array
+References:
+Notes:
+ carnil> Introduced in db1f254f2cfa ("drm/vkms: Add support to 1D gamma LUT").
+ carnil> Vulnerable versions: 6.6-rc1.
+Bugs:
+upstream: released (6.9-rc1) [2fee84030d12d9fddfa874e4562d71761a129277]
+6.8-upstream-stable: released (6.8.2) [92800aaeff51b8358d1e0a7eb74daf8aa2d7ce9d]
+6.6-upstream-stable: released (6.6.23) [9556c167673057d48ce4a0da675026fe046654c1]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-27023 b/retired/CVE-2024-27023
new file mode 100644
index 00000000..41d680eb
--- /dev/null
+++ b/retired/CVE-2024-27023
@@ -0,0 +1,16 @@
+Description: md: Fix missing release of 'active_io' for flush
+References:
+Notes:
+ carnil> Introduced in fa2bbff7b0b4 ("md: synchronize flush io with array
+ carnil> reconfiguration"). Vulnerable versions: 6.1.75 6.6.14 6.7.2 6.8-rc1.
+Bugs:
+upstream: released (6.8-rc6) [855678ed8534518e2b428bcbcec695de9ba248e8]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: released (6.6.19) [02dad157ba11064d073f5499dc33552b227d5d3a]
+6.1-upstream-stable: released (6.1.80) [6b2ff10390b19a2364af622b6666b690443f9f3f]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-27026 b/retired/CVE-2024-27026
new file mode 100644
index 00000000..840095be
--- /dev/null
+++ b/retired/CVE-2024-27026
@@ -0,0 +1,16 @@
+Description: vmxnet3: Fix missing reserved tailroom
+References:
+Notes:
+ carnil> Introduced in 54f00cce1178 ("vmxnet3: Add XDP support."). Vulnerable versions:
+ carnil> 6.6-rc1.
+Bugs:
+upstream: released (6.9-rc1) [e127ce7699c1e05279ee5ee61f00893e7bfa9671]
+6.8-upstream-stable: released (6.8.2) [91d017d19d5a9ad153e2dc23ed3c0e2e79ef5262]
+6.6-upstream-stable: released (6.6.23) [aba8659caf88017507419feea06069f529329ea6]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-27027 b/retired/CVE-2024-27027
new file mode 100644
index 00000000..c9676d62
--- /dev/null
+++ b/retired/CVE-2024-27027
@@ -0,0 +1,16 @@
+Description: dpll: fix dpll_xa_ref_*_del() for multiple registrations
+References:
+Notes:
+ carnil> Introduced in 9431063ad323 ("dpll: core: Add DPLL framework base functions").
+ carnil> Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.9-rc1) [b446631f355ece73b13c311dd712c47381a23172]
+6.8-upstream-stable: released (6.8.2) [b27e32e9367dac024cd6f61f22655714f483fd67]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-27029 b/retired/CVE-2024-27029
new file mode 100644
index 00000000..e92756b9
--- /dev/null
+++ b/retired/CVE-2024-27029
@@ -0,0 +1,16 @@
+Description: drm/amdgpu: fix mmhub client id out-of-bounds access
+References:
+Notes:
+ carnil> Introduced in aba2be41470a ("drm/amdgpu: add mmhub 3.3.0 support"). Vulnerable
+ carnil> versions: 6.7-rc1.
+Bugs:
+upstream: released (6.9-rc1) [6540ff6482c1a5a6890ae44b23d0852ba1986d9e]
+6.8-upstream-stable: released (6.8.2) [1f24b3040f2b6ffcb97151fabb3070328254d923]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-27031 b/retired/CVE-2024-27031
new file mode 100644
index 00000000..30bd48f5
--- /dev/null
+++ b/retired/CVE-2024-27031
@@ -0,0 +1,16 @@
+Description: NFS: Fix nfs_netfs_issue_read() xarray locking for writeback interrupt
+References:
+Notes:
+ carnil> Introduced in 000dbe0bec05 ("NFS: Convert buffered read paths to use netfs when
+ carnil> fscache is enabled"). Vulnerable versions: 6.4-rc1.
+Bugs:
+upstream: released (6.9-rc1) [fd5860ab6341506004219b080aea40213b299d2e]
+6.8-upstream-stable: released (6.8.2) [8a2e5977cecd3cde6a0e3e86b7b914d00240e5dc]
+6.6-upstream-stable: released (6.6.23) [ad27382f8495f8ef6d2c66c413d756bfd13c0598]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-27033 b/retired/CVE-2024-27033
new file mode 100644
index 00000000..d8af9f85
--- /dev/null
+++ b/retired/CVE-2024-27033
@@ -0,0 +1,16 @@
+Description: f2fs: fix to remove unnecessary f2fs_bug_on() to avoid panic
+References:
+Notes:
+ carnil> Introduced in 18792e64c86d ("f2fs: support fault injection for
+ carnil> f2fs_is_valid_blkaddr()"). Vulnerable versions: 6.2-rc1.
+Bugs:
+upstream: released (6.9-rc1) [b896e302f79678451a94769ddd9e52e954c64fbb]
+6.8-upstream-stable: released (6.8.2) [abe98a05e7162f64759bf9111108ebcb11322dec]
+6.6-upstream-stable: released (6.6.23) [0386408036bfc8b50296d9e544ff91c4d52af2db]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-27036 b/retired/CVE-2024-27036
new file mode 100644
index 00000000..caa4e371
--- /dev/null
+++ b/retired/CVE-2024-27036
@@ -0,0 +1,16 @@
+Description: cifs: Fix writeback data corruption
+References:
+Notes:
+ carnil> Introduced in d08089f649a0 ("cifs: Change the I/O paths to use an iterator
+ carnil> rather than a page list"). Vulnerable versions: 6.3-rc1.
+Bugs:
+upstream: released (6.9-rc1) [f3dc1bdb6b0b0693562c7c54a6c28bafa608ba3c]
+6.8-upstream-stable: released (6.8.2) [844b4e132f57f1333dc79feaa035075a096762e4]
+6.6-upstream-stable: released (6.6.23) [e45deec35bf7f1f4f992a707b2d04a8c162f2240]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-27039 b/retired/CVE-2024-27039
new file mode 100644
index 00000000..47053f0e
--- /dev/null
+++ b/retired/CVE-2024-27039
@@ -0,0 +1,16 @@
+Description: clk: hisilicon: hi3559a: Fix an erroneous devm_kfree()
+References:
+Notes:
+ carnil> Introduced in 6c81966107dc ("clk: hisilicon: Add clock driver for hi3559A
+ carnil> SoC"). Vulnerable versions: 5.14-rc1.
+Bugs:
+upstream: released (6.9-rc1) [64c6a38136b74a2f18c42199830975edd9fbc379]
+6.8-upstream-stable: released (6.8.2) [d575765b1b62e8bdb00af11caa1aabeb01763d9f]
+6.6-upstream-stable: released (6.6.23) [95d1f1228c1bb54803ae57525b76db60e99b37e4]
+6.1-upstream-stable: released (6.1.83) [e0b0d1c46a2ce1e46b79d004a7270fdef872e097]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-27040 b/retired/CVE-2024-27040
new file mode 100644
index 00000000..df6f4b43
--- /dev/null
+++ b/retired/CVE-2024-27040
@@ -0,0 +1,16 @@
+Description: drm/amd/display: Add 'replay' NULL check in 'edp_set_replay_allow_active()'
+References:
+Notes:
+ carnil> Introduced in c7ddc0a800bc ("drm/amd/display: Add Functions to enable Freesync
+ carnil> Panel Replay"). Vulnerable versions: 6.6-rc1.
+Bugs:
+upstream: released (6.9-rc1) [f6aed043ee5d75b3d1bfc452b1a9584b63c8f76b]
+6.8-upstream-stable: released (6.8.2) [d0e94f4807ff0df66cf447d6b4bbb8ac830e99c3]
+6.6-upstream-stable: released (6.6.23) [f610c46771ef1047e46d61807aa7c69cd29e63d8]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-27048 b/retired/CVE-2024-27048
new file mode 100644
index 00000000..e50f6d98
--- /dev/null
+++ b/retired/CVE-2024-27048
@@ -0,0 +1,16 @@
+Description: wifi: brcm80211: handle pmk_op allocation failure
+References:
+Notes:
+ carnil> Introduced in a96202acaea4 ("wifi: brcmfmac: cfg80211: Add support for PMKID_V3
+ carnil> operations"). Vulnerable versions: 6.4-rc1.
+Bugs:
+upstream: released (6.9-rc1) [b4152222e04cb8afeeca239c90e3fcaf4c553b42]
+6.8-upstream-stable: released (6.8.2) [6138a82f3bccfc67ed7ac059493579fc326c02e5]
+6.6-upstream-stable: released (6.6.23) [df62e22c2e27420e8990a4f09e30d7bf56c2036f]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-27049 b/retired/CVE-2024-27049
new file mode 100644
index 00000000..34edc9f8
--- /dev/null
+++ b/retired/CVE-2024-27049
@@ -0,0 +1,16 @@
+Description: wifi: mt76: mt7925e: fix use-after-free in free_irq()
+References:
+Notes:
+ carnil> Introduced in c948b5da6bbe ("wifi: mt76: mt7925: add Mediatek Wi-Fi7 driver for
+ carnil> mt7925 chips"). Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.9-rc1) [a5a5f4413d91f395cb2d89829d376d7393ad48b9]
+6.8-upstream-stable: released (6.8.2) [6d9930096e1f13cf6d9aabfbf95d0e05fb04144f]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-27050 b/retired/CVE-2024-27050
new file mode 100644
index 00000000..42ccec02
--- /dev/null
+++ b/retired/CVE-2024-27050
@@ -0,0 +1,16 @@
+Description: libbpf: Use OPTS_SET() macro in bpf_xdp_query()
+References:
+Notes:
+ carnil> Introduced in 13ce2daa259a ("xsk: add new netlink attribute dedicated for ZC
+ carnil> max frags"). Vulnerable versions: 6.6-rc1.
+Bugs:
+upstream: released (6.9-rc1) [92a871ab9fa59a74d013bc04f321026a057618e7]
+6.8-upstream-stable: released (6.8.2) [cd3be9843247edb8fc6fcd8d8237cbce2bc19f5e]
+6.6-upstream-stable: released (6.6.23) [fa5bef5e80c6a3321b2b1a7070436f3bc5daf07c]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-27055 b/retired/CVE-2024-27055
new file mode 100644
index 00000000..2b0d5a5a
--- /dev/null
+++ b/retired/CVE-2024-27055
@@ -0,0 +1,17 @@
+Description: workqueue: Don't call cpumask_test_cpu() with -1 CPU in wq_update_node_max_active()
+References:
+Notes:
+ carnil> Introduced in 5797b1c18919 ("workqueue: Implement system-wide nr_active
+ carnil> enforcement for unbound workqueues"). Vulnerable versions: 6.6.25 6.7.11 6.8.4
+ carnil> 6.9-rc1.
+Bugs:
+upstream: released (6.9-rc1) [15930da42f8981dc42c19038042947b475b19f47]
+6.8-upstream-stable: released (6.8.4) [adc646d2126988a64234502f579e4bc2b080d7cf]
+6.6-upstream-stable: released (6.6.25) [a75ac2693d734d20724f0e10e039ca85f1fcfc4e]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-27058 b/retired/CVE-2024-27058
new file mode 100644
index 00000000..d7f30129
--- /dev/null
+++ b/retired/CVE-2024-27058
@@ -0,0 +1,16 @@
+Description: tmpfs: fix race on handling dquot rbtree
+References:
+Notes:
+ carnil> Introduced in eafc474e2029 ("shmem: prepare shmem quota infrastructure").
+ carnil> Vulnerable versions: 6.6-rc1.
+Bugs:
+upstream: released (6.9-rc2) [0a69b6b3a026543bc215ccc866d0aea5579e6ce2]
+6.8-upstream-stable: released (6.8.3) [f82f184874d2761ebaa60dccf577921a0dbb3810]
+6.6-upstream-stable: released (6.6.24) [c7077f43f30d817d10a9f8245e51576ac114b2f0]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-27060 b/retired/CVE-2024-27060
new file mode 100644
index 00000000..cc9e53c6
--- /dev/null
+++ b/retired/CVE-2024-27060
@@ -0,0 +1,16 @@
+Description: thunderbolt: Fix NULL pointer dereference in tb_port_update_credits()
+References:
+Notes:
+ carnil> Introduced in 81af2952e606 ("thunderbolt: Add support for asymmetric link").
+ carnil> Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.8) [d3d17e23d1a0d1f959b4fa55b35f1802d9c584fa]
+6.8-upstream-stable: released (6.8) [d3d17e23d1a0d1f959b4fa55b35f1802d9c584fa]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-27061 b/retired/CVE-2024-27061
new file mode 100644
index 00000000..cf18512f
--- /dev/null
+++ b/retired/CVE-2024-27061
@@ -0,0 +1,16 @@
+Description: crypto: sun8i-ce - Fix use after free in unprepare
+References:
+Notes:
+ carnil> Introduced in 4136212ab18e ("crypto: sun8i-ce - Remove prepare/unprepare
+ carnil> request"). Vulnerable versions: 6.6-rc1.
+Bugs:
+upstream: released (6.8) [183420038444547c149a0fc5f58e792c2752860c]
+6.8-upstream-stable: released (6.8) [183420038444547c149a0fc5f58e792c2752860c]
+6.6-upstream-stable: released (6.6.24) [dc60b25540c82fc4baa95d1458ae96ead21859e0]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-27063 b/retired/CVE-2024-27063
new file mode 100644
index 00000000..2b8afb63
--- /dev/null
+++ b/retired/CVE-2024-27063
@@ -0,0 +1,16 @@
+Description: leds: trigger: netdev: Fix kernel panic on interface rename trig notify
+References:
+Notes:
+ carnil> Introduced in d5e01266e7f5 ("leds: trigger: netdev: add additional specific
+ carnil> link speed mode"). Vulnerable versions: 6.5-rc1.
+Bugs:
+upstream: released (6.9-rc1) [415798bc07dd1c1ae3a656aa026580816e0b9fe8]
+6.8-upstream-stable: released (6.8.3) [3f360227cb46edb2cd2494128e1e06ed5768a62e]
+6.6-upstream-stable: released (6.6.24) [10f2af1af8ab8a7064f193446abd5579d3def7e3]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-27064 b/retired/CVE-2024-27064
new file mode 100644
index 00000000..c9c7b2d7
--- /dev/null
+++ b/retired/CVE-2024-27064
@@ -0,0 +1,16 @@
+Description: netfilter: nf_tables: Fix a memory leak in nf_tables_updchain
+References:
+Notes:
+ carnil> Introduced in b9703ed44ffb ("netfilter: nf_tables: support for adding new
+ carnil> devices to an existing netdev chain"). Vulnerable versions: 6.3.3 6.4-rc1.
+Bugs:
+upstream: released (6.9-rc1) [7eaf837a4eb5f74561e2486972e7f5184b613f6e]
+6.8-upstream-stable: released (6.8.2) [e77a6b53a3a547b6dedfc40c37cee4f310701090]
+6.6-upstream-stable: released (6.6.23) [79846fdcc548d617b0b321addc6a3821d3b75b20]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-27066 b/retired/CVE-2024-27066
new file mode 100644
index 00000000..23a9f5f0
--- /dev/null
+++ b/retired/CVE-2024-27066
@@ -0,0 +1,16 @@
+Description: virtio: packed: fix unmap leak for indirect desc table
+References:
+Notes:
+ carnil> Introduced in b319940f83c2 ("virtio_ring: skip unmap for premapped").
+ carnil> Vulnerable versions: 6.6-rc1.
+Bugs:
+upstream: released (6.9-rc1) [d5c0ed17fea60cca9bc3bf1278b49ba79242bbcd]
+6.8-upstream-stable: released (6.8.2) [51bacd9d29bf98c3ebc65e4a0477bb86306b4140]
+6.6-upstream-stable: released (6.6.23) [e142169aca5546ae6619c39a575cda8105362100]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-27067 b/retired/CVE-2024-27067
new file mode 100644
index 00000000..e9112c2b
--- /dev/null
+++ b/retired/CVE-2024-27067
@@ -0,0 +1,16 @@
+Description: xen/evtchn: avoid WARN() when unbinding an event channel
+References:
+Notes:
+ carnil> Introduced in 9e90e58c11b7 ("xen: evtchn: Allow shared registration of IRQ
+ carnil> handers"). Vulnerable versions: 6.6.19 6.7-rc1.
+Bugs:
+upstream: released (6.9-rc1) [51c23bd691c0f1fb95b29731c356c6fd69925d17]
+6.8-upstream-stable: released (6.8.2) [9e2d4b58c1da48a32905802aaeadba7084b46895]
+6.6-upstream-stable: released (6.6.23) [99e425032c6ec13584d3cd33846e0c7307501b47]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-27068 b/retired/CVE-2024-27068
new file mode 100644
index 00000000..90c0f06e
--- /dev/null
+++ b/retired/CVE-2024-27068
@@ -0,0 +1,16 @@
+Description: thermal/drivers/mediatek/lvts_thermal: Fix a memory leak in an error handling path
+References:
+Notes:
+ carnil> Introduced in f5f633b18234 ("thermal/drivers/mediatek: Add the Low Voltage
+ carnil> Thermal Sensor driver"). Vulnerable versions: 6.3-rc1.
+Bugs:
+upstream: released (6.9-rc1) [ca93bf607a44c1f009283dac4af7df0d9ae5e357]
+6.8-upstream-stable: released (6.8.2) [9b02197596671800dd934609384b1aca7c6ad218]
+6.6-upstream-stable: released (6.6.23) [2db869da91afd48e5b9ec76814709be49662b07d]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-27069 b/retired/CVE-2024-27069
new file mode 100644
index 00000000..317fcf80
--- /dev/null
+++ b/retired/CVE-2024-27069
@@ -0,0 +1,16 @@
+Description: ovl: relax WARN_ON in ovl_verify_area()
+References:
+Notes:
+ carnil> Introduced in ca7ab482401c ("ovl: add permission hooks outside of
+ carnil> do_splice_direct()"). Vulnerable versions: 6.8-rc1.
+Bugs:
+upstream: released (6.9-rc1) [77a28aa476873048024ad56daf8f4f17d58ee48e]
+6.8-upstream-stable: released (6.8.2) [c3c85aefc0da1e5074a06c682542a54ccc99bdca]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-27070 b/retired/CVE-2024-27070
new file mode 100644
index 00000000..f490576c
--- /dev/null
+++ b/retired/CVE-2024-27070
@@ -0,0 +1,16 @@
+Description: f2fs: fix to avoid use-after-free issue in f2fs_filemap_fault
+References:
+Notes:
+ carnil> Introduced in 87f3afd366f7 ("f2fs: add tracepoint for f2fs_vm_page_mkwrite()").
+ carnil> Vulnerable versions: 6.8-rc1.
+Bugs:
+upstream: released (6.9-rc1) [eb70d5a6c932d9d23f4bb3e7b83782c21ac4b064]
+6.8-upstream-stable: released (6.8.2) [8186e16a766d709a08f188d2f4e84098f364bea1]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-27071 b/retired/CVE-2024-27071
new file mode 100644
index 00000000..88f100d9
--- /dev/null
+++ b/retired/CVE-2024-27071
@@ -0,0 +1,16 @@
+Description: backlight: hx8357: Fix potential NULL pointer dereference
+References:
+Notes:
+ carnil> Introduced in 7d84a63a39b7 ("backlight: hx8357: Convert to agnostic GPIO API").
+ carnil> Vulnerable versions: 6.8-rc1.
+Bugs:
+upstream: released (6.9-rc1) [b1ba8bcb2d1ffce11b308ce166c9cc28d989e3b9]
+6.8-upstream-stable: released (6.8.2) [67e578c8ff2d7df03bf8ca9a7f5436b1796f6ad1]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-27390 b/retired/CVE-2024-27390
new file mode 100644
index 00000000..d7515f2f
--- /dev/null
+++ b/retired/CVE-2024-27390
@@ -0,0 +1,16 @@
+Description: ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down()
+References:
+Notes:
+ carnil> Introduced in f185de28d9ae ("mld: add new workqueues for process mld events").
+ carnil> Vulnerable versions: 5.13-rc1.
+Bugs:
+upstream: released (6.9-rc1) [17ef8efc00b34918b966388b2af0993811895a8c]
+6.8-upstream-stable: released (6.8.2) [5da9a218340a2bc804dc4327e5804392e24a0b88]
+6.6-upstream-stable: released (6.6.23) [26d4bac55750d535f1f0b8790dc26daf6089e373]
+6.1-upstream-stable: released (6.1.83) [a03ede2282ebbd181bd6f5c38cbfcb5765afcd04]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-27391 b/retired/CVE-2024-27391
new file mode 100644
index 00000000..020ab76d
--- /dev/null
+++ b/retired/CVE-2024-27391
@@ -0,0 +1,16 @@
+Description: wifi: wilc1000: do not realloc workqueue everytime an interface is added
+References:
+Notes:
+ carnil> Introduced in 09ed8bfc5215 ("wilc1000: Rename workqueue from "WILC_wq" to
+ carnil> "NETDEV-wq""). Vulnerable versions: 5.17-rc1.
+Bugs:
+upstream: released (6.9-rc1) [328efda22af81130c2ad981c110518cb29ff2f1d]
+6.8-upstream-stable: released (6.8.2) [9ab0c303ccabfd6bdce14432792d41090070008c]
+6.6-upstream-stable: released (6.6.23) [4041c60a9d543b3ad50225385b072ba68e96166e]
+6.1-upstream-stable: released (6.1.83) [515cc676dfbce40d93c92b1ff3c1070e917f4e52]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-27392 b/retired/CVE-2024-27392
new file mode 100644
index 00000000..4cf34fd6
--- /dev/null
+++ b/retired/CVE-2024-27392
@@ -0,0 +1,16 @@
+Description: nvme: host: fix double-free of struct nvme_id_ns in ns_update_nuse()
+References:
+Notes:
+ carnil> Introduced in a1a825ab6a60 ("nvme: add csi, ms and nuse to sysfs"). Vulnerable
+ carnil> versions: 6.8-rc1.
+Bugs:
+upstream: released (6.9-rc1) [8d0d2447394b13fb22a069f0330f9c49b7fff9d3]
+6.8-upstream-stable: released (6.8.2) [534f9dc7fe495b3f9cc84363898ac50c5a25fccb]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
author	Salvatore Bonaccorso <carnil@debian.org>	2024-05-01 21:27:29 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2024-05-01 21:27:29 +0200
commit	bcce47f6eaa1770d877fcd92df311b9a5efee54f (patch)
tree	2123e885bc8fdd2405211e6fce0aec1125338bf5 /retired
parent	52a3eb5c9653ed9b0fa35e48959cc87ff36c3e29 (diff)