Retire some CVEs

5 files changed, 81 insertions, 0 deletions

diff --git a/retired/CVE-2019-14896 b/retired/CVE-2019-14896
new file mode 100644
index 000000000..8f67178a1
--- /dev/null
+++ b/retired/CVE-2019-14896
@@ -0,0 +1,17 @@
+Description: Heap overflow in add_ie_rates() function of libertas Wifi Driver
+References:
+ https://www.openwall.com/lists/oss-security/2019/11/22/1
+ https://patchwork.kernel.org/patch/11257187/
+ https://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers.git/commit/?id=e5e884b42639c74b5b57dc277909915c0aefc8bb
+Notes:
+ bwh> Introduced in 2.6.36 by commit e86dc1ca4676 "Libertas: cfg80211 support".
+ carnil> Fixed as well in 5.4.16.
+Bugs:
+upstream: released (5.5) [e5e884b42639c74b5b57dc277909915c0aefc8bb]
+4.19-upstream-stable: released (4.19.100) cbd56515be5a8ea97134ef762b7a2923b94cb9c4]
+4.9-upstream-stable: released (4.9.212) [b5e6f199de3b7f16b641c4ec5ac92906af1a9232]
+3.16-upstream-stable: released (3.16.83) [e4646070f91312414af0ca9332a79b7153150fae]
+sid: released (5.4.19-1)
+4.19-buster-security: released (4.19.98-1) [bugfix/all/libertas-fix-two-buffer-overflows-at-parsing-bss-descriptor.patch]
+4.9-stretch-security: released (4.9.210-1) [bugfix/all/libertas-fix-two-buffer-overflows-at-parsing-bss-descriptor.patch]
+3.16-jessie-security: released (3.16.81-1) [bugfix/all/libertas-fix-two-buffer-overflows-at-parsing-bss-descriptor.patch]
diff --git a/retired/CVE-2019-14897 b/retired/CVE-2019-14897
new file mode 100644
index 000000000..5456af053
--- /dev/null
+++ b/retired/CVE-2019-14897
@@ -0,0 +1,18 @@
+Description: Stack overflow in lbs_ibss_join_existing() function of libertas Wifi Driver
+References:
+ https://www.openwall.com/lists/oss-security/2019/11/22/1
+ https://patchwork.kernel.org/patch/11257187/
+ https://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers.git/commit/?id=e5e884b42639c74b5b57dc277909915c0aefc8bb
+Notes:
+ bwh> Introduced in 2.6.36 by commit e86dc1ca4676 "Libertas: cfg80211 support".
+ bwh> Upstream fix has unbalanced locking so will need a follow-up fix.
+ carnil> Fixed as well in 5.4.16.
+Bugs:
+upstream: released (5.5) [e5e884b42639c74b5b57dc277909915c0aefc8bb]
+4.19-upstream-stable: released (4.19.100) cbd56515be5a8ea97134ef762b7a2923b94cb9c4]
+4.9-upstream-stable: released (4.9.212) [e5e884b42639c74b5b57dc277909915c0aefc8bb]
+3.16-upstream-stable: released (3.16.83) [e4646070f91312414af0ca9332a79b7153150fae]
+sid: released (5.4.19-1)
+4.19-buster-security: released (4.19.98-1) [bugfix/all/libertas-fix-two-buffer-overflows-at-parsing-bss-descriptor.patch]
+4.9-stretch-security: released (4.9.210-1) [bugfix/all/libertas-fix-two-buffer-overflows-at-parsing-bss-descriptor.patch]
+3.16-jessie-security: released (3.16.81-1) [bugfix/all/libertas-fix-two-buffer-overflows-at-parsing-bss-descriptor.patch]
diff --git a/retired/CVE-2019-14901 b/retired/CVE-2019-14901
new file mode 100644
index 000000000..d7a4732dc
--- /dev/null
+++ b/retired/CVE-2019-14901
@@ -0,0 +1,16 @@
+Description: heap OOB read in mwifiex wifi driver
+References:
+ https://www.openwall.com/lists/oss-security/2019/11/22/2
+ https://patchwork.kernel.org/patch/11257535/
+Notes:
+ bwh> Introduced in 3.15 by commit 5f2caaf32bc6 "mwifiex: parse TDLS action
+ bwh> frames during RX".
+Bugs:
+upstream: released (5.5-rc3) [1e58252e334dc3f3756f424a157d1b7484464c40]
+4.19-upstream-stable: released (4.19.95) [21f08020dd8519baf209348c345131a8967e3cef]
+4.9-upstream-stable: released (4.9.217) [cb87b895f1468df7a163a6c665bf106a4d26f8c1]
+3.16-upstream-stable: released (3.16.83) [ef0449fb4c94e52c1f5f7170b52a738acf9af5ff]
+sid: released (5.4.13-1)
+4.19-buster-security: released (4.19.98-1)
+4.9-stretch-security: released (4.9.210-1) [bugfix/all/mwifiex-fix-heap-overflow-in-mmwifiex_process_tdls_a.patch]
+3.16-jessie-security: released (3.16.81-1) [bugfix/all/mwifiex-fix-heap-overflow-in-mmwifiex_process_tdls_a.patch]
diff --git a/retired/CVE-2020-10720 b/retired/CVE-2020-10720
new file mode 100644
index 000000000..4f8e8f134
--- /dev/null
+++ b/retired/CVE-2020-10720
@@ -0,0 +1,15 @@
+Description: net-gro: fix use-after-free read in napi_gro_frags()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1781204
+Notes:
+ carnil> No details by Red Hat provided apart only internal reference to
+ carnil> http://patchwork.lab.bos.redhat.com/patch/271215/
+Bugs:
+upstream: released (5.2-rc3) [a4270d6795b0580287453ea55974d948393e66ef]
+4.19-upstream-stable: released (4.19.48) [39fd0dc4a5565a1df7d84b1c92d2050233b15b5a]
+4.9-upstream-stable: released (4.9.181) [12855df4065b6e13878d7b8abc948aa719295bc1]
+3.16-upstream-stable: released (3.16.75) [f41184b4ba5bbf98b8eecae2a16fca34a669376f]
+sid: released (5.2.6-1)
+4.19-buster-security: released (4.19.67-1)
+4.9-stretch-security: released (4.9.184-1)
+3.16-jessie-security: released (3.16.76-1)
diff --git a/retired/CVE-2020-11884 b/retired/CVE-2020-11884
new file mode 100644
index 000000000..9741349f4
--- /dev/null
+++ b/retired/CVE-2020-11884
@@ -0,0 +1,15 @@
+Description: s390/mm: fix page table upgrade vs 2ndary address mode accesses
+References:
+Notes:
+ carnil> Embargoed until 2020-04-28.
+ carnil> Introduced in 0aaba41b58bc ("s390: remove all code using the
+ carnil> access register mode") in 4.15-rc1.
+Bugs:
+upstream: released (5.7-rc4) [316ec154810960052d4586b634156c54d0778f74]
+4.19-upstream-stable: released (4.19.119) [215d1f3928713d6eaec67244bcda72105b898000]
+4.9-upstream-stable: N/A "Vulnerable code introduced later"
+3.16-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (5.6.7-1) [bugfix/s390x/s390-mm-fix-page-table-upgrade-vs-2ndary-address-mod.patch]
+4.19-buster-security: released (4.19.98-1+deb10u1) [bugfix/s390x/s390-mm-fix-page-table-upgrade-vs-2ndary-address-mod.patch]
+4.9-stretch-security: N/A "Vulnerable code introduced later"
+3.16-jessie-security: N/A "Vulnerable code introduced later"