Retire two CVEs

2 files changed, 29 insertions, 0 deletions

diff --git a/retired/CVE-2021-26401 b/retired/CVE-2021-26401
new file mode 100644
index 000000000..4d503e0be
--- /dev/null
+++ b/retired/CVE-2021-26401
@@ -0,0 +1,14 @@
+Description: LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.
+References:
+ http://www.openwall.com/lists/oss-security/2022/03/18/2
+ https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1036
+Notes:
+Bugs:
+upstream: released (5.17-rc8) [244d00b5dd4755f8df892c86cab35fb2cfd4f14b, e9b6013a7ce31535b04b02ba99babefe8a8599fa, eafd987d4a82c7bb5aa12f0e3b4f8f3dea93e678, 0de05d056afdb00eca8c7bbb0c79a3438daf700c]
+5.10-upstream-stable: released (5.10.105) [2fdf67a1d215574c31b1a716f80fa0fdccd401d7, e335384560d1e106b609e8febd7e0427075a8938, cc9e3e55bde71b2fac1494f503d5ffc560c7fb8d, d04937ae94903087279e4a016b7741cdee59d521]
+4.19-upstream-stable: released (4.19.234) [d3cb3a6927222268a10b2f12dfb8c9444f7cc39e, c034d344e733a3ac574dd09e39e911a50025c607, 8bfdba77595aee5c3e83ed1c9994c35d6d409605, 9711b12a3f4c0fc73dd257c1e467e6e42155a5f1]
+4.9-upstream-stable: released (4.9.306) [b6a1aec08a84ccb331ce526c051df074150cf3c5, 0db1c4307aded2c5e618654f9341a249e0c1051f, 8edabefdc13294a9b15671937d165b948cf34d69, 0753760184745250e39018bb25ba77557390fe91]
+sid: released (5.16.12-1) [bugfix/x86/bhb/0005-x86-speculation-Use-generic-retpoline-by-default-on-.patch, bugfix/x86/bhb/0006-x86-speculation-Update-link-to-AMD-speculation-white.patch, bugfix/x86/bhb/0007-x86-speculation-Warn-about-Spectre-v2-LFENCE-mitigat.patch, bugfix/x86/bhb/0008-x86-speculation-Warn-about-eIBRS-LFENCE-Unprivileged.patch]
+5.10-bullseye-security: released (5.10.103-1) [bugfix/x86/bhb/0006-x86-speculation-Use-generic-retpoline-by-default-on-.patch, bugfix/x86/bhb/0007-x86-speculation-Update-link-to-AMD-speculation-white.patch, bugfix/x86/bhb/0008-x86-speculation-Warn-about-Spectre-v2-LFENCE-mitigat.patch, bugfix/x86/bhb/0009-x86-speculation-Warn-about-eIBRS-LFENCE-Unprivileged.patch]
+4.19-buster-security: released (4.19.232-1) [bugfix/x86/bhb/0008-x86-speculation-Use-generic-retpoline-by-default-on-.patch, bugfix/x86/bhb/0009-x86-speculation-Update-link-to-AMD-speculation-white.patch, bugfix/x86/bhb/0010-x86-speculation-Warn-about-Spectre-v2-LFENCE-mitigat.patch, bugfix/x86/bhb/0011-x86-speculation-Warn-about-eIBRS-LFENCE-Unprivileged.patch]
+4.9-stretch-security: released (4.9.303-1) [bugfix/x86/bhb/0008-x86-speculation-Use-generic-retpoline-by-default-on-.patch, bugfix/x86/bhb/0009-x86-speculation-Update-link-to-AMD-speculation-white.patch, bugfix/x86/bhb/0010-x86-speculation-Warn-about-Spectre-v2-LFENCE-mitigat.patch, bugfix/x86/bhb/0011-x86-speculation-Warn-about-eIBRS-LFENCE-Unprivileged.patch]
diff --git a/retired/CVE-2022-29968 b/retired/CVE-2022-29968
new file mode 100644
index 000000000..f13254e76
--- /dev/null
+++ b/retired/CVE-2022-29968
@@ -0,0 +1,15 @@
+Description: io_uring: fix uninitialized field in rw io_kiocb
+References:
+Notes:
+ carnil> Commit fixes 3e08773c3841 ("block: switch polling to be bio
+ carnil> based") in 5.16-rc1.
+ carnil> For 5.17.y fixed as well in 5.17.6.
+Bugs:
+upstream: released (5.18-rc5) [32452a3eb8b64e01e2be717f518c0be046975b9d]
+5.10-upstream-stable: N/A "Vulnerable code introduced later"
+4.19-upstream-stable: N/A "Vulnerable code introduced later"
+4.9-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (5.17.6-1)
+5.10-bullseye-security: N/A "Vulnerable code introduced later"
+4.19-buster-security: N/A "Vulnerable code introduced later"
+4.9-stretch-security: N/A "Vulnerable code introduced later"