diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2020-04-06 21:39:50 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-04-06 21:39:50 +0200 |
commit | daeccae1e35ae6bbdc26361815a94b626ba51ece (patch) | |
tree | 319fb95466e2ebbd85a6265a99195f490b734a9e /retired | |
parent | 4e3c6e2b3a5ab55c3efa003df1c29308c446f21f (diff) |
Retire three CVEs
Diffstat (limited to 'retired')
-rw-r--r-- | retired/CVE-2019-19769 | 15 | ||||
-rw-r--r-- | retired/CVE-2020-8834 | 18 | ||||
-rw-r--r-- | retired/CVE-2020-9391 | 16 |
3 files changed, 49 insertions, 0 deletions
diff --git a/retired/CVE-2019-19769 b/retired/CVE-2019-19769 new file mode 100644 index 000000000..5a5bc7435 --- /dev/null +++ b/retired/CVE-2019-19769 @@ -0,0 +1,15 @@ +Description: perf_trace_lock_acquire use-after-free +References: + https://bugzilla.kernel.org/show_bug.cgi?id=205705 +Notes: + carnil> Introduced in 5.0-rc1 with 16306a61d3b7 ("fs/locks: always + carnil> delete_block after waiting.") +Bugs: +upstream: released (5.6-rc5) [6d390e4b5d48ec03bb87e63cf0a2bff5f4e116da] +4.19-upstream-stable: N/A "Vulnerable code not present" +4.9-upstream-stable: N/A "Vulnerable code not present" +3.16-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.5.13-1) +4.19-buster-security: N/A "Vulnerable code not present" +4.9-stretch-security: N/A "Vulnerable code not present" +3.16-jessie-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2020-8834 b/retired/CVE-2020-8834 new file mode 100644 index 000000000..88266bcde --- /dev/null +++ b/retired/CVE-2020-8834 @@ -0,0 +1,18 @@ +Description: Linux kernel Power8 conflicting use of HSTATE_HOST_R1 vulnerability +References: + https://www.openwall.com/lists/oss-security/2020/04/06/2 + https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1867717 +Notes: + carnil> Introduced by f024ee098476 ("KVM: PPC: Book3S HV: Pull out TM + carnil> state save/restore into separate procedures") in 4.8-rc1 and + carnil> 87a11bb6a7f7 ("KVM: PPC: Book3S HV: Work around XER[SO] bug in + carnil> fake suspend mode") in 4.17-rc1. +Bugs: +upstream: released (4.18-rc1) [6f597c6b63b6f3675914b5ec8fcd008a58678650, 7b0e827c6970e8ca77c60ae87592204c39e41245, 009c872a8bc4d38f487a9bd62423d019e4322517] +4.19-upstream-stable: N/A "Fixed before branching point" +4.9-upstream-stable: N/A "Vulnerable code not present" +3.16-upstream-stable: N/A "Vulnerable code not present" +sid: released (4.18.6-1) +4.19-buster-security: N/A "Vulnerable code not present" +4.9-stretch-security: N/A "Vulnerable code not present" +3.16-jessie-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2020-9391 b/retired/CVE-2020-9391 new file mode 100644 index 000000000..500666ce8 --- /dev/null +++ b/retired/CVE-2020-9391 @@ -0,0 +1,16 @@ +Description: mm: Avoid creating virtual address aliases in brk()/mmap()/mremap() +References: + https://bugzilla.redhat.com/show_bug.cgi?id=1797052 + https://www.openwall.com/lists/oss-security/2020/02/25/6 +Notes: + carnil> Introduced in ce18d171cb73 ("mm: untag user pointers in + carnil> mmap/munmap/mremap/brk") in 5.4-rc1. +Bugs: +upstream: released (5.6-rc3) [dcde237319e626d1ec3c9d8b7613032f0fd4663a] +4.19-upstream-stable: N/A "Vulnerable code not present" +4.9-upstream-stable: N/A "Vulnerable code not present" +3.16-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.5.13-1) +4.19-buster-security: N/A "Vulnerable code not present" +4.9-stretch-security: N/A "Vulnerable code not present" +3.16-jessie-security: N/A "Vulnerable code not present" |