From 1726c9a593f36e8213260a45e933e91c02f78d82 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Sat, 11 Jun 2022 20:48:14 +0200 Subject: Retire several CVEs --- active/CVE-2022-1786 | 19 ------------------- active/CVE-2022-1852 | 16 ---------------- active/CVE-2022-1998 | 17 ----------------- active/CVE-2022-20132 | 13 ------------- active/CVE-2022-20141 | 13 ------------- active/CVE-2022-20153 | 13 ------------- active/CVE-2022-28893 | 13 ------------- active/ZDI-CAN-17291 | 16 ---------------- retired/CVE-2022-1786 | 19 +++++++++++++++++++ retired/CVE-2022-1852 | 16 ++++++++++++++++ retired/CVE-2022-1998 | 17 +++++++++++++++++ retired/CVE-2022-20132 | 13 +++++++++++++ retired/CVE-2022-20141 | 13 +++++++++++++ retired/CVE-2022-20153 | 13 +++++++++++++ retired/CVE-2022-28893 | 13 +++++++++++++ retired/ZDI-CAN-17291 | 16 ++++++++++++++++ 16 files changed, 120 insertions(+), 120 deletions(-) delete mode 100644 active/CVE-2022-1786 delete mode 100644 active/CVE-2022-1852 delete mode 100644 active/CVE-2022-1998 delete mode 100644 active/CVE-2022-20132 delete mode 100644 active/CVE-2022-20141 delete mode 100644 active/CVE-2022-20153 delete mode 100644 active/CVE-2022-28893 delete mode 100644 active/ZDI-CAN-17291 create mode 100644 retired/CVE-2022-1786 create mode 100644 retired/CVE-2022-1852 create mode 100644 retired/CVE-2022-1998 create mode 100644 retired/CVE-2022-20132 create mode 100644 retired/CVE-2022-20141 create mode 100644 retired/CVE-2022-20153 create mode 100644 retired/CVE-2022-28893 create mode 100644 retired/ZDI-CAN-17291 diff --git a/active/CVE-2022-1786 b/active/CVE-2022-1786 deleted file mode 100644 index 84c7211c..00000000 --- a/active/CVE-2022-1786 +++ /dev/null @@ -1,19 +0,0 @@ -Description: io_uring: always use original task when preparing req identity -References: - https://www.openwall.com/lists/oss-security/2022/05/24/4 - https://www.openwall.com/lists/oss-security/2022/05/28/1 -Notes: - carnil> Upstream around 5.12-rc1 drops the non-native workers, in - carnil> particular upstream 4379bf8bd70b ("io_uring: remove - carnil> io_identity") removes the problematic calling. Consider this as - carnil> the fix, while overall we can say it's not an issue starting in - carnil> 5.12-rc1. -Bugs: -upstream: released (5.12-rc1) [4379bf8bd70b5de6bba7d53015b0c36c57a634ee] -5.10-upstream-stable: released (5.10.117) [29f077d070519a88a793fbc70f1e6484dc6d9e35] -4.19-upstream-stable: N/A "Vulnerable code not present" -4.9-upstream-stable: N/A "Vulnerable code not present" -sid: released (5.14.6-1) -5.10-bullseye-security: released (5.10.120-1) -4.19-buster-security: N/A "Vulnerable code not present" -4.9-stretch-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2022-1852 b/active/CVE-2022-1852 deleted file mode 100644 index 7a2a1a50..00000000 --- a/active/CVE-2022-1852 +++ /dev/null @@ -1,16 +0,0 @@ -Description: KVM: x86: avoid calling x86 emulator without a decoded instruction -References: -Notes: - carnil> Commit fixes 4aa2691dcbd3 ("KVM: x86: Factor out x86 - carnil> instruction emulation with decoding") in 5.12-rc1, which was as - carnil> well backported to 5.10.61. - carnil> For 5.17.y fixed in 5.17.13 and for 5.18.y fixed in 5.18.2. -Bugs: -upstream: released (5.19-rc1) [fee060cd52d69c114b62d1a2948ea9648b5131f9] -5.10-upstream-stable: released (5.10.120) [3d8fc6e28f321d753ab727e3c3e740daf36a8fa3] -4.19-upstream-stable: N/A "Vulnerable code not present" -4.9-upstream-stable: N/A "Vulnerable code not present" -sid: released (5.18.2-1) -5.10-bullseye-security: released (5.10.120-1) -4.19-buster-security: N/A "Vulnerable code not present" -4.9-stretch-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2022-1998 b/active/CVE-2022-1998 deleted file mode 100644 index 413c8d51..00000000 --- a/active/CVE-2022-1998 +++ /dev/null @@ -1,17 +0,0 @@ -Description: fanotify: Fix stale file descriptor in copy_event_to_user() -References: - https://bugzilla.redhat.com/show_bug.cgi?id=2052312 -Notes: - carnil> CAP_SYS_ADMIN capability is required to exploit the issue. - carnil> Issue introduced with f644bc449b37 ("fanotify: fix - carnil> copy_event_to_user() fid error clean up") in 5.13-rc7 and was - carnil> backported to 5.10.46 and 5.12.13. -Bugs: -upstream: released (5.17-rc3) [ee12595147ac1fbfb5bcb23837e26dd58d94b15d] -5.10-upstream-stable: released (5.10.97) [7b4741644cf718c422187e74fb07661ef1d68e85] -4.19-upstream-stable: N/A "Vulnerable code not present" -4.9-upstream-stable: N/A "Vulnerable code not present" -sid: released (5.16.7-1) -5.10-bullseye-security: released (5.10.103-1) -4.19-buster-security: N/A "Vulnerable code not present" -4.9-stretch-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2022-20132 b/active/CVE-2022-20132 deleted file mode 100644 index 421123e2..00000000 --- a/active/CVE-2022-20132 +++ /dev/null @@ -1,13 +0,0 @@ -Description: -References: - https://source.android.com/security/bulletin/2022-06-01 -Notes: -Bugs: -upstream: released (5.16-rc5) [f83baa0cb6cfc92ebaf7f9d3a99d7e34f2e77a8a, 30cb3c2ad24b66fb7639a6d1f4390c74d6e68f94, d080811f27936f712f619f847389f403ac873b8f, f237d9028f844a86955fc9da59d7ac4a5c55d7d5, 918aa1ef104d286d16b9e7ef139a463ac7a296f0, 720ac467204a70308bd687927ed475afb904e11b, 93020953d0fa7035fd036ad87a47ae2b7aa4ae33] -5.10-upstream-stable: released (5.10.85) [61144329606cb9518642b7d2e940b21eb3214204, 28989ed4d79e95dc59de6143c81c5826251b85e4, a7e9c5ddf562cf1923b21e5a085567807a059046, d877651afd60dcbbcdc31f9efded3c27813afd1a, 918aa1ef104d286d16b9e7ef139a463ac7a296f0, 889c39113f7e2219da49446b7e8772d1f62d0dca, 89f3edc98ffe48557405ecfd9520f73244d099c9] -4.19-upstream-stable: released (4.19.221) [b1efa723b986a84f84a95b6907cffe3a357338c9, cb54ea86f247a28ce5d8ec147e58c13de669d04a, de8ac0cf03f1124ef39debb337811e54f3e2f55c, b0f286d9b1f8a2448373aa45ac8333645c48ea85, 945e3464ba6671692d0692d4b4325ec003db18c5, 128074f16e32c188fa2ed6edac625067c842606e] -4.9-upstream-stable: released (4.9.293) [28d8244f3ec961a11bfb4ad83cdc48ff9b8c47a7, 5b8d74ff145de1b5adb133895fd63cd533d68422, 4435bc144fb6295db371e9753305a96f0c19b2ef, c57e3b8082a4860f31f71d113b3e66bb64b4eb0a, 1309eb2ef1001c4cc7e07b867ad9576d2cfeab47, 10d0f0aaa5cde52bd5685ee8d0adc02f1efb1983] -sid: released (5.15.15-1) -5.10-bullseye-security: released (5.10.92-1) -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: released (4.9.303-1) diff --git a/active/CVE-2022-20141 b/active/CVE-2022-20141 deleted file mode 100644 index c26b9090..00000000 --- a/active/CVE-2022-20141 +++ /dev/null @@ -1,13 +0,0 @@ -Description: igmp: Add ip_mc_list lock in ip_check_mc_rcu -References: - https://source.android.com/security/bulletin/2022-06-01 -Notes: -Bugs: -upstream: released (5.15-rc1) [23d2b94043ca8835bd1e67749020e839f396a1c2] -5.10-upstream-stable: released (5.10.64) [ddd7e8b7b84836c584a284b98ca9bd7a348a0558] -4.19-upstream-stable: released (4.19.207) [4768973dffed4d0126854514335ed4fe87bec1ab] -4.9-upstream-stable: released (4.9.283) [e9924c4204ede999b0515fd31a370a1e27f676bc] -sid: released (5.14.6-1) -5.10-bullseye-security: released (5.10.70-1) -4.19-buster-security: released (4.19.208-1) -4.9-stretch-security: released (4.9.290-1) diff --git a/active/CVE-2022-20153 b/active/CVE-2022-20153 deleted file mode 100644 index 4a204a74..00000000 --- a/active/CVE-2022-20153 +++ /dev/null @@ -1,13 +0,0 @@ -Description: io_uring: return back safer resurrect -References: - https://source.android.com/security/bulletin/pixel/2022-06-01 -Notes: -Bugs: -upstream: released (5.13-rc1) [f70865db5ff35f5ed0c7e9ef63e7cca3d4947f04] -5.10-upstream-stable: released (5.10.107) [dc1163203ae6e24b86168390fe5b4a3295fcba7f] -4.19-upstream-stable: N/A "Vulnerable code not present" -4.9-upstream-stable: N/A "Vulnerable code not present" -sid: released (5.14.6-1) -5.10-bullseye-security: released (5.10.113-1) -4.19-buster-security: N/A "Vulnerable code not present" -4.9-stretch-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2022-28893 b/active/CVE-2022-28893 deleted file mode 100644 index 0b495612..00000000 --- a/active/CVE-2022-28893 +++ /dev/null @@ -1,13 +0,0 @@ -Description: SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() -References: -Notes: - carnil> For 5.17.y fixed in 5.17.3 and for 5.16.y fixed in 5.16.20. -Bugs: -upstream: released (5.18-rc2) [f00432063db1a0db484e85193eccc6845435b80e] -5.10-upstream-stable: released (5.10.117) [e68b60ae29de10c7bd7636e227164a8dbe305a82] -4.19-upstream-stable: N/A "Vulnerable code not present" -4.9-upstream-stable: N/A "Vulnerable code not present" -sid: released (5.17.3-1) -5.10-bullseye-security: released (5.10.120-1) -4.19-buster-security: N/A "Vulnerable code not present" -4.9-stretch-security: N/A "Vulnerable code not present" diff --git a/active/ZDI-CAN-17291 b/active/ZDI-CAN-17291 deleted file mode 100644 index 76ec948f..00000000 --- a/active/ZDI-CAN-17291 +++ /dev/null @@ -1,16 +0,0 @@ -Description: pipe: Fix missing lock in pipe_resize_ring() -References: - https://www.zerodayinitiative.com/advisories/ZDI-CAN-17291/ -Notes: - carnil> Commit fixes c73be61cede5 ("pipe: Add general notification - carnil> queue support") in 5.8-rc1. - carnil> Fixed for 5.17.y in 5.17.13 and for 5.18.y in 5.18.2. -Bugs: -upstream: released (5.19-rc1) [189b0ddc245139af81198d1a3637cac74f96e13a] -5.10-upstream-stable: released (5.10.120) [8fbd54ab06c955d247c1a91d5d980cddc868f1e7] -4.19-upstream-stable: N/A "Vulnerable code introduced later" -4.9-upstream-stable: N/A "Vulnerable code introduced later" -sid: released (5.18.2-1) -5.10-bullseye-security: released (5.10.120-1) -4.19-buster-security: N/A "Vulnerable code introduced later" -4.9-stretch-security: N/A "Vulnerable code introduced later" diff --git a/retired/CVE-2022-1786 b/retired/CVE-2022-1786 new file mode 100644 index 00000000..84c7211c --- /dev/null +++ b/retired/CVE-2022-1786 @@ -0,0 +1,19 @@ +Description: io_uring: always use original task when preparing req identity +References: + https://www.openwall.com/lists/oss-security/2022/05/24/4 + https://www.openwall.com/lists/oss-security/2022/05/28/1 +Notes: + carnil> Upstream around 5.12-rc1 drops the non-native workers, in + carnil> particular upstream 4379bf8bd70b ("io_uring: remove + carnil> io_identity") removes the problematic calling. Consider this as + carnil> the fix, while overall we can say it's not an issue starting in + carnil> 5.12-rc1. +Bugs: +upstream: released (5.12-rc1) [4379bf8bd70b5de6bba7d53015b0c36c57a634ee] +5.10-upstream-stable: released (5.10.117) [29f077d070519a88a793fbc70f1e6484dc6d9e35] +4.19-upstream-stable: N/A "Vulnerable code not present" +4.9-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.14.6-1) +5.10-bullseye-security: released (5.10.120-1) +4.19-buster-security: N/A "Vulnerable code not present" +4.9-stretch-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2022-1852 b/retired/CVE-2022-1852 new file mode 100644 index 00000000..7a2a1a50 --- /dev/null +++ b/retired/CVE-2022-1852 @@ -0,0 +1,16 @@ +Description: KVM: x86: avoid calling x86 emulator without a decoded instruction +References: +Notes: + carnil> Commit fixes 4aa2691dcbd3 ("KVM: x86: Factor out x86 + carnil> instruction emulation with decoding") in 5.12-rc1, which was as + carnil> well backported to 5.10.61. + carnil> For 5.17.y fixed in 5.17.13 and for 5.18.y fixed in 5.18.2. +Bugs: +upstream: released (5.19-rc1) [fee060cd52d69c114b62d1a2948ea9648b5131f9] +5.10-upstream-stable: released (5.10.120) [3d8fc6e28f321d753ab727e3c3e740daf36a8fa3] +4.19-upstream-stable: N/A "Vulnerable code not present" +4.9-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.18.2-1) +5.10-bullseye-security: released (5.10.120-1) +4.19-buster-security: N/A "Vulnerable code not present" +4.9-stretch-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2022-1998 b/retired/CVE-2022-1998 new file mode 100644 index 00000000..413c8d51 --- /dev/null +++ b/retired/CVE-2022-1998 @@ -0,0 +1,17 @@ +Description: fanotify: Fix stale file descriptor in copy_event_to_user() +References: + https://bugzilla.redhat.com/show_bug.cgi?id=2052312 +Notes: + carnil> CAP_SYS_ADMIN capability is required to exploit the issue. + carnil> Issue introduced with f644bc449b37 ("fanotify: fix + carnil> copy_event_to_user() fid error clean up") in 5.13-rc7 and was + carnil> backported to 5.10.46 and 5.12.13. +Bugs: +upstream: released (5.17-rc3) [ee12595147ac1fbfb5bcb23837e26dd58d94b15d] +5.10-upstream-stable: released (5.10.97) [7b4741644cf718c422187e74fb07661ef1d68e85] +4.19-upstream-stable: N/A "Vulnerable code not present" +4.9-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.16.7-1) +5.10-bullseye-security: released (5.10.103-1) +4.19-buster-security: N/A "Vulnerable code not present" +4.9-stretch-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2022-20132 b/retired/CVE-2022-20132 new file mode 100644 index 00000000..421123e2 --- /dev/null +++ b/retired/CVE-2022-20132 @@ -0,0 +1,13 @@ +Description: +References: + https://source.android.com/security/bulletin/2022-06-01 +Notes: +Bugs: +upstream: released (5.16-rc5) [f83baa0cb6cfc92ebaf7f9d3a99d7e34f2e77a8a, 30cb3c2ad24b66fb7639a6d1f4390c74d6e68f94, d080811f27936f712f619f847389f403ac873b8f, f237d9028f844a86955fc9da59d7ac4a5c55d7d5, 918aa1ef104d286d16b9e7ef139a463ac7a296f0, 720ac467204a70308bd687927ed475afb904e11b, 93020953d0fa7035fd036ad87a47ae2b7aa4ae33] +5.10-upstream-stable: released (5.10.85) [61144329606cb9518642b7d2e940b21eb3214204, 28989ed4d79e95dc59de6143c81c5826251b85e4, a7e9c5ddf562cf1923b21e5a085567807a059046, d877651afd60dcbbcdc31f9efded3c27813afd1a, 918aa1ef104d286d16b9e7ef139a463ac7a296f0, 889c39113f7e2219da49446b7e8772d1f62d0dca, 89f3edc98ffe48557405ecfd9520f73244d099c9] +4.19-upstream-stable: released (4.19.221) [b1efa723b986a84f84a95b6907cffe3a357338c9, cb54ea86f247a28ce5d8ec147e58c13de669d04a, de8ac0cf03f1124ef39debb337811e54f3e2f55c, b0f286d9b1f8a2448373aa45ac8333645c48ea85, 945e3464ba6671692d0692d4b4325ec003db18c5, 128074f16e32c188fa2ed6edac625067c842606e] +4.9-upstream-stable: released (4.9.293) [28d8244f3ec961a11bfb4ad83cdc48ff9b8c47a7, 5b8d74ff145de1b5adb133895fd63cd533d68422, 4435bc144fb6295db371e9753305a96f0c19b2ef, c57e3b8082a4860f31f71d113b3e66bb64b4eb0a, 1309eb2ef1001c4cc7e07b867ad9576d2cfeab47, 10d0f0aaa5cde52bd5685ee8d0adc02f1efb1983] +sid: released (5.15.15-1) +5.10-bullseye-security: released (5.10.92-1) +4.19-buster-security: released (4.19.232-1) +4.9-stretch-security: released (4.9.303-1) diff --git a/retired/CVE-2022-20141 b/retired/CVE-2022-20141 new file mode 100644 index 00000000..c26b9090 --- /dev/null +++ b/retired/CVE-2022-20141 @@ -0,0 +1,13 @@ +Description: igmp: Add ip_mc_list lock in ip_check_mc_rcu +References: + https://source.android.com/security/bulletin/2022-06-01 +Notes: +Bugs: +upstream: released (5.15-rc1) [23d2b94043ca8835bd1e67749020e839f396a1c2] +5.10-upstream-stable: released (5.10.64) [ddd7e8b7b84836c584a284b98ca9bd7a348a0558] +4.19-upstream-stable: released (4.19.207) [4768973dffed4d0126854514335ed4fe87bec1ab] +4.9-upstream-stable: released (4.9.283) [e9924c4204ede999b0515fd31a370a1e27f676bc] +sid: released (5.14.6-1) +5.10-bullseye-security: released (5.10.70-1) +4.19-buster-security: released (4.19.208-1) +4.9-stretch-security: released (4.9.290-1) diff --git a/retired/CVE-2022-20153 b/retired/CVE-2022-20153 new file mode 100644 index 00000000..4a204a74 --- /dev/null +++ b/retired/CVE-2022-20153 @@ -0,0 +1,13 @@ +Description: io_uring: return back safer resurrect +References: + https://source.android.com/security/bulletin/pixel/2022-06-01 +Notes: +Bugs: +upstream: released (5.13-rc1) [f70865db5ff35f5ed0c7e9ef63e7cca3d4947f04] +5.10-upstream-stable: released (5.10.107) [dc1163203ae6e24b86168390fe5b4a3295fcba7f] +4.19-upstream-stable: N/A "Vulnerable code not present" +4.9-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.14.6-1) +5.10-bullseye-security: released (5.10.113-1) +4.19-buster-security: N/A "Vulnerable code not present" +4.9-stretch-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2022-28893 b/retired/CVE-2022-28893 new file mode 100644 index 00000000..0b495612 --- /dev/null +++ b/retired/CVE-2022-28893 @@ -0,0 +1,13 @@ +Description: SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() +References: +Notes: + carnil> For 5.17.y fixed in 5.17.3 and for 5.16.y fixed in 5.16.20. +Bugs: +upstream: released (5.18-rc2) [f00432063db1a0db484e85193eccc6845435b80e] +5.10-upstream-stable: released (5.10.117) [e68b60ae29de10c7bd7636e227164a8dbe305a82] +4.19-upstream-stable: N/A "Vulnerable code not present" +4.9-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.17.3-1) +5.10-bullseye-security: released (5.10.120-1) +4.19-buster-security: N/A "Vulnerable code not present" +4.9-stretch-security: N/A "Vulnerable code not present" diff --git a/retired/ZDI-CAN-17291 b/retired/ZDI-CAN-17291 new file mode 100644 index 00000000..76ec948f --- /dev/null +++ b/retired/ZDI-CAN-17291 @@ -0,0 +1,16 @@ +Description: pipe: Fix missing lock in pipe_resize_ring() +References: + https://www.zerodayinitiative.com/advisories/ZDI-CAN-17291/ +Notes: + carnil> Commit fixes c73be61cede5 ("pipe: Add general notification + carnil> queue support") in 5.8-rc1. + carnil> Fixed for 5.17.y in 5.17.13 and for 5.18.y in 5.18.2. +Bugs: +upstream: released (5.19-rc1) [189b0ddc245139af81198d1a3637cac74f96e13a] +5.10-upstream-stable: released (5.10.120) [8fbd54ab06c955d247c1a91d5d980cddc868f1e7] +4.19-upstream-stable: N/A "Vulnerable code introduced later" +4.9-upstream-stable: N/A "Vulnerable code introduced later" +sid: released (5.18.2-1) +5.10-bullseye-security: released (5.10.120-1) +4.19-buster-security: N/A "Vulnerable code introduced later" +4.9-stretch-security: N/A "Vulnerable code introduced later" -- cgit v1.2.3