From 774dc7e59bd9c7d8b94fa34897c4365824845ea6 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 13 Apr 2024 21:16:26 +0200
Subject: Retire some CVEs

---
 active/CVE-2023-2176   | 18 ------------------
 active/CVE-2023-52631  | 16 ----------------
 active/CVE-2024-26582  | 16 ----------------
 active/CVE-2024-26590  | 17 -----------------
 active/CVE-2024-26603  | 16 ----------------
 active/CVE-2024-26626  | 16 ----------------
 active/CVE-2024-26660  | 16 ----------------
 active/CVE-2024-26667  | 16 ----------------
 active/CVE-2024-26676  | 16 ----------------
 active/CVE-2024-26681  | 16 ----------------
 active/CVE-2024-26710  | 16 ----------------
 active/CVE-2024-26714  | 16 ----------------
 active/CVE-2024-26717  | 16 ----------------
 active/CVE-2024-26723  | 16 ----------------
 active/CVE-2024-26731  | 16 ----------------
 active/CVE-2024-26737  | 16 ----------------
 active/CVE-2024-26741  | 16 ----------------
 active/CVE-2024-26742  | 16 ----------------
 active/CVE-2024-26745  | 16 ----------------
 active/CVE-2024-26750  | 16 ----------------
 active/CVE-2024-26760  | 16 ----------------
 active/CVE-2024-26761  | 16 ----------------
 active/CVE-2024-26780  | 17 -----------------
 active/CVE-2024-26789  | 16 ----------------
 active/CVE-2024-26798  | 16 ----------------
 active/CVE-2024-26800  | 16 ----------------
 active/CVE-2024-26802  | 16 ----------------
 active/CVE-2024-26803  | 16 ----------------
 retired/CVE-2023-2176  | 18 ++++++++++++++++++
 retired/CVE-2023-52631 | 16 ++++++++++++++++
 retired/CVE-2024-26582 | 16 ++++++++++++++++
 retired/CVE-2024-26590 | 17 +++++++++++++++++
 retired/CVE-2024-26603 | 16 ++++++++++++++++
 retired/CVE-2024-26626 | 16 ++++++++++++++++
 retired/CVE-2024-26660 | 16 ++++++++++++++++
 retired/CVE-2024-26667 | 16 ++++++++++++++++
 retired/CVE-2024-26676 | 16 ++++++++++++++++
 retired/CVE-2024-26681 | 16 ++++++++++++++++
 retired/CVE-2024-26710 | 16 ++++++++++++++++
 retired/CVE-2024-26714 | 16 ++++++++++++++++
 retired/CVE-2024-26717 | 16 ++++++++++++++++
 retired/CVE-2024-26723 | 16 ++++++++++++++++
 retired/CVE-2024-26731 | 16 ++++++++++++++++
 retired/CVE-2024-26737 | 16 ++++++++++++++++
 retired/CVE-2024-26741 | 16 ++++++++++++++++
 retired/CVE-2024-26742 | 16 ++++++++++++++++
 retired/CVE-2024-26745 | 16 ++++++++++++++++
 retired/CVE-2024-26750 | 16 ++++++++++++++++
 retired/CVE-2024-26760 | 16 ++++++++++++++++
 retired/CVE-2024-26761 | 16 ++++++++++++++++
 retired/CVE-2024-26780 | 17 +++++++++++++++++
 retired/CVE-2024-26789 | 16 ++++++++++++++++
 retired/CVE-2024-26798 | 16 ++++++++++++++++
 retired/CVE-2024-26800 | 16 ++++++++++++++++
 retired/CVE-2024-26802 | 16 ++++++++++++++++
 retired/CVE-2024-26803 | 16 ++++++++++++++++
 56 files changed, 452 insertions(+), 452 deletions(-)
 delete mode 100644 active/CVE-2023-2176
 delete mode 100644 active/CVE-2023-52631
 delete mode 100644 active/CVE-2024-26582
 delete mode 100644 active/CVE-2024-26590
 delete mode 100644 active/CVE-2024-26603
 delete mode 100644 active/CVE-2024-26626
 delete mode 100644 active/CVE-2024-26660
 delete mode 100644 active/CVE-2024-26667
 delete mode 100644 active/CVE-2024-26676
 delete mode 100644 active/CVE-2024-26681
 delete mode 100644 active/CVE-2024-26710
 delete mode 100644 active/CVE-2024-26714
 delete mode 100644 active/CVE-2024-26717
 delete mode 100644 active/CVE-2024-26723
 delete mode 100644 active/CVE-2024-26731
 delete mode 100644 active/CVE-2024-26737
 delete mode 100644 active/CVE-2024-26741
 delete mode 100644 active/CVE-2024-26742
 delete mode 100644 active/CVE-2024-26745
 delete mode 100644 active/CVE-2024-26750
 delete mode 100644 active/CVE-2024-26760
 delete mode 100644 active/CVE-2024-26761
 delete mode 100644 active/CVE-2024-26780
 delete mode 100644 active/CVE-2024-26789
 delete mode 100644 active/CVE-2024-26798
 delete mode 100644 active/CVE-2024-26800
 delete mode 100644 active/CVE-2024-26802
 delete mode 100644 active/CVE-2024-26803
 create mode 100644 retired/CVE-2023-2176
 create mode 100644 retired/CVE-2023-52631
 create mode 100644 retired/CVE-2024-26582
 create mode 100644 retired/CVE-2024-26590
 create mode 100644 retired/CVE-2024-26603
 create mode 100644 retired/CVE-2024-26626
 create mode 100644 retired/CVE-2024-26660
 create mode 100644 retired/CVE-2024-26667
 create mode 100644 retired/CVE-2024-26676
 create mode 100644 retired/CVE-2024-26681
 create mode 100644 retired/CVE-2024-26710
 create mode 100644 retired/CVE-2024-26714
 create mode 100644 retired/CVE-2024-26717
 create mode 100644 retired/CVE-2024-26723
 create mode 100644 retired/CVE-2024-26731
 create mode 100644 retired/CVE-2024-26737
 create mode 100644 retired/CVE-2024-26741
 create mode 100644 retired/CVE-2024-26742
 create mode 100644 retired/CVE-2024-26745
 create mode 100644 retired/CVE-2024-26750
 create mode 100644 retired/CVE-2024-26760
 create mode 100644 retired/CVE-2024-26761
 create mode 100644 retired/CVE-2024-26780
 create mode 100644 retired/CVE-2024-26789
 create mode 100644 retired/CVE-2024-26798
 create mode 100644 retired/CVE-2024-26800
 create mode 100644 retired/CVE-2024-26802
 create mode 100644 retired/CVE-2024-26803

diff --git a/active/CVE-2023-2176 b/active/CVE-2023-2176
deleted file mode 100644
index 8475aa33..00000000
--- a/active/CVE-2023-2176
+++ /dev/null
@@ -1,18 +0,0 @@
-Description: cma: IP tree/list corruption triggered by rebinding
-References:
- https://lkml.org/lkml/2022/12/9/178
- https://www.spinics.net/lists/linux-rdma/msg114749.html
- https://patchwork.kernel.org/project/linux-rdma/patch/3d0e9a2fd62bc10ba02fed1c7c48a48638952320.1672819273.git.leonro@nvidia.com/
-Notes:
- bwh> Appears to have been introduced in 6.0 by commit fc008bdbf1cd
- bwh> "RDMA/core: Add an rb_tree that stores cm_ids sorted by ifindex
- bwh> and remote IP".
-Bugs:
-upstream: released (6.3-rc1) [8d037973d48c026224ab285e6a06985ccac6f7bf]
-6.1-upstream-stable: released (6.1.81) [88067197e97af3fcb104dd86030f788ec1b32fdb]
-5.10-upstream-stable: N/A "Vulnerability introduced later"
-4.19-upstream-stable: N/A "Vulnerability introduced later"
-sid: released (6.3.7-1)
-6.1-bookworm-security: released (6.1.82-1)
-5.10-bullseye-security: N/A "Vulnerability introduced later"
-4.19-buster-security: N/A "Vulnerability introduced later"
diff --git a/active/CVE-2023-52631 b/active/CVE-2023-52631
deleted file mode 100644
index e9622e88..00000000
--- a/active/CVE-2023-52631
+++ /dev/null
@@ -1,16 +0,0 @@
-Description: fs/ntfs3: Fix an NULL dereference bug
-References:
-Notes:
- carnil> Introduced in be71b5cba2e6 ("fs/ntfs3: Add attrib operations"). Vulnerable
- carnil> versions: 5.15-rc1.
-Bugs:
-upstream: released (6.8-rc4) [b2dd7b953c25ffd5912dda17e980e7168bebcf6c]
-6.7-upstream-stable: released (6.7.5) [686820fe141ea0220fc6fdfc7e5694f915cf64b2]
-6.6-upstream-stable: released (6.6.17) [fb7bcd1722bc9bc55160378f5f99c01198fd14a7]
-6.1-upstream-stable: released (6.1.78) [ec1bedd797588fe38fc11cba26d77bb1d9b194c6]
-5.10-upstream-stable: N/A "Vulnerable code not present"
-4.19-upstream-stable: N/A "Vulnerable code not present"
-sid: released (6.7.7-1)
-6.1-bookworm-security: released (6.1.82-1)
-5.10-bullseye-security: N/A "Vulnerable code not present"
-4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26582 b/active/CVE-2024-26582
deleted file mode 100644
index 9ea50092..00000000
--- a/active/CVE-2024-26582
+++ /dev/null
@@ -1,16 +0,0 @@
-Description: net: tls: fix use-after-free with partial reads and async decrypt
-References:
-Notes:
- carnil> Introduced in fd31f3996af2 ("tls: rx: decrypt into a fresh skb"). Vulnerable
- carnil> versions: 6.0-rc1.
-Bugs:
-upstream: released (6.8-rc5) [32b55c5ff9103b8508c1e04bfa5a08c64e7a925f]
-6.7-upstream-stable: released (6.7.6) [754c9bab77a1b895b97bd99d754403c505bc79df]
-6.6-upstream-stable: released (6.6.18) [d684763534b969cca1022e2a28645c7cc91f7fa5]
-6.1-upstream-stable: released (6.1.79) [20b4ed034872b4d024b26e2bc1092c3f80e5db96]
-5.10-upstream-stable: N/A "Vulnerable code not present"
-4.19-upstream-stable: N/A "Vulnerable code not present"
-sid: released (6.7.7-1)
-6.1-bookworm-security: released (6.1.82-1)
-5.10-bullseye-security: N/A "Vulnerable code not present"
-4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26590 b/active/CVE-2024-26590
deleted file mode 100644
index 8e42da90..00000000
--- a/active/CVE-2024-26590
+++ /dev/null
@@ -1,17 +0,0 @@
-Description: erofs: fix inconsistent per-file compression format
-References:
-Notes:
- carnil> Introduced in 8f89926290c4 ("erofs: get compression algorithms directly on
- carnil> mapping")
- carnil> 622ceaddb764 ("erofs: lzma compression support"). Vulnerable versions: 5.16-rc1.
-Bugs:
-upstream: released (6.8-rc1) [118a8cf504d7dfa519562d000f423ee3ca75d2c4]
-6.7-upstream-stable: released (6.7.2) [eed24b816e50c6cd18cbee0ff0d7218c8fced199]
-6.6-upstream-stable: released (6.6.14) [823ba1d2106019ddf195287ba53057aee33cf724]
-6.1-upstream-stable: released (6.1.80) [47467e04816cb297905c0f09bc2d11ef865942d9]
-5.10-upstream-stable: N/A "Vulnerable code not present"
-4.19-upstream-stable: N/A "Vulnerable code not present"
-sid: released (6.6.15-1)
-6.1-bookworm-security: released (6.1.82-1)
-5.10-bullseye-security: N/A "Vulnerable code not present"
-4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26603 b/active/CVE-2024-26603
deleted file mode 100644
index c7dc84ae..00000000
--- a/active/CVE-2024-26603
+++ /dev/null
@@ -1,16 +0,0 @@
-Description: x86/fpu: Stop relying on userspace for info to fault in xsave buffer
-References:
-Notes:
- carnil> Introduced in fcb3635f5018 ("x86/fpu/signal: Handle #PF in the direct restore
- carnil> path"). Vulnerable versions: 5.14-rc1.
-Bugs:
-upstream: released (6.8-rc4) [d877550eaf2dc9090d782864c96939397a3c6835]
-6.7-upstream-stable: released (6.7.6) [627e28cbb65564e55008315d9e02fbb90478beda]
-6.6-upstream-stable: released (6.6.18) [b2479ab426cef7ab79a13005650eff956223ced2]
-6.1-upstream-stable: released (6.1.79) [627339cccdc9166792ecf96bc3c9f711a60ce996]
-5.10-upstream-stable: N/A "Vulnerable code not present"
-4.19-upstream-stable: N/A "Vulnerable code not present"
-sid: released (6.7.7-1)
-6.1-bookworm-security: released (6.1.82-1)
-5.10-bullseye-security: N/A "Vulnerable code not present"
-4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26626 b/active/CVE-2024-26626
deleted file mode 100644
index 2ae200cd..00000000
--- a/active/CVE-2024-26626
+++ /dev/null
@@ -1,16 +0,0 @@
-Description: ipmr: fix kernel panic when forwarding mcast packets
-References:
-Notes:
- carnil> Introduced in bb7403655b3c ("ipmr: support IP_PKTINFO on cache report IGMP
- carnil> msg"). Vulnerable versions: 6.1.75 6.6.14 6.7.2 6.8-rc1.
-Bugs:
-upstream: released (6.8-rc3) [e622502c310f1069fd9f41cd38210553115f610a]
-6.7-upstream-stable: released (6.7.4) [2e8c9ae40adda2be1ba41c05fd3cd1e61cce3207]
-6.6-upstream-stable: released (6.6.16) [dcaafdba6c6162bb49f1192850bc3bbc3707738c]
-6.1-upstream-stable: released (6.1.77) [d2f1b7fe74afd66298dbb3c7b39e7b62e4df1724]
-5.10-upstream-stable: N/A "Vulnerable code not present"
-4.19-upstream-stable: N/A "Vulnerable code not present"
-sid: released (6.7.7-1)
-6.1-bookworm-security: released (6.1.82-1)
-5.10-bullseye-security: N/A "Vulnerable code not present"
-4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26660 b/active/CVE-2024-26660
deleted file mode 100644
index 5333a270..00000000
--- a/active/CVE-2024-26660
+++ /dev/null
@@ -1,16 +0,0 @@
-Description: drm/amd/display: Implement bounds check for stream encoder creation in DCN301
-References:
-Notes:
- carnil> Introduced in 3a83e4e64bb1 ("drm/amd/display: Add dcn3.01 support to DC (v2)").
- carnil> Vulnerable versions: 5.11-rc1.
-Bugs:
-upstream: released (6.8-rc4) [58fca355ad37dcb5f785d9095db5f748b79c5dc2]
-6.7-upstream-stable: released (6.7.5) [a938eab9586eea31cfd129a507f552efae14d738]
-6.6-upstream-stable: released (6.6.17) [cd9bd10c59e3c1446680514fd3097c5b00d3712d]
-6.1-upstream-stable: released (6.1.78) [efdd665ce1a1634b8c1dad5e7f6baaef3e131d0a]
-5.10-upstream-stable: N/A "Vulnerable code not present"
-4.19-upstream-stable: N/A "Vulnerable code not present"
-sid: released (6.7.7-1)
-6.1-bookworm-security: released (6.1.82-1)
-5.10-bullseye-security: N/A "Vulnerable code not present"
-4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26667 b/active/CVE-2024-26667
deleted file mode 100644
index 11a28e55..00000000
--- a/active/CVE-2024-26667
+++ /dev/null
@@ -1,16 +0,0 @@
-Description: drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup
-References:
-Notes:
- carnil> Introduced in ae4d721ce100 ("drm/msm/dpu: add an API to reset the encoder
- carnil> related hw blocks"). Vulnerable versions: 5.19-rc1.
-Bugs:
-upstream: released (6.8-rc4) [7f3d03c48b1eb6bc45ab20ca98b8b11be25f9f52]
-6.7-upstream-stable: released (6.7.5) [eb4f56f3ff5799ca754ae6d811803a63fe25a4a2]
-6.6-upstream-stable: released (6.6.17) [79592a6e7bdc1d05460c95f891f5e5263a107af8]
-6.1-upstream-stable: released (6.1.78) [fb8bfc6ea3cd8c5ac3d35711d064e2f6646aec17]
-5.10-upstream-stable: N/A "Vulnerable code not present"
-4.19-upstream-stable: N/A "Vulnerable code not present"
-sid: released (6.7.7-1)
-6.1-bookworm-security: released (6.1.82-1)
-5.10-bullseye-security: N/A "Vulnerable code not present"
-4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26676 b/active/CVE-2024-26676
deleted file mode 100644
index bcc8189f..00000000
--- a/active/CVE-2024-26676
+++ /dev/null
@@ -1,16 +0,0 @@
-Description: af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC.
-References:
-Notes:
- carnil> Introduced in 2aab4b969002 ("af_unix: fix struct pid leaks in OOB support").
- carnil> Vulnerable versions: 5.15.103 6.1.20 6.2.7 6.3-rc2.
-Bugs:
-upstream: released (6.8-rc4) [1279f9d9dec2d7462823a18c29ad61359e0a007d]
-6.7-upstream-stable: released (6.7.5) [82ae47c5c3a6b27fdc0f9e83c1499cb439c56140]
-6.6-upstream-stable: released (6.6.17) [b74aa9ce13d02b7fd37c5325b99854f91b9b4276]
-6.1-upstream-stable: released (6.1.78) [e0e09186d8821ad59806115d347ea32efa43ca4b]
-5.10-upstream-stable: N/A "Vulnerable code not present"
-4.19-upstream-stable: N/A "Vulnerable code not present"
-sid: released (6.7.7-1)
-6.1-bookworm-security: released (6.1.82-1)
-5.10-bullseye-security: N/A "Vulnerable code not present"
-4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26681 b/active/CVE-2024-26681
deleted file mode 100644
index bbf31fb1..00000000
--- a/active/CVE-2024-26681
+++ /dev/null
@@ -1,16 +0,0 @@
-Description: netdevsim: avoid potential loop in nsim_dev_trap_report_work()
-References:
-Notes:
- carnil> Introduced in 012ec02ae441 ("netdevsim: convert driver to use unlocked devlink
- carnil> API during init/fini"). Vulnerable versions: 6.0-rc1.
-Bugs:
-upstream: released (6.8-rc4) [ba5e1272142d051dcc57ca1d3225ad8a089f9858]
-6.7-upstream-stable: released (6.7.5) [d91964cdada76740811b7c621239f9c407820dbc]
-6.6-upstream-stable: released (6.6.17) [6eecddd9c3c8d6e3a097531cdc6d500335b35e46]
-6.1-upstream-stable: released (6.1.78) [0193e0660cc6689c794794b471492923cfd7bfbc]
-5.10-upstream-stable: N/A "Vulnerable code not present"
-4.19-upstream-stable: N/A "Vulnerable code not present"
-sid: released (6.7.7-1)
-6.1-bookworm-security: released (6.1.82-1)
-5.10-bullseye-security: N/A "Vulnerable code not present"
-4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26710 b/active/CVE-2024-26710
deleted file mode 100644
index f02276f0..00000000
--- a/active/CVE-2024-26710
+++ /dev/null
@@ -1,16 +0,0 @@
-Description: powerpc/kasan: Limit KASAN thread size increase to 32KB
-References:
-Notes:
- carnil> Introduced in 18f14afe2816 ("powerpc/64s: Increase default stack size to
- carnil> 32KB"). Vulnerable versions: 6.1.75 6.1.76 6.6.14 6.7.2 6.8-rc1.
-Bugs:
-upstream: released (6.8-rc5) [f1acb109505d983779bbb7e20a1ee6244d2b5736]
-6.7-upstream-stable: released (6.7.6) [b29b16bd836a838b7690f80e37f8376414c74cbe]
-6.6-upstream-stable: released (6.6.18) [4cc31fa07445879a13750cb061bb8c2654975fcb]
-6.1-upstream-stable: released (6.1.79) [4297217bcf1f0948a19c2bacc6b68d92e7778ad9]
-5.10-upstream-stable: N/A "Vulnerable code not present"
-4.19-upstream-stable: N/A "Vulnerable code not present"
-sid: released (6.7.7-1)
-6.1-bookworm-security: released (6.1.82-1)
-5.10-bullseye-security: N/A "Vulnerable code not present"
-4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26714 b/active/CVE-2024-26714
deleted file mode 100644
index 1eaa9043..00000000
--- a/active/CVE-2024-26714
+++ /dev/null
@@ -1,16 +0,0 @@
-Description: interconnect: qcom: sc8180x: Mark CO0 BCM keepalive
-References:
-Notes:
- carnil> Introduced in 9c8c6bac1ae8 ("interconnect: qcom: Add SC8180x providers").
- carnil> Vulnerable versions: 5.15-rc1.
-Bugs:
-upstream: released (6.8-rc5) [85e985a4f46e462a37f1875cb74ed380e7c0c2e0]
-6.7-upstream-stable: released (6.7.6) [7a3a70dd08e4b7dffc2f86f2c68fc3812804b9d0]
-6.6-upstream-stable: released (6.6.18) [d8e36ff40cf9dadb135f3a97341c02c9a7afcc43]
-6.1-upstream-stable: released (6.1.79) [6616d3c4f8284a7b3ef978c916566bd240cea1c7]
-5.10-upstream-stable: N/A "Vulnerable code not present"
-4.19-upstream-stable: N/A "Vulnerable code not present"
-sid: released (6.7.7-1)
-6.1-bookworm-security: released (6.1.82-1)
-5.10-bullseye-security: N/A "Vulnerable code not present"
-4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26717 b/active/CVE-2024-26717
deleted file mode 100644
index 71dc2454..00000000
--- a/active/CVE-2024-26717
+++ /dev/null
@@ -1,16 +0,0 @@
-Description: HID: i2c-hid-of: fix NULL-deref on failed power up
-References:
-Notes:
- carnil> Introduced in b33752c30023 ("HID: i2c-hid: Reorganize so ACPI and OF are
- carnil> separate modules"). Vulnerable versions: 5.12-rc1.
-Bugs:
-upstream: released (6.8-rc3) [00aab7dcb2267f2aef59447602f34501efe1a07f]
-6.7-upstream-stable: released (6.7.6) [e28d6b63aeecbda450935fb58db0e682ea8212d3]
-6.6-upstream-stable: released (6.6.18) [4cad91344a62536a2949873bad6365fbb6232776]
-6.1-upstream-stable: released (6.1.79) [d7d7a0e3b6f5adc45f23667cbb919e99093a5b5c]
-5.10-upstream-stable: N/A "Vulnerable code not present"
-4.19-upstream-stable: N/A "Vulnerable code not present"
-sid: released (6.7.7-1)
-6.1-bookworm-security: released (6.1.82-1)
-5.10-bullseye-security: N/A "Vulnerable code not present"
-4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26723 b/active/CVE-2024-26723
deleted file mode 100644
index 79168fdb..00000000
--- a/active/CVE-2024-26723
+++ /dev/null
@@ -1,16 +0,0 @@
-Description: lan966x: Fix crash when adding interface under a lag
-References:
-Notes:
- carnil> Introduced in cabc9d49333d ("net: lan966x: Add lag support for lan966x").
- carnil> Vulnerable versions: 6.1-rc1.
-Bugs:
-upstream: released (6.8-rc5) [15faa1f67ab405d47789d4702f587ec7df7ef03e]
-6.7-upstream-stable: released (6.7.6) [2a492f01228b7d091dfe38974ef40dccf8f9f2f1]
-6.6-upstream-stable: released (6.6.18) [48fae67d837488c87379f0c9f27df7391718477c]
-6.1-upstream-stable: released (6.1.79) [b9357489c46c7a43999964628db8b47d3a1f8672]
-5.10-upstream-stable: N/A "Vulnerable code not present"
-4.19-upstream-stable: N/A "Vulnerable code not present"
-sid: released (6.7.7-1)
-6.1-bookworm-security: released (6.1.82-1)
-5.10-bullseye-security: N/A "Vulnerable code not present"
-4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26731 b/active/CVE-2024-26731
deleted file mode 100644
index 76f8b4da..00000000
--- a/active/CVE-2024-26731
+++ /dev/null
@@ -1,16 +0,0 @@
-Description: bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready()
-References:
-Notes:
- carnil> Introduced in 6df7f764cd3c ("bpf, sockmap: Wake up polling after data copy").
- carnil> Vulnerable versions: 6.1.32 6.3.6 6.4-rc4.
-Bugs:
-upstream: released (6.8-rc6) [4cd12c6065dfcdeba10f49949bffcf383b3952d8]
-6.7-upstream-stable: released (6.7.7) [d61608a4e394f23e0dca099df9eb8e555453d949]
-6.6-upstream-stable: released (6.6.19) [9b099ed46dcaf1403c531ff02c3d7400fa37fa26]
-6.1-upstream-stable: released (6.1.80) [4588b13abcbd561ec67f5b3c1cb2eff690990a54]
-5.10-upstream-stable: N/A "Vulnerable code not present"
-4.19-upstream-stable: N/A "Vulnerable code not present"
-sid: released (6.7.7-1)
-6.1-bookworm-security: released (6.1.82-1)
-5.10-bullseye-security: N/A "Vulnerable code not present"
-4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26737 b/active/CVE-2024-26737
deleted file mode 100644
index 9f9eec30..00000000
--- a/active/CVE-2024-26737
+++ /dev/null
@@ -1,16 +0,0 @@
-Description: bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel
-References:
-Notes:
- carnil> Introduced in b00628b1c7d5 ("bpf: Introduce bpf timers."). Vulnerable versions:
- carnil> 5.15-rc1.
-Bugs:
-upstream: released (6.8-rc6) [0281b919e175bb9c3128bd3872ac2903e9436e3f]
-6.7-upstream-stable: released (6.7.7) [7d80a9e745fa5b47da3bca001f186c02485c7c33]
-6.6-upstream-stable: released (6.6.19) [8327ed12e8ebc5436bfaa1786c49988894f9c8a6]
-6.1-upstream-stable: released (6.1.80) [addf5e297e6cbf5341f9c07720693ca9ba0057b5]
-5.10-upstream-stable: N/A "Vulnerable code not present"
-4.19-upstream-stable: N/A "Vulnerable code not present"
-sid: released (6.7.7-1)
-6.1-bookworm-security: released (6.1.82-1)
-5.10-bullseye-security: N/A "Vulnerable code not present"
-4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26741 b/active/CVE-2024-26741
deleted file mode 100644
index a040989c..00000000
--- a/active/CVE-2024-26741
+++ /dev/null
@@ -1,16 +0,0 @@
-Description: dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished().
-References:
-Notes:
- carnil> Introduced in 28044fc1d495 ("net: Add a bhash2 table hashed by port and
- carnil> address"). Vulnerable versions: 6.1-rc1.
-Bugs:
-upstream: released (6.8-rc6) [66b60b0c8c4a163b022a9f0ad6769b0fd3dc662f]
-6.7-upstream-stable: released (6.7.7) [f8c4a6b850882bc47aaa864b720c7a2ee3102f39]
-6.6-upstream-stable: released (6.6.19) [334a8348b2df26526f3298848ad6864285592caf]
-6.1-upstream-stable: released (6.1.80) [729bc77af438a6e67914c97f6f3d3af8f72c0131]
-5.10-upstream-stable: N/A "Vulnerable code not present"
-4.19-upstream-stable: N/A "Vulnerable code not present"
-sid: released (6.7.7-1)
-6.1-bookworm-security: released (6.1.82-1)
-5.10-bullseye-security: N/A "Vulnerable code not present"
-4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26742 b/active/CVE-2024-26742
deleted file mode 100644
index 31f5a00f..00000000
--- a/active/CVE-2024-26742
+++ /dev/null
@@ -1,16 +0,0 @@
-Description: scsi: smartpqi: Fix disable_managed_interrupts
-References:
-Notes:
- carnil> Introduced in cf15c3e734e8 ("scsi: smartpqi: Add module param to disable
- carnil> managed ints"). Vulnerable versions: 6.0-rc1.
-Bugs:
-upstream: released (6.8-rc6) [5761eb9761d2d5fe8248a9b719efc4d8baf1f24a]
-6.7-upstream-stable: released (6.7.7) [b9433b25cb06c415c9cb24782599649a406c8d6d]
-6.6-upstream-stable: released (6.6.19) [4f5b15c15e6016efb3e14582d02cc4ddf57227df]
-6.1-upstream-stable: released (6.1.80) [3c31b18a8dd8b7bf36af1cd723d455853b8f94fe]
-5.10-upstream-stable: N/A "Vulnerable code not present"
-4.19-upstream-stable: N/A "Vulnerable code not present"
-sid: released (6.7.7-1)
-6.1-bookworm-security: released (6.1.82-1)
-5.10-bullseye-security: N/A "Vulnerable code not present"
-4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26745 b/active/CVE-2024-26745
deleted file mode 100644
index e5e5bf87..00000000
--- a/active/CVE-2024-26745
+++ /dev/null
@@ -1,16 +0,0 @@
-Description: powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV
-References:
-Notes:
- carnil> Introduced in b1fc44eaa9ba ("pseries/iommu/ddw: Fix kdump to work in absence of
- carnil> ibm,dma-window"). Vulnerable versions: 5.18.18 5.19.2 6.0-rc1.
-Bugs:
-upstream: released (6.8-rc7) [09a3c1e46142199adcee372a420b024b4fc61051]
-6.7-upstream-stable: released (6.7.9) [5da6d306f315344af1ca2eff4bd9b10b130f0c28]
-6.6-upstream-stable: released (6.6.21) [d4d1e4b1513d975961de7bb4f75e450a92d65ebf]
-6.1-upstream-stable: released (6.1.81) [7eb95e0af5c9c2e6fad50356eaf32d216d0e7bc3]
-5.10-upstream-stable: N/A "Vulnerable code not present"
-4.19-upstream-stable: N/A "Vulnerable code not present"
-sid: released (6.7.9-1)
-6.1-bookworm-security: released (6.1.82-1)
-5.10-bullseye-security: N/A "Vulnerable code not present"
-4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26750 b/active/CVE-2024-26750
deleted file mode 100644
index 50d0f51c..00000000
--- a/active/CVE-2024-26750
+++ /dev/null
@@ -1,16 +0,0 @@
-Description: af_unix: Drop oob_skb ref before purging queue in GC.
-References:
-Notes:
- carnil> Introduced in 25236c91b5ab ("af_unix: Fix task hung while purging oob_skb in
- carnil> GC."). Vulnerable versions: 5.15.149 6.1.81 6.6.21 6.7.9 6.8-rc5.
-Bugs:
-upstream: released (6.8-rc6) [aa82ac51d63328714645c827775d64dbfd9941f3]
-6.7-upstream-stable: released (6.7.9) [43ba9e331559a30000c862eea313248707afa787]
-6.6-upstream-stable: released (6.6.21) [e9eac260369d0cf57ea53df95427125725507a0d]
-6.1-upstream-stable: released (6.1.81) [c4c795b21dd23d9514ae1c6646c3fb2c78b5be60]
-5.10-upstream-stable: N/A "Vulnerable code not present"
-4.19-upstream-stable: N/A "Vulnerable code not present"
-sid: released (6.7.9-1)
-6.1-bookworm-security: released (6.1.82-1)
-5.10-bullseye-security: N/A "Vulnerable code not present"
-4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26760 b/active/CVE-2024-26760
deleted file mode 100644
index 6c1daa4b..00000000
--- a/active/CVE-2024-26760
+++ /dev/null
@@ -1,16 +0,0 @@
-Description: scsi: target: pscsi: Fix bio_put() for error case
-References:
-Notes:
- carnil> Introduced in 066ff571011d ("block: turn bio_kmalloc into a simple kmalloc
- carnil> wrapper"). Vulnerable versions: 5.19-rc1.
-Bugs:
-upstream: released (6.8-rc6) [de959094eb2197636f7c803af0943cb9d3b35804]
-6.7-upstream-stable: released (6.7.7) [1cfe9489fb563e9a0c9cdc5ca68257a44428c2ec]
-6.6-upstream-stable: released (6.6.19) [4ebc079f0c7dcda1270843ab0f38ab4edb8f7921]
-6.1-upstream-stable: released (6.1.80) [f49b20fd0134da84a6bd8108f9e73c077b7d6231]
-5.10-upstream-stable: N/A "Vulnerable code not present"
-4.19-upstream-stable: N/A "Vulnerable code not present"
-sid: released (6.7.7-1)
-6.1-bookworm-security: released (6.1.82-1)
-5.10-bullseye-security: N/A "Vulnerable code not present"
-4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26761 b/active/CVE-2024-26761
deleted file mode 100644
index f0d3b910..00000000
--- a/active/CVE-2024-26761
+++ /dev/null
@@ -1,16 +0,0 @@
-Description: cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window
-References:
-Notes:
- carnil> Introduced in 34e37b4c432c ("cxl/port: Enable HDM Capability after validating
- carnil> DVSEC Ranges"). Vulnerable versions: 5.19-rc1.
-Bugs:
-upstream: released (6.8-rc6) [0cab687205986491302cd2e440ef1d253031c221]
-6.7-upstream-stable: released (6.7.7) [3a3181a71935774bda2398451256d7441426420b]
-6.6-upstream-stable: released (6.6.19) [2cc1a530ab31c65b52daf3cb5d0883c8b614ea69]
-6.1-upstream-stable: released (6.1.80) [031217128990d7f0ab8c46db1afb3cf1e075fd29]
-5.10-upstream-stable: N/A "Vulnerable code not present"
-4.19-upstream-stable: N/A "Vulnerable code not present"
-sid: released (6.7.7-1)
-6.1-bookworm-security: released (6.1.82-1)
-5.10-bullseye-security: N/A "Vulnerable code not present"
-4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26780 b/active/CVE-2024-26780
deleted file mode 100644
index 99d0e798..00000000
--- a/active/CVE-2024-26780
+++ /dev/null
@@ -1,17 +0,0 @@
-Description: af_unix: Fix task hung while purging oob_skb in GC.
-References:
-Notes:
- carnil> Introduced in 1279f9d9dec2 ("af_unix: Call kfree_skb() for dead
- carnil> unix_(sk)->oob_skb in GC."). Vulnerable versions: 5.15.149 6.1.78 6.6.17 6.7.5
- carnil> 6.8-rc4.
-Bugs:
-upstream: released (6.8-rc5) [25236c91b5ab4a26a56ba2e79b8060cf4e047839]
-6.7-upstream-stable: released (6.7.9) [cb8890318dde26fc89c6ea67d6e9070ab50b6e91]
-6.6-upstream-stable: released (6.6.21) [69e0f04460f4037e01e29f0d9675544f62aafca3]
-6.1-upstream-stable: released (6.1.81) [2a3d40b4025fcfe51b04924979f1653993b17669]
-5.10-upstream-stable: N/A "Vulnerable code not present"
-4.19-upstream-stable: N/A "Vulnerable code not present"
-sid: released (6.7.9-1)
-6.1-bookworm-security: released (6.1.82-1)
-5.10-bullseye-security: N/A "Vulnerable code not present"
-4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26789 b/active/CVE-2024-26789
deleted file mode 100644
index 12d858d2..00000000
--- a/active/CVE-2024-26789
+++ /dev/null
@@ -1,16 +0,0 @@
-Description: crypto: arm64/neonbs - fix out-of-bounds access on short input
-References:
-Notes:
- carnil> Introduced in fc074e130051 ("crypto: arm64/aes-neonbs-ctr - fallback to plain
- carnil> NEON for final chunk"). Vulnerable versions: 5.18-rc1.
-Bugs:
-upstream: released (6.8-rc7) [1c0cf6d19690141002889d72622b90fc01562ce4]
-6.7-upstream-stable: released (6.7.9) [9e8ecd4908b53941ab6f0f51584ab80c6c6606c4]
-6.6-upstream-stable: released (6.6.21) [1291d278b5574819a7266568ce4c28bce9438705]
-6.1-upstream-stable: released (6.1.81) [034e2d70b5c7f578200ad09955aeb2aa65d1164a]
-5.10-upstream-stable: N/A "Vulnerable code not present"
-4.19-upstream-stable: N/A "Vulnerable code not present"
-sid: released (6.7.9-1)
-6.1-bookworm-security: released (6.1.82-1)
-5.10-bullseye-security: N/A "Vulnerable code not present"
-4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26798 b/active/CVE-2024-26798
deleted file mode 100644
index 2802ea73..00000000
--- a/active/CVE-2024-26798
+++ /dev/null
@@ -1,16 +0,0 @@
-Description: fbcon: always restore the old font data in fbcon_do_set_font()
-References:
-Notes:
- carnil> Introduced in a5a923038d70 ("fbdev: fbcon: Properly revert changes when
- carnil> vc_resize() failed"). Vulnerable versions: 5.15.64 5.19.6 6.0-rc3.
-Bugs:
-upstream: released (6.8-rc7) [00d6a284fcf3fad1b7e1b5bc3cd87cbfb60ce03f]
-6.7-upstream-stable: released (6.7.9) [a2c881413dcc5d801bdc9535e51270cc88cb9cd8]
-6.6-upstream-stable: released (6.6.21) [73a6bd68a1342f3a44cac9dffad81ad6a003e520]
-6.1-upstream-stable: released (6.1.81) [2f91a96b892fab2f2543b4a55740c5bee36b1a6b]
-5.10-upstream-stable: N/A "Vulnerable code not present"
-4.19-upstream-stable: N/A "Vulnerable code not present"
-sid: released (6.7.9-1)
-6.1-bookworm-security: released (6.1.82-1)
-5.10-bullseye-security: N/A "Vulnerable code not present"
-4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26800 b/active/CVE-2024-26800
deleted file mode 100644
index 03dbd34f..00000000
--- a/active/CVE-2024-26800
+++ /dev/null
@@ -1,16 +0,0 @@
-Description: tls: fix use-after-free on failed backlog decryption
-References:
-Notes:
- carnil> Introduced in 859054147318 ("net: tls: handle backlogging of crypto requests").
- carnil> Vulnerable versions: 6.1.84 6.6.18 6.7.6 6.8-rc5.
-Bugs:
-upstream: released (6.8-rc7) [13114dc5543069f7b97991e3b79937b6da05f5b0]
-6.7-upstream-stable: released (6.7.9) [1ac9fb84bc7ecd4bc6428118301d9d864d2a58d1]
-6.6-upstream-stable: released (6.6.21) [81be85353b0f5a7b660635634b655329b429eefe]
-6.1-upstream-stable: released (6.1.84) [f2b85a4cc763841843de693bbd7308fe9a2c4c89]
-5.10-upstream-stable: N/A "Vulnerable code not present"
-4.19-upstream-stable: N/A "Vulnerable code not present"
-sid: released (6.7.9-1)
-6.1-bookworm-security: released (6.1.85-1)
-5.10-bullseye-security: N/A "Vulnerable code not present"
-4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26802 b/active/CVE-2024-26802
deleted file mode 100644
index a3b18332..00000000
--- a/active/CVE-2024-26802
+++ /dev/null
@@ -1,16 +0,0 @@
-Description: stmmac: Clear variable when destroying workqueue
-References:
-Notes:
- carnil> Introduced in 5a5586112b929 ("net: stmmac: support FPE link partner
- carnil> hand-shaking procedure"). Vulnerable versions: 5.13-rc1.
-Bugs:
-upstream: released (6.8-rc7) [8af411bbba1f457c33734795f024d0ef26d0963f]
-6.7-upstream-stable: released (6.7.9) [f72cf22dccc94038cbbaa1029cb575bf52e5cbc8]
-6.6-upstream-stable: released (6.6.21) [699b103e48ce32d03fc86c35b37ee8ae4288c7e3]
-6.1-upstream-stable: released (6.1.81) [17ccd9798fe0beda3db212cfa3ebe373f605cbd6]
-5.10-upstream-stable: N/A "Vulnerable code not present"
-4.19-upstream-stable: N/A "Vulnerable code not present"
-sid: released (6.7.9-1)
-6.1-bookworm-security: released (6.1.82-1)
-5.10-bullseye-security: N/A "Vulnerable code not present"
-4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26803 b/active/CVE-2024-26803
deleted file mode 100644
index 15a22a54..00000000
--- a/active/CVE-2024-26803
+++ /dev/null
@@ -1,16 +0,0 @@
-Description: net: veth: clear GRO when clearing XDP even when down
-References:
-Notes:
- carnil> Introduced in d3256efd8e8b ("veth: allow enabling NAPI even without XDP").
- carnil> Vulnerable versions: 5.13-rc1.
-Bugs:
-upstream: released (6.8-rc7) [fe9f801355f0b47668419f30f1fac1cf4539e736]
-6.7-upstream-stable: released (6.7.9) [8f7a3894e58e6f5d5815533cfde60e3838947941]
-6.6-upstream-stable: released (6.6.21) [16edf51f33f52dff70ed455bc40a6cc443c04664]
-6.1-upstream-stable: released (6.1.81) [7985d73961bbb4e726c1be7b9cd26becc7be8325]
-5.10-upstream-stable: N/A "Vulnerable code not present"
-4.19-upstream-stable: N/A "Vulnerable code not present"
-sid: released (6.7.9-1)
-6.1-bookworm-security: released (6.1.82-1)
-5.10-bullseye-security: N/A "Vulnerable code not present"
-4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-2176 b/retired/CVE-2023-2176
new file mode 100644
index 00000000..8475aa33
--- /dev/null
+++ b/retired/CVE-2023-2176
@@ -0,0 +1,18 @@
+Description: cma: IP tree/list corruption triggered by rebinding
+References:
+ https://lkml.org/lkml/2022/12/9/178
+ https://www.spinics.net/lists/linux-rdma/msg114749.html
+ https://patchwork.kernel.org/project/linux-rdma/patch/3d0e9a2fd62bc10ba02fed1c7c48a48638952320.1672819273.git.leonro@nvidia.com/
+Notes:
+ bwh> Appears to have been introduced in 6.0 by commit fc008bdbf1cd
+ bwh> "RDMA/core: Add an rb_tree that stores cm_ids sorted by ifindex
+ bwh> and remote IP".
+Bugs:
+upstream: released (6.3-rc1) [8d037973d48c026224ab285e6a06985ccac6f7bf]
+6.1-upstream-stable: released (6.1.81) [88067197e97af3fcb104dd86030f788ec1b32fdb]
+5.10-upstream-stable: N/A "Vulnerability introduced later"
+4.19-upstream-stable: N/A "Vulnerability introduced later"
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerability introduced later"
+4.19-buster-security: N/A "Vulnerability introduced later"
diff --git a/retired/CVE-2023-52631 b/retired/CVE-2023-52631
new file mode 100644
index 00000000..e9622e88
--- /dev/null
+++ b/retired/CVE-2023-52631
@@ -0,0 +1,16 @@
+Description: fs/ntfs3: Fix an NULL dereference bug
+References:
+Notes:
+ carnil> Introduced in be71b5cba2e6 ("fs/ntfs3: Add attrib operations"). Vulnerable
+ carnil> versions: 5.15-rc1.
+Bugs:
+upstream: released (6.8-rc4) [b2dd7b953c25ffd5912dda17e980e7168bebcf6c]
+6.7-upstream-stable: released (6.7.5) [686820fe141ea0220fc6fdfc7e5694f915cf64b2]
+6.6-upstream-stable: released (6.6.17) [fb7bcd1722bc9bc55160378f5f99c01198fd14a7]
+6.1-upstream-stable: released (6.1.78) [ec1bedd797588fe38fc11cba26d77bb1d9b194c6]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26582 b/retired/CVE-2024-26582
new file mode 100644
index 00000000..9ea50092
--- /dev/null
+++ b/retired/CVE-2024-26582
@@ -0,0 +1,16 @@
+Description: net: tls: fix use-after-free with partial reads and async decrypt
+References:
+Notes:
+ carnil> Introduced in fd31f3996af2 ("tls: rx: decrypt into a fresh skb"). Vulnerable
+ carnil> versions: 6.0-rc1.
+Bugs:
+upstream: released (6.8-rc5) [32b55c5ff9103b8508c1e04bfa5a08c64e7a925f]
+6.7-upstream-stable: released (6.7.6) [754c9bab77a1b895b97bd99d754403c505bc79df]
+6.6-upstream-stable: released (6.6.18) [d684763534b969cca1022e2a28645c7cc91f7fa5]
+6.1-upstream-stable: released (6.1.79) [20b4ed034872b4d024b26e2bc1092c3f80e5db96]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26590 b/retired/CVE-2024-26590
new file mode 100644
index 00000000..8e42da90
--- /dev/null
+++ b/retired/CVE-2024-26590
@@ -0,0 +1,17 @@
+Description: erofs: fix inconsistent per-file compression format
+References:
+Notes:
+ carnil> Introduced in 8f89926290c4 ("erofs: get compression algorithms directly on
+ carnil> mapping")
+ carnil> 622ceaddb764 ("erofs: lzma compression support"). Vulnerable versions: 5.16-rc1.
+Bugs:
+upstream: released (6.8-rc1) [118a8cf504d7dfa519562d000f423ee3ca75d2c4]
+6.7-upstream-stable: released (6.7.2) [eed24b816e50c6cd18cbee0ff0d7218c8fced199]
+6.6-upstream-stable: released (6.6.14) [823ba1d2106019ddf195287ba53057aee33cf724]
+6.1-upstream-stable: released (6.1.80) [47467e04816cb297905c0f09bc2d11ef865942d9]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26603 b/retired/CVE-2024-26603
new file mode 100644
index 00000000..c7dc84ae
--- /dev/null
+++ b/retired/CVE-2024-26603
@@ -0,0 +1,16 @@
+Description: x86/fpu: Stop relying on userspace for info to fault in xsave buffer
+References:
+Notes:
+ carnil> Introduced in fcb3635f5018 ("x86/fpu/signal: Handle #PF in the direct restore
+ carnil> path"). Vulnerable versions: 5.14-rc1.
+Bugs:
+upstream: released (6.8-rc4) [d877550eaf2dc9090d782864c96939397a3c6835]
+6.7-upstream-stable: released (6.7.6) [627e28cbb65564e55008315d9e02fbb90478beda]
+6.6-upstream-stable: released (6.6.18) [b2479ab426cef7ab79a13005650eff956223ced2]
+6.1-upstream-stable: released (6.1.79) [627339cccdc9166792ecf96bc3c9f711a60ce996]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26626 b/retired/CVE-2024-26626
new file mode 100644
index 00000000..2ae200cd
--- /dev/null
+++ b/retired/CVE-2024-26626
@@ -0,0 +1,16 @@
+Description: ipmr: fix kernel panic when forwarding mcast packets
+References:
+Notes:
+ carnil> Introduced in bb7403655b3c ("ipmr: support IP_PKTINFO on cache report IGMP
+ carnil> msg"). Vulnerable versions: 6.1.75 6.6.14 6.7.2 6.8-rc1.
+Bugs:
+upstream: released (6.8-rc3) [e622502c310f1069fd9f41cd38210553115f610a]
+6.7-upstream-stable: released (6.7.4) [2e8c9ae40adda2be1ba41c05fd3cd1e61cce3207]
+6.6-upstream-stable: released (6.6.16) [dcaafdba6c6162bb49f1192850bc3bbc3707738c]
+6.1-upstream-stable: released (6.1.77) [d2f1b7fe74afd66298dbb3c7b39e7b62e4df1724]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26660 b/retired/CVE-2024-26660
new file mode 100644
index 00000000..5333a270
--- /dev/null
+++ b/retired/CVE-2024-26660
@@ -0,0 +1,16 @@
+Description: drm/amd/display: Implement bounds check for stream encoder creation in DCN301
+References:
+Notes:
+ carnil> Introduced in 3a83e4e64bb1 ("drm/amd/display: Add dcn3.01 support to DC (v2)").
+ carnil> Vulnerable versions: 5.11-rc1.
+Bugs:
+upstream: released (6.8-rc4) [58fca355ad37dcb5f785d9095db5f748b79c5dc2]
+6.7-upstream-stable: released (6.7.5) [a938eab9586eea31cfd129a507f552efae14d738]
+6.6-upstream-stable: released (6.6.17) [cd9bd10c59e3c1446680514fd3097c5b00d3712d]
+6.1-upstream-stable: released (6.1.78) [efdd665ce1a1634b8c1dad5e7f6baaef3e131d0a]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26667 b/retired/CVE-2024-26667
new file mode 100644
index 00000000..11a28e55
--- /dev/null
+++ b/retired/CVE-2024-26667
@@ -0,0 +1,16 @@
+Description: drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup
+References:
+Notes:
+ carnil> Introduced in ae4d721ce100 ("drm/msm/dpu: add an API to reset the encoder
+ carnil> related hw blocks"). Vulnerable versions: 5.19-rc1.
+Bugs:
+upstream: released (6.8-rc4) [7f3d03c48b1eb6bc45ab20ca98b8b11be25f9f52]
+6.7-upstream-stable: released (6.7.5) [eb4f56f3ff5799ca754ae6d811803a63fe25a4a2]
+6.6-upstream-stable: released (6.6.17) [79592a6e7bdc1d05460c95f891f5e5263a107af8]
+6.1-upstream-stable: released (6.1.78) [fb8bfc6ea3cd8c5ac3d35711d064e2f6646aec17]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26676 b/retired/CVE-2024-26676
new file mode 100644
index 00000000..bcc8189f
--- /dev/null
+++ b/retired/CVE-2024-26676
@@ -0,0 +1,16 @@
+Description: af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC.
+References:
+Notes:
+ carnil> Introduced in 2aab4b969002 ("af_unix: fix struct pid leaks in OOB support").
+ carnil> Vulnerable versions: 5.15.103 6.1.20 6.2.7 6.3-rc2.
+Bugs:
+upstream: released (6.8-rc4) [1279f9d9dec2d7462823a18c29ad61359e0a007d]
+6.7-upstream-stable: released (6.7.5) [82ae47c5c3a6b27fdc0f9e83c1499cb439c56140]
+6.6-upstream-stable: released (6.6.17) [b74aa9ce13d02b7fd37c5325b99854f91b9b4276]
+6.1-upstream-stable: released (6.1.78) [e0e09186d8821ad59806115d347ea32efa43ca4b]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26681 b/retired/CVE-2024-26681
new file mode 100644
index 00000000..bbf31fb1
--- /dev/null
+++ b/retired/CVE-2024-26681
@@ -0,0 +1,16 @@
+Description: netdevsim: avoid potential loop in nsim_dev_trap_report_work()
+References:
+Notes:
+ carnil> Introduced in 012ec02ae441 ("netdevsim: convert driver to use unlocked devlink
+ carnil> API during init/fini"). Vulnerable versions: 6.0-rc1.
+Bugs:
+upstream: released (6.8-rc4) [ba5e1272142d051dcc57ca1d3225ad8a089f9858]
+6.7-upstream-stable: released (6.7.5) [d91964cdada76740811b7c621239f9c407820dbc]
+6.6-upstream-stable: released (6.6.17) [6eecddd9c3c8d6e3a097531cdc6d500335b35e46]
+6.1-upstream-stable: released (6.1.78) [0193e0660cc6689c794794b471492923cfd7bfbc]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26710 b/retired/CVE-2024-26710
new file mode 100644
index 00000000..f02276f0
--- /dev/null
+++ b/retired/CVE-2024-26710
@@ -0,0 +1,16 @@
+Description: powerpc/kasan: Limit KASAN thread size increase to 32KB
+References:
+Notes:
+ carnil> Introduced in 18f14afe2816 ("powerpc/64s: Increase default stack size to
+ carnil> 32KB"). Vulnerable versions: 6.1.75 6.1.76 6.6.14 6.7.2 6.8-rc1.
+Bugs:
+upstream: released (6.8-rc5) [f1acb109505d983779bbb7e20a1ee6244d2b5736]
+6.7-upstream-stable: released (6.7.6) [b29b16bd836a838b7690f80e37f8376414c74cbe]
+6.6-upstream-stable: released (6.6.18) [4cc31fa07445879a13750cb061bb8c2654975fcb]
+6.1-upstream-stable: released (6.1.79) [4297217bcf1f0948a19c2bacc6b68d92e7778ad9]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26714 b/retired/CVE-2024-26714
new file mode 100644
index 00000000..1eaa9043
--- /dev/null
+++ b/retired/CVE-2024-26714
@@ -0,0 +1,16 @@
+Description: interconnect: qcom: sc8180x: Mark CO0 BCM keepalive
+References:
+Notes:
+ carnil> Introduced in 9c8c6bac1ae8 ("interconnect: qcom: Add SC8180x providers").
+ carnil> Vulnerable versions: 5.15-rc1.
+Bugs:
+upstream: released (6.8-rc5) [85e985a4f46e462a37f1875cb74ed380e7c0c2e0]
+6.7-upstream-stable: released (6.7.6) [7a3a70dd08e4b7dffc2f86f2c68fc3812804b9d0]
+6.6-upstream-stable: released (6.6.18) [d8e36ff40cf9dadb135f3a97341c02c9a7afcc43]
+6.1-upstream-stable: released (6.1.79) [6616d3c4f8284a7b3ef978c916566bd240cea1c7]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26717 b/retired/CVE-2024-26717
new file mode 100644
index 00000000..71dc2454
--- /dev/null
+++ b/retired/CVE-2024-26717
@@ -0,0 +1,16 @@
+Description: HID: i2c-hid-of: fix NULL-deref on failed power up
+References:
+Notes:
+ carnil> Introduced in b33752c30023 ("HID: i2c-hid: Reorganize so ACPI and OF are
+ carnil> separate modules"). Vulnerable versions: 5.12-rc1.
+Bugs:
+upstream: released (6.8-rc3) [00aab7dcb2267f2aef59447602f34501efe1a07f]
+6.7-upstream-stable: released (6.7.6) [e28d6b63aeecbda450935fb58db0e682ea8212d3]
+6.6-upstream-stable: released (6.6.18) [4cad91344a62536a2949873bad6365fbb6232776]
+6.1-upstream-stable: released (6.1.79) [d7d7a0e3b6f5adc45f23667cbb919e99093a5b5c]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26723 b/retired/CVE-2024-26723
new file mode 100644
index 00000000..79168fdb
--- /dev/null
+++ b/retired/CVE-2024-26723
@@ -0,0 +1,16 @@
+Description: lan966x: Fix crash when adding interface under a lag
+References:
+Notes:
+ carnil> Introduced in cabc9d49333d ("net: lan966x: Add lag support for lan966x").
+ carnil> Vulnerable versions: 6.1-rc1.
+Bugs:
+upstream: released (6.8-rc5) [15faa1f67ab405d47789d4702f587ec7df7ef03e]
+6.7-upstream-stable: released (6.7.6) [2a492f01228b7d091dfe38974ef40dccf8f9f2f1]
+6.6-upstream-stable: released (6.6.18) [48fae67d837488c87379f0c9f27df7391718477c]
+6.1-upstream-stable: released (6.1.79) [b9357489c46c7a43999964628db8b47d3a1f8672]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26731 b/retired/CVE-2024-26731
new file mode 100644
index 00000000..76f8b4da
--- /dev/null
+++ b/retired/CVE-2024-26731
@@ -0,0 +1,16 @@
+Description: bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready()
+References:
+Notes:
+ carnil> Introduced in 6df7f764cd3c ("bpf, sockmap: Wake up polling after data copy").
+ carnil> Vulnerable versions: 6.1.32 6.3.6 6.4-rc4.
+Bugs:
+upstream: released (6.8-rc6) [4cd12c6065dfcdeba10f49949bffcf383b3952d8]
+6.7-upstream-stable: released (6.7.7) [d61608a4e394f23e0dca099df9eb8e555453d949]
+6.6-upstream-stable: released (6.6.19) [9b099ed46dcaf1403c531ff02c3d7400fa37fa26]
+6.1-upstream-stable: released (6.1.80) [4588b13abcbd561ec67f5b3c1cb2eff690990a54]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26737 b/retired/CVE-2024-26737
new file mode 100644
index 00000000..9f9eec30
--- /dev/null
+++ b/retired/CVE-2024-26737
@@ -0,0 +1,16 @@
+Description: bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel
+References:
+Notes:
+ carnil> Introduced in b00628b1c7d5 ("bpf: Introduce bpf timers."). Vulnerable versions:
+ carnil> 5.15-rc1.
+Bugs:
+upstream: released (6.8-rc6) [0281b919e175bb9c3128bd3872ac2903e9436e3f]
+6.7-upstream-stable: released (6.7.7) [7d80a9e745fa5b47da3bca001f186c02485c7c33]
+6.6-upstream-stable: released (6.6.19) [8327ed12e8ebc5436bfaa1786c49988894f9c8a6]
+6.1-upstream-stable: released (6.1.80) [addf5e297e6cbf5341f9c07720693ca9ba0057b5]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26741 b/retired/CVE-2024-26741
new file mode 100644
index 00000000..a040989c
--- /dev/null
+++ b/retired/CVE-2024-26741
@@ -0,0 +1,16 @@
+Description: dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished().
+References:
+Notes:
+ carnil> Introduced in 28044fc1d495 ("net: Add a bhash2 table hashed by port and
+ carnil> address"). Vulnerable versions: 6.1-rc1.
+Bugs:
+upstream: released (6.8-rc6) [66b60b0c8c4a163b022a9f0ad6769b0fd3dc662f]
+6.7-upstream-stable: released (6.7.7) [f8c4a6b850882bc47aaa864b720c7a2ee3102f39]
+6.6-upstream-stable: released (6.6.19) [334a8348b2df26526f3298848ad6864285592caf]
+6.1-upstream-stable: released (6.1.80) [729bc77af438a6e67914c97f6f3d3af8f72c0131]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26742 b/retired/CVE-2024-26742
new file mode 100644
index 00000000..31f5a00f
--- /dev/null
+++ b/retired/CVE-2024-26742
@@ -0,0 +1,16 @@
+Description: scsi: smartpqi: Fix disable_managed_interrupts
+References:
+Notes:
+ carnil> Introduced in cf15c3e734e8 ("scsi: smartpqi: Add module param to disable
+ carnil> managed ints"). Vulnerable versions: 6.0-rc1.
+Bugs:
+upstream: released (6.8-rc6) [5761eb9761d2d5fe8248a9b719efc4d8baf1f24a]
+6.7-upstream-stable: released (6.7.7) [b9433b25cb06c415c9cb24782599649a406c8d6d]
+6.6-upstream-stable: released (6.6.19) [4f5b15c15e6016efb3e14582d02cc4ddf57227df]
+6.1-upstream-stable: released (6.1.80) [3c31b18a8dd8b7bf36af1cd723d455853b8f94fe]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26745 b/retired/CVE-2024-26745
new file mode 100644
index 00000000..e5e5bf87
--- /dev/null
+++ b/retired/CVE-2024-26745
@@ -0,0 +1,16 @@
+Description: powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV
+References:
+Notes:
+ carnil> Introduced in b1fc44eaa9ba ("pseries/iommu/ddw: Fix kdump to work in absence of
+ carnil> ibm,dma-window"). Vulnerable versions: 5.18.18 5.19.2 6.0-rc1.
+Bugs:
+upstream: released (6.8-rc7) [09a3c1e46142199adcee372a420b024b4fc61051]
+6.7-upstream-stable: released (6.7.9) [5da6d306f315344af1ca2eff4bd9b10b130f0c28]
+6.6-upstream-stable: released (6.6.21) [d4d1e4b1513d975961de7bb4f75e450a92d65ebf]
+6.1-upstream-stable: released (6.1.81) [7eb95e0af5c9c2e6fad50356eaf32d216d0e7bc3]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.9-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26750 b/retired/CVE-2024-26750
new file mode 100644
index 00000000..50d0f51c
--- /dev/null
+++ b/retired/CVE-2024-26750
@@ -0,0 +1,16 @@
+Description: af_unix: Drop oob_skb ref before purging queue in GC.
+References:
+Notes:
+ carnil> Introduced in 25236c91b5ab ("af_unix: Fix task hung while purging oob_skb in
+ carnil> GC."). Vulnerable versions: 5.15.149 6.1.81 6.6.21 6.7.9 6.8-rc5.
+Bugs:
+upstream: released (6.8-rc6) [aa82ac51d63328714645c827775d64dbfd9941f3]
+6.7-upstream-stable: released (6.7.9) [43ba9e331559a30000c862eea313248707afa787]
+6.6-upstream-stable: released (6.6.21) [e9eac260369d0cf57ea53df95427125725507a0d]
+6.1-upstream-stable: released (6.1.81) [c4c795b21dd23d9514ae1c6646c3fb2c78b5be60]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.9-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26760 b/retired/CVE-2024-26760
new file mode 100644
index 00000000..6c1daa4b
--- /dev/null
+++ b/retired/CVE-2024-26760
@@ -0,0 +1,16 @@
+Description: scsi: target: pscsi: Fix bio_put() for error case
+References:
+Notes:
+ carnil> Introduced in 066ff571011d ("block: turn bio_kmalloc into a simple kmalloc
+ carnil> wrapper"). Vulnerable versions: 5.19-rc1.
+Bugs:
+upstream: released (6.8-rc6) [de959094eb2197636f7c803af0943cb9d3b35804]
+6.7-upstream-stable: released (6.7.7) [1cfe9489fb563e9a0c9cdc5ca68257a44428c2ec]
+6.6-upstream-stable: released (6.6.19) [4ebc079f0c7dcda1270843ab0f38ab4edb8f7921]
+6.1-upstream-stable: released (6.1.80) [f49b20fd0134da84a6bd8108f9e73c077b7d6231]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26761 b/retired/CVE-2024-26761
new file mode 100644
index 00000000..f0d3b910
--- /dev/null
+++ b/retired/CVE-2024-26761
@@ -0,0 +1,16 @@
+Description: cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window
+References:
+Notes:
+ carnil> Introduced in 34e37b4c432c ("cxl/port: Enable HDM Capability after validating
+ carnil> DVSEC Ranges"). Vulnerable versions: 5.19-rc1.
+Bugs:
+upstream: released (6.8-rc6) [0cab687205986491302cd2e440ef1d253031c221]
+6.7-upstream-stable: released (6.7.7) [3a3181a71935774bda2398451256d7441426420b]
+6.6-upstream-stable: released (6.6.19) [2cc1a530ab31c65b52daf3cb5d0883c8b614ea69]
+6.1-upstream-stable: released (6.1.80) [031217128990d7f0ab8c46db1afb3cf1e075fd29]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26780 b/retired/CVE-2024-26780
new file mode 100644
index 00000000..99d0e798
--- /dev/null
+++ b/retired/CVE-2024-26780
@@ -0,0 +1,17 @@
+Description: af_unix: Fix task hung while purging oob_skb in GC.
+References:
+Notes:
+ carnil> Introduced in 1279f9d9dec2 ("af_unix: Call kfree_skb() for dead
+ carnil> unix_(sk)->oob_skb in GC."). Vulnerable versions: 5.15.149 6.1.78 6.6.17 6.7.5
+ carnil> 6.8-rc4.
+Bugs:
+upstream: released (6.8-rc5) [25236c91b5ab4a26a56ba2e79b8060cf4e047839]
+6.7-upstream-stable: released (6.7.9) [cb8890318dde26fc89c6ea67d6e9070ab50b6e91]
+6.6-upstream-stable: released (6.6.21) [69e0f04460f4037e01e29f0d9675544f62aafca3]
+6.1-upstream-stable: released (6.1.81) [2a3d40b4025fcfe51b04924979f1653993b17669]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.9-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26789 b/retired/CVE-2024-26789
new file mode 100644
index 00000000..12d858d2
--- /dev/null
+++ b/retired/CVE-2024-26789
@@ -0,0 +1,16 @@
+Description: crypto: arm64/neonbs - fix out-of-bounds access on short input
+References:
+Notes:
+ carnil> Introduced in fc074e130051 ("crypto: arm64/aes-neonbs-ctr - fallback to plain
+ carnil> NEON for final chunk"). Vulnerable versions: 5.18-rc1.
+Bugs:
+upstream: released (6.8-rc7) [1c0cf6d19690141002889d72622b90fc01562ce4]
+6.7-upstream-stable: released (6.7.9) [9e8ecd4908b53941ab6f0f51584ab80c6c6606c4]
+6.6-upstream-stable: released (6.6.21) [1291d278b5574819a7266568ce4c28bce9438705]
+6.1-upstream-stable: released (6.1.81) [034e2d70b5c7f578200ad09955aeb2aa65d1164a]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.9-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26798 b/retired/CVE-2024-26798
new file mode 100644
index 00000000..2802ea73
--- /dev/null
+++ b/retired/CVE-2024-26798
@@ -0,0 +1,16 @@
+Description: fbcon: always restore the old font data in fbcon_do_set_font()
+References:
+Notes:
+ carnil> Introduced in a5a923038d70 ("fbdev: fbcon: Properly revert changes when
+ carnil> vc_resize() failed"). Vulnerable versions: 5.15.64 5.19.6 6.0-rc3.
+Bugs:
+upstream: released (6.8-rc7) [00d6a284fcf3fad1b7e1b5bc3cd87cbfb60ce03f]
+6.7-upstream-stable: released (6.7.9) [a2c881413dcc5d801bdc9535e51270cc88cb9cd8]
+6.6-upstream-stable: released (6.6.21) [73a6bd68a1342f3a44cac9dffad81ad6a003e520]
+6.1-upstream-stable: released (6.1.81) [2f91a96b892fab2f2543b4a55740c5bee36b1a6b]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.9-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26800 b/retired/CVE-2024-26800
new file mode 100644
index 00000000..03dbd34f
--- /dev/null
+++ b/retired/CVE-2024-26800
@@ -0,0 +1,16 @@
+Description: tls: fix use-after-free on failed backlog decryption
+References:
+Notes:
+ carnil> Introduced in 859054147318 ("net: tls: handle backlogging of crypto requests").
+ carnil> Vulnerable versions: 6.1.84 6.6.18 6.7.6 6.8-rc5.
+Bugs:
+upstream: released (6.8-rc7) [13114dc5543069f7b97991e3b79937b6da05f5b0]
+6.7-upstream-stable: released (6.7.9) [1ac9fb84bc7ecd4bc6428118301d9d864d2a58d1]
+6.6-upstream-stable: released (6.6.21) [81be85353b0f5a7b660635634b655329b429eefe]
+6.1-upstream-stable: released (6.1.84) [f2b85a4cc763841843de693bbd7308fe9a2c4c89]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.9-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26802 b/retired/CVE-2024-26802
new file mode 100644
index 00000000..a3b18332
--- /dev/null
+++ b/retired/CVE-2024-26802
@@ -0,0 +1,16 @@
+Description: stmmac: Clear variable when destroying workqueue
+References:
+Notes:
+ carnil> Introduced in 5a5586112b929 ("net: stmmac: support FPE link partner
+ carnil> hand-shaking procedure"). Vulnerable versions: 5.13-rc1.
+Bugs:
+upstream: released (6.8-rc7) [8af411bbba1f457c33734795f024d0ef26d0963f]
+6.7-upstream-stable: released (6.7.9) [f72cf22dccc94038cbbaa1029cb575bf52e5cbc8]
+6.6-upstream-stable: released (6.6.21) [699b103e48ce32d03fc86c35b37ee8ae4288c7e3]
+6.1-upstream-stable: released (6.1.81) [17ccd9798fe0beda3db212cfa3ebe373f605cbd6]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.9-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26803 b/retired/CVE-2024-26803
new file mode 100644
index 00000000..15a22a54
--- /dev/null
+++ b/retired/CVE-2024-26803
@@ -0,0 +1,16 @@
+Description: net: veth: clear GRO when clearing XDP even when down
+References:
+Notes:
+ carnil> Introduced in d3256efd8e8b ("veth: allow enabling NAPI even without XDP").
+ carnil> Vulnerable versions: 5.13-rc1.
+Bugs:
+upstream: released (6.8-rc7) [fe9f801355f0b47668419f30f1fac1cf4539e736]
+6.7-upstream-stable: released (6.7.9) [8f7a3894e58e6f5d5815533cfde60e3838947941]
+6.6-upstream-stable: released (6.6.21) [16edf51f33f52dff70ed455bc40a6cc443c04664]
+6.1-upstream-stable: released (6.1.81) [7985d73961bbb4e726c1be7b9cd26becc7be8325]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.9-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
-- 
cgit v1.2.3