From fd8cdb05b848fa4628f42bce87a3719993030764 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Tue, 21 Jun 2022 00:09:15 +0200 Subject: Fill in status for several issues --- active/CVE-2021-33061 | 16 ++++++++++------ active/CVE-2022-1789 | 12 ++++++++---- active/CVE-2022-20154 | 6 ++++-- active/CVE-2022-20166 | 16 ++++++++++++---- active/CVE-2022-32296 | 13 +++++++------ 5 files changed, 41 insertions(+), 22 deletions(-) diff --git a/active/CVE-2021-33061 b/active/CVE-2021-33061 index bc39a399..896e2751 100644 --- a/active/CVE-2021-33061 +++ b/active/CVE-2021-33061 @@ -2,12 +2,16 @@ Description: ixgbe: add improvement for MDD response functionality References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00571.html Notes: + bwh> This appears to have been introduced in 2.6.34 by commit + bwh> 1cdd1ec87843 "ixgbe: Add SR-IOV features to main module", or else + bwh> in 3.2 by commit 83c61fa97a7d "ixgbe: Add protection from VF + bwh> invalid target DMA". Either way, all branches are affected. Bugs: upstream: released (5.18-rc1) [008ca35f6e87be1d60b6af3d1ae247c6d5c2531d] -5.10-upstream-stable: -4.19-upstream-stable: -4.9-upstream-stable: +5.10-upstream-stable: needed +4.19-upstream-stable: needed +4.9-upstream-stable: needed sid: released (5.18.2-1) -5.10-bullseye-security: -4.19-buster-security: -4.9-stretch-security: +5.10-bullseye-security: needed +4.19-buster-security: needed +4.9-stretch-security: needed diff --git a/active/CVE-2022-1789 b/active/CVE-2022-1789 index 97bb5db0..7378b6e8 100644 --- a/active/CVE-2022-1789 +++ b/active/CVE-2022-1789 @@ -3,12 +3,16 @@ References: https://www.openwall.com/lists/oss-security/2022/05/25/2 Notes: carnil> Fixed in 5.17.12 for 5.17.y. + bwh> This appears to have been introduced in 5.8 by commit 5efac0741ce2 + bwh> "KVM: x86: introduce kvm_mmu_invalidate_gva", as before that + bwh> the invlpg function pointer would not be set to NULL when paging + bwh> was disabled. Bugs: upstream: released (5.18) [9f46c187e2e680ecd9de7983e4d081c3391acc76] 5.10-upstream-stable: released (5.10.119) [9b4aa0d80b18b9d19e62dd47d22e274ce92cdc95] -4.19-upstream-stable: -4.9-upstream-stable: +4.19-upstream-stable: N/A "Vulnerability introduced later" +4.9-upstream-stable: N/A "Vulnerability introduced later" sid: released (5.17.11-1) [bugfix/x86/KVM-x86-mmu-fix-NULL-pointer-dereference-on-guest-IN.patch] 5.10-bullseye-security: released (5.10.120-1) -4.19-buster-security: -4.9-stretch-security: +4.19-buster-security: N/A "Vulnerability introduced later" +4.9-stretch-security: N/A "Vulnerability introduced later" diff --git a/active/CVE-2022-20154 b/active/CVE-2022-20154 index ad1f1d83..955029ff 100644 --- a/active/CVE-2022-20154 +++ b/active/CVE-2022-20154 @@ -2,12 +2,14 @@ Description: sctp: use call_rcu to free endpoint References: https://source.android.com/security/bulletin/pixel/2022-06-01 Notes: + bwh> Introdued in 4.14 by commit d25adbeb0cdb "sctp: fix an + bwh> use-after-free issue in sctp_sock_dump". Bugs: upstream: released (5.16-rc8) [5ec7d18d1813a5bead0b495045606c93873aecbb] 5.10-upstream-stable: released (5.10.90) [769d14abd35e0e153b5149c3e1e989a9d719e3ff] 4.19-upstream-stable: released (4.19.224) [af6e6e58f7ebf86b4e7201694b1e4f3a62cbc3ec] -4.9-upstream-stable: +4.9-upstream-stable: N/A "Vulnerability introduced later" sid: released (5.15.15-1) 5.10-bullseye-security: released (5.10.92-1) 4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: +4.9-stretch-security: N/A "Vulnerability introduced later" diff --git a/active/CVE-2022-20166 b/active/CVE-2022-20166 index d13c8ae2..3c96d5de 100644 --- a/active/CVE-2022-20166 +++ b/active/CVE-2022-20166 @@ -1,13 +1,21 @@ Description: drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions References: https://source.android.com/security/bulletin/pixel/2022-06-01 + https://android.googlesource.com/kernel/common/+/37c7c8d4f0856ca30c2583adead91f42711f9c2f%5E%21/ Notes: + bwh> Based on the Android backport of this, the specific case where a + bwh> buffer overflow was possible must be in the name attribute of a + bwh> wakeup_source. This code was introduced in 5.4 by commit + bwh> c8377adfa781 "PM / wakeup: Show wakeup sources stats in sysfs". + bwh> If wakelocks are enabled (CONFIG_PM_WAKELOCKS=y) then user-space + bwh> can create a wakeup_source with an arbitrary name. However, we + bwh> never enabled this. Bugs: upstream: released (5.10-rc1) [aa838896d87af561a33ecefea1caa4c15a68bc47] 5.10-upstream-stable: N/A "Fixed before branching point" -4.19-upstream-stable: -4.9-upstream-stable: +4.19-upstream-stable: N/A "Vulnerable code not present" +4.9-upstream-stable: N/A "Vulnerable code not present" sid: released (5.10.4-1) 5.10-bullseye-security: N/A "Fixed before branching point" -4.19-buster-security: -4.9-stretch-security: +4.19-buster-security: N/A "Vulnerable code not present" +4.9-stretch-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2022-32296 b/active/CVE-2022-32296 index 91b226d9..7ba64f83 100644 --- a/active/CVE-2022-32296 +++ b/active/CVE-2022-32296 @@ -1,12 +1,13 @@ Description: tcp: increase source port perturb table to 2^16 References: Notes: + bwh> This seems to be a duplicate of CVE-2022-1012. Bugs: upstream: released (5.18-rc6) [4c2c8f03a5ab7cb04ec64724d7d176d00bcc91e5] -5.10-upstream-stable: -4.19-upstream-stable: -4.9-upstream-stable: +5.10-upstream-stable: needed +4.19-upstream-stable: needed +4.9-upstream-stable: needed sid: released (5.17.11-1) -5.10-bullseye-security: -4.19-buster-security: -4.9-stretch-security: +5.10-bullseye-security: needed +4.19-buster-security: needed +4.9-stretch-security: needed -- cgit v1.2.3