From 14b6c0b24e722ea4281cdd186262b0b943ff8a3b Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Thu, 29 Feb 2024 19:44:07 +0100 Subject: Retire CVEs --- retired/CVE-2023-52487 | 16 ++++++++++++++++ retired/CVE-2023-52490 | 16 ++++++++++++++++ retired/CVE-2023-52495 | 16 ++++++++++++++++ retired/CVE-2023-52496 | 16 ++++++++++++++++ retired/CVE-2024-26608 | 16 ++++++++++++++++ retired/CVE-2024-26611 | 16 ++++++++++++++++ retired/CVE-2024-26612 | 16 ++++++++++++++++ retired/CVE-2024-26616 | 17 +++++++++++++++++ retired/CVE-2024-26617 | 16 ++++++++++++++++ retired/CVE-2024-26619 | 16 ++++++++++++++++ retired/CVE-2024-26620 | 16 ++++++++++++++++ 11 files changed, 177 insertions(+) create mode 100644 retired/CVE-2023-52487 create mode 100644 retired/CVE-2023-52490 create mode 100644 retired/CVE-2023-52495 create mode 100644 retired/CVE-2023-52496 create mode 100644 retired/CVE-2024-26608 create mode 100644 retired/CVE-2024-26611 create mode 100644 retired/CVE-2024-26612 create mode 100644 retired/CVE-2024-26616 create mode 100644 retired/CVE-2024-26617 create mode 100644 retired/CVE-2024-26619 create mode 100644 retired/CVE-2024-26620 (limited to 'retired') diff --git a/retired/CVE-2023-52487 b/retired/CVE-2023-52487 new file mode 100644 index 00000000..ae915003 --- /dev/null +++ b/retired/CVE-2023-52487 @@ -0,0 +1,16 @@ +Description: net/mlx5e: Fix peer flow lists handling +References: +Notes: + carnil> Introduced in 9be6c21fdcf8 ("net/mlx5e: Handle offloads flows per peer"). + carnil> Vulnerable versions: 6.5-rc1. +Bugs: +upstream: released (6.8-rc2) [d76fdd31f953ac5046555171620f2562715e9b71] +6.7-upstream-stable: released (6.7.3) [e24d6f5a7f2d95a98a46257a5a5a5381d572894f] +6.6-upstream-stable: released (6.6.15) [74cec142f89bf85c6c99c5db957da9f663f9f16f] +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.6.15-1) +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2023-52490 b/retired/CVE-2023-52490 new file mode 100644 index 00000000..d183cd64 --- /dev/null +++ b/retired/CVE-2023-52490 @@ -0,0 +1,16 @@ +Description: mm: migrate: fix getting incorrect page mapping during page migration +References: +Notes: + carnil> Introduced in 64c8902ed441 ("migrate_pages: split unmap_and_move() to _unmap() + carnil> and _move()"). Vulnerable versions: 6.3-rc1. +Bugs: +upstream: released (6.8-rc1) [d1adb25df7111de83b64655a80b5a135adbded61] +6.7-upstream-stable: released (6.7.3) [3889a418b6eb9a1113fb989aaadecf2f64964767] +6.6-upstream-stable: released (6.6.15) [9128bfbc5c80d8f4874dd0a0424d1f5fb010df1b] +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.6.15-1) +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2023-52495 b/retired/CVE-2023-52495 new file mode 100644 index 00000000..b088a3a6 --- /dev/null +++ b/retired/CVE-2023-52495 @@ -0,0 +1,16 @@ +Description: soc: qcom: pmic_glink_altmode: fix port sanity check +References: +Notes: + carnil> Introduced in 080b4e24852b ("soc: qcom: pmic_glink: Introduce altmode + carnil> support"). Vulnerable versions: 6.3-rc1. +Bugs: +upstream: released (6.8-rc1) [c4fb7d2eac9ff9bfc35a2e4d40c7169a332416e0] +6.7-upstream-stable: released (6.7.3) [d26edf4ee3672cc9828f2a3ffae34086a712574d] +6.6-upstream-stable: released (6.6.15) [532a5557da6892a6b2d5793052e1bce1f4c9e177] +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.6.15-1) +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2023-52496 b/retired/CVE-2023-52496 new file mode 100644 index 00000000..3695ecc7 --- /dev/null +++ b/retired/CVE-2023-52496 @@ -0,0 +1,16 @@ +Description: mtd: maps: vmu-flash: Fix the (mtd core) switch to ref counters +References: +Notes: + carnil> Introduced in 19bfa9ebebb5 ("mtd: use refcount to prevent corruption"). + carnil> Vulnerable versions: 6.6-rc1. +Bugs: +upstream: released (6.8-rc1) [a7d84a2e7663bbe12394cc771107e04668ea313a] +6.7-upstream-stable: released (6.7.3) [1168d6b79d2fafb41299fbc1b528e20644c562a5] +6.6-upstream-stable: released (6.6.15) [38c12f10990ad6e63ddef2f20c1b066e5e4d34fd] +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.6.15-1) +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2024-26608 b/retired/CVE-2024-26608 new file mode 100644 index 00000000..ba08fd3c --- /dev/null +++ b/retired/CVE-2024-26608 @@ -0,0 +1,16 @@ +Description: ksmbd: fix global oob in ksmbd_nl_policy +References: +Notes: + carnil> Introduced in 0626e6641f6b ("cifsd: add server handler for central processing + carnil> and tranport layers"). Vulnerable versions: 5.15-rc1. +Bugs: +upstream: released (6.8-rc2) [ebeae8adf89d9a82359f6659b1663d09beec2faa] +6.7-upstream-stable: released (6.7.3) [6993328a4cd62a24df254b587c0796a4a1eecc95] +6.6-upstream-stable: released (6.6.15) [9863a53100f47652755545c2bd43e14a1855104d] +6.1-upstream-stable: released (6.1.76) [2c939c74ef0b74e99b92e32edc2a59f9b9ca3d5a] +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.6.15-1) +6.1-bookworm-security: released (6.1.76-1) +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2024-26611 b/retired/CVE-2024-26611 new file mode 100644 index 00000000..57fc6cb3 --- /dev/null +++ b/retired/CVE-2024-26611 @@ -0,0 +1,16 @@ +Description: xsk: fix usage of multi-buffer BPF helpers for ZC XDP +References: +Notes: + carnil> Introduced in 24ea50127ecf ("xsk: support mbuf on ZC RX"). Vulnerable versions: + carnil> 6.6-rc1. +Bugs: +upstream: released (6.8-rc2) [c5114710c8ce86b8317e9b448f4fd15c711c2a82] +6.7-upstream-stable: released (6.7.3) [5cd781f7216f980207af09c5e0e1bb1eda284540] +6.6-upstream-stable: released (6.6.15) [82ee4781b8200e44669a354140d5c6bd966b8768] +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.6.15-1) +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2024-26612 b/retired/CVE-2024-26612 new file mode 100644 index 00000000..3c3e8ee8 --- /dev/null +++ b/retired/CVE-2024-26612 @@ -0,0 +1,16 @@ +Description: netfs, fscache: Prevent Oops in fscache_put_cache() +References: +Notes: + carnil> Introduced in 9549332df4ed ("fscache: Implement cache registration"). + carnil> Vulnerable versions: 5.17-rc1. +Bugs: +upstream: released (6.8-rc2) [3be0b3ed1d76c6703b9ee482b55f7e01c369cc68] +6.7-upstream-stable: released (6.7.3) [4200ad3e46ce50f410fdda302745489441bc70f0] +6.6-upstream-stable: released (6.6.15) [1c45256e599061021e2c848952e50f406457e448] +6.1-upstream-stable: released (6.1.76) [82a9bc343ba019665d3ddc1d9a180bf0e0390cf3] +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.6.15-1) +6.1-bookworm-security: released (6.1.76-1) +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2024-26616 b/retired/CVE-2024-26616 new file mode 100644 index 00000000..b22a792d --- /dev/null +++ b/retired/CVE-2024-26616 @@ -0,0 +1,17 @@ +Description: btrfs: scrub: avoid use-after-free when chunk length is not 64K aligned +References: +Notes: + carnil> Introduced in + carnil> e02ee89baa66 ("btrfs: scrub: switch scrub_simple_mirror() to scrub_stripe + carnil> infrastructure"). Vulnerable versions: 6.4-rc1. +Bugs: +upstream: released (6.8-rc2) [f546c4282673497a06ecb6190b50ae7f6c85b02f] +6.7-upstream-stable: released (6.7.3) [34de0f04684ec00c093a0455648be055f0e8e24f] +6.6-upstream-stable: released (6.6.15) [642b9c520ef2f104277ad1f902f8526edbe087fb] +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.6.15-1) +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2024-26617 b/retired/CVE-2024-26617 new file mode 100644 index 00000000..25330b57 --- /dev/null +++ b/retired/CVE-2024-26617 @@ -0,0 +1,16 @@ +Description: fs/proc/task_mmu: move mmu notification mechanism inside mm lock +References: +Notes: + carnil> Introduced in 52526ca7fdb9 ("fs/proc/task_mmu: implement IOCTL to get and + carnil> optionally clear info about PTEs"). Vulnerable versions: 6.7-rc1. +Bugs: +upstream: released (6.8-rc1) [4cccb6221cae6d020270606b9e52b1678fc8b71a] +6.7-upstream-stable: released (6.7.3) [05509adf297924f51e1493aa86f9fcde1433ed80] +6.6-upstream-stable: N/A "Vulnerable code not present" +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: N/A "Vulnerable code not present" +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2024-26619 b/retired/CVE-2024-26619 new file mode 100644 index 00000000..7540b1fe --- /dev/null +++ b/retired/CVE-2024-26619 @@ -0,0 +1,16 @@ +Description: riscv: Fix module loading free order +References: +Notes: + carnil> Introduced in d8792a5734b0 ("riscv: Safely remove entries from relocation + carnil> list"). Vulnerable versions: 6.7-rc5. +Bugs: +upstream: released (6.8-rc1) [78996eee79ebdfe8b6f0e54cb6dcc792d5129291] +6.7-upstream-stable: released (6.7.3) [2fa79badf4bfeffda6b5032cf62b828486ec9a99] +6.6-upstream-stable: N/A "Vulnerable code not present" +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: N/A "Vulnerable code not present" +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2024-26620 b/retired/CVE-2024-26620 new file mode 100644 index 00000000..fb844bf4 --- /dev/null +++ b/retired/CVE-2024-26620 @@ -0,0 +1,16 @@ +Description: s390/vfio-ap: always filter entire AP matrix +References: +Notes: + carnil> Introduced in 48cae940c31d ("s390/vfio-ap: refresh guest's APCB by filtering AP + carnil> resources assigned to mdev"). Vulnerable versions: 6.0-rc1. +Bugs: +upstream: released (6.8-rc1) [850fb7fa8c684a4c6bf0e4b6978f4ddcc5d43d11] +6.7-upstream-stable: released (6.7.3) [cdd134d56138302976685e6c7bc4755450b3880e] +6.6-upstream-stable: released (6.6.15) [c69d821197611678533fb3eb784fc823b921349a] +6.1-upstream-stable: released (6.1.76) [d6b8d034b576f406af920a7bee81606c027b24c6] +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.6.15-1) +6.1-bookworm-security: released (6.1.76-1) +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" -- cgit v1.2.3