From 26fd3dcd76257957e58f92758dc08693bd8e8f48 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 2 Jan 2024 21:01:55 +0100
Subject: Retire some CVEs

---
 retired/CVE-2023-46813 | 13 +++++++++++++
 retired/CVE-2023-46862 | 16 ++++++++++++++++
 retired/CVE-2023-5178  | 14 ++++++++++++++
 retired/CVE-2023-5197  | 16 ++++++++++++++++
 retired/CVE-2023-6531  | 19 +++++++++++++++++++
 retired/CVE-2023-6560  | 17 +++++++++++++++++
 retired/CVE-2023-6622  | 16 ++++++++++++++++
 retired/CVE-2023-6817  | 17 +++++++++++++++++
 8 files changed, 128 insertions(+)
 create mode 100644 retired/CVE-2023-46813
 create mode 100644 retired/CVE-2023-46862
 create mode 100644 retired/CVE-2023-5178
 create mode 100644 retired/CVE-2023-5197
 create mode 100644 retired/CVE-2023-6531
 create mode 100644 retired/CVE-2023-6560
 create mode 100644 retired/CVE-2023-6622
 create mode 100644 retired/CVE-2023-6817

(limited to 'retired')

diff --git a/retired/CVE-2023-46813 b/retired/CVE-2023-46813
new file mode 100644
index 00000000..44e5f681
--- /dev/null
+++ b/retired/CVE-2023-46813
@@ -0,0 +1,13 @@
+Description: SEV-ES local priv escalation for userspace that have access to MMIO regions
+References:
+ https://bugzilla.suse.com/show_bug.cgi?id=1212649
+Notes:
+Bugs:
+upstream: released (6.6-rc7) [63e44bc52047f182601e7817da969a105aa1f721, b9cb9c45583b911e0db71d09caa6b56469eb2bdf, a37cd2a59d0cb270b1bba568fd3a3b8668b9d3ba]
+6.1-upstream-stable: released (6.1.60) [57d0639f60f1ff04cbe7fd52823b94b894d7f812, def94eb9a804acdcdba5b959ad72cf9119f03f3b, 95ff590b802757f8b6bd32e7e5b21ef9b91e2583]
+5.10-upstream-stable: released (5.10.199) [6550cbe25de182f6c0176909a90b324cb375133f, 5bb9ba7dafbe18e027e335f74372ca65f07f7edd, d78c5d8c23c3f0e24168ea98760016665bf92a79]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.10-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-46862 b/retired/CVE-2023-46862
new file mode 100644
index 00000000..b9b5896c
--- /dev/null
+++ b/retired/CVE-2023-46862
@@ -0,0 +1,16 @@
+Description: io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid
+References:
+ https://bugzilla.kernel.org/show_bug.cgi?id=218032#c4
+Notes:
+ carnil> For 6.5.y fixed as well in 6.5.10.
+ carnil> Introduced with dbbe9c642411 ("io_uring: show sqthread pid and
+ carnil> cpu in fdinfo") in 5.10-rc1.
+Bugs:
+upstream: released (6.6) [7644b1a1c9a7ae8ab99175989bfc8676055edb46]
+6.1-upstream-stable: released (6.1.61) [9236d2ea6465b37c0a73d994c1ad31753d31e5f5]
+5.10-upstream-stable: released (5.10.202) [c6e8af2a8a63e0957284c16003c501e4a058e8d9]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.10-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-5178 b/retired/CVE-2023-5178
new file mode 100644
index 00000000..23b1400d
--- /dev/null
+++ b/retired/CVE-2023-5178
@@ -0,0 +1,14 @@
+Description: nvmet-tcp: Fix a possible UAF in queue intialization setup
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2241924
+ https://www.openwall.com/lists/oss-security/2023/10/15/1
+Notes:
+Bugs:
+upstream: released (6.6-rc7) [d920abd1e7c4884f9ecd0749d1921b7ab19ddfbd]
+6.1-upstream-stable: released (6.1.60) [f691ec5a548257edb3aacd952e2a574e4e57b2c4]
+5.10-upstream-stable: released (5.10.199) [e985d78bdcf37f7ef73666a43b0d2407715f00d3]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.8-1) [bugfix/all/nvmet-tcp-Fix-a-possible-UAF-in-queue-intialization-.patch]
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-5197 b/retired/CVE-2023-5197
new file mode 100644
index 00000000..a669ab8e
--- /dev/null
+++ b/retired/CVE-2023-5197
@@ -0,0 +1,16 @@
+Description: netfilter: nf_tables: disallow rule removal from chain binding
+References:
+ https://kernel.dance/f15f29fd4779be8a418b66e9d52979bb6d6c2325
+Notes:
+ carnil> Commit fixes d0e2c7de92c7 ("netfilter: nf_tables: add
+ carnil> NFT_CHAIN_BINDING") in 5.9-rc1.
+ carnil> For 6.5.y fixed as well in 6.5.6.
+Bugs:
+upstream: released (6.6-rc3) [f15f29fd4779be8a418b66e9d52979bb6d6c2325]
+6.1-upstream-stable: released (6.1.56) [9af8bb2afea3705b58fe930f97a39322f46e5b8b]
+5.10-upstream-stable: released (5.10.198) [5a03b42ae1ed646eb5f5acceff1fb2b1d85ec077]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-6531 b/retired/CVE-2023-6531
new file mode 100644
index 00000000..aea2492d
--- /dev/null
+++ b/retired/CVE-2023-6531
@@ -0,0 +1,19 @@
+Description: io_uring/af_unix: disable sending io_uring over sockets
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2253034
+Notes:
+ carnil> Commit fixes 0091bfc81741b ("io_uring/af_unix: defer registered
+ carnil> files gc to io_uring release") in 6.1-rc1 (and backported to
+ carnil> 6.0.3, 5.19.17, 5.15.75, 5.10.150 and 5.4.220).
+ carnil> For mainline there are two commits doing the same, but I have
+ carnil> not checked what happened betweeen 6.7-rc5 and 6.7-rc6 which
+ carnil> made that necessary.
+Bugs:
+upstream: released (6.7-rc5) [705318a99a138c29a512a72c3e0043b3cd7f55f4], released (6.7-rc6) [69db702c83874fbaa2a51af761e35a8e5a593b95]
+6.1-upstream-stable: released (6.1.68) [5a33d385eb36991a91e3dddb189d8679e2aac2be]
+5.10-upstream-stable: released (5.10.204) [3fe1ea5f921bf5b71cbfdc4469fb96c05936610e]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.8-1)
+6.1-bookworm-security: released (6.1.69-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-6560 b/retired/CVE-2023-6560
new file mode 100644
index 00000000..8bc3af7e
--- /dev/null
+++ b/retired/CVE-2023-6560
@@ -0,0 +1,17 @@
+Description: io_uring out of boundary memory access in __io_uaddr_map()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2253249
+ https://patchwork.kernel.org/project/io-uring/patch/20231130194633.649319-2-axboe@kernel.dk/
+Notes:
+ carnil> Commit fixes 03d89a2de25b ("io_uring: support for user
+ carnil> allocated memory for rings/sqes") in 6.5-rc1.
+ carnil> For 6.6.y fixed as well in 6.6.5.
+Bugs:
+upstream: released (6.7-rc4) [820d070feb668aab5bc9413c285a1dda2a70e076]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.8-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-6622 b/retired/CVE-2023-6622
new file mode 100644
index 00000000..a843e6e6
--- /dev/null
+++ b/retired/CVE-2023-6622
@@ -0,0 +1,16 @@
+Description: netfilter: nf_tables: bail out on mismatching dynset and set expressions
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2253632
+Notes:
+ carnil> Commit fixes 48b0ae046ee9 ("netfilter: nftables: netlink
+ carnil> support for several set element expressions") in 5.11-rc1.
+ carnil> Fixed as well in 6.6.7 for 6.6.y.
+Bugs:
+upstream: released (6.7-rc5) [3701cd390fd731ee7ae8b8006246c8db82c72bea]
+6.1-upstream-stable: released (6.1.68) [96f8654b701f772af5f358b91807ce2836ff3444]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.8-1)
+6.1-bookworm-security: released (6.1.69-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-6817 b/retired/CVE-2023-6817
new file mode 100644
index 00000000..76923ae0
--- /dev/null
+++ b/retired/CVE-2023-6817
@@ -0,0 +1,17 @@
+Description: netfilter: nft_set_pipapo: skip inactive elements during set walk
+References:
+ https://kernel.dance/317eb9685095678f2c9f5a8189de698c5354316a
+ https://www.openwall.com/lists/oss-security/2023/12/22/6
+Notes:
+ carnil> Commit fixes 3c4287f62044 ("nf_tables: Add set type for
+ carnil> arbitrary concatenation of ranges") in 5.6-rc1.
+ carnil> For 6.6.y fixed as well in 6.6.7.
+Bugs:
+upstream: released (6.7-rc5) [317eb9685095678f2c9f5a8189de698c5354316a]
+6.1-upstream-stable: released (6.1.68) [189c2a82933c67ad360c421258d5449f6647544a]
+5.10-upstream-stable: released (5.10.204) [bf72b44fe81be08a9fcd58aabf417cd3337ffc99]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.8-1)
+6.1-bookworm-security: released (6.1.69-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: N/A "Vulnerable code not present"
-- 
cgit v1.2.3