From 62bda9a103e19908f3af0046dd2c83ee6d85637c Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Sat, 24 Feb 2024 16:40:23 +0100 Subject: Retire several CVEs --- retired/CVE-2023-52453 | 16 ++++++++++++++++ retired/CVE-2023-52454 | 16 ++++++++++++++++ retired/CVE-2023-52455 | 16 ++++++++++++++++ retired/CVE-2023-52456 | 16 ++++++++++++++++ retired/CVE-2023-52457 | 17 +++++++++++++++++ retired/CVE-2023-52459 | 16 ++++++++++++++++ retired/CVE-2023-52460 | 16 ++++++++++++++++ retired/CVE-2023-52461 | 16 ++++++++++++++++ retired/CVE-2023-52462 | 16 ++++++++++++++++ retired/CVE-2023-52463 | 16 ++++++++++++++++ retired/CVE-2024-26599 | 16 ++++++++++++++++ 11 files changed, 177 insertions(+) create mode 100644 retired/CVE-2023-52453 create mode 100644 retired/CVE-2023-52454 create mode 100644 retired/CVE-2023-52455 create mode 100644 retired/CVE-2023-52456 create mode 100644 retired/CVE-2023-52457 create mode 100644 retired/CVE-2023-52459 create mode 100644 retired/CVE-2023-52460 create mode 100644 retired/CVE-2023-52461 create mode 100644 retired/CVE-2023-52462 create mode 100644 retired/CVE-2023-52463 create mode 100644 retired/CVE-2024-26599 (limited to 'retired') diff --git a/retired/CVE-2023-52453 b/retired/CVE-2023-52453 new file mode 100644 index 00000000..8ff00f9f --- /dev/null +++ b/retired/CVE-2023-52453 @@ -0,0 +1,16 @@ +Description: hisi_acc_vfio_pci: Update migration data pointer correctly on saving/resume +References: +Notes: + ksecbot> Commit fixes d9a871e4a143 ("hisi_acc_vfio_pci: Introduce + ksecbot> support for PRE_COPY state transitions") in 6.2-rc1. +Bugs: +upstream: released (6.8-rc1) [be12ad45e15b5ee0e2526a50266ba1d295d26a88] +6.7-upstream-stable: released (6.7.2) [6bda81e24a35a856f58e6a5786de579b07371603] +6.6-upstream-stable: released (6.6.14) [45f80b2f230df10600e6fa1b83b28bf1c334185e] +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.6.15-1) +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2023-52454 b/retired/CVE-2023-52454 new file mode 100644 index 00000000..febef743 --- /dev/null +++ b/retired/CVE-2023-52454 @@ -0,0 +1,16 @@ +Description: nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length +References: +Notes: + carnil> Commit fixes 872d26a391da ("nvmet-tcp: add NVMe over TCP target + carnil> driver") 5.0-rc1. +Bugs: +upstream: released (6.8-rc1) [efa56305908ba20de2104f1b8508c6a7401833be] +6.7-upstream-stable: released (6.7.2) [70154e8d015c9b4fb56c1a2ef1fc8b83d45c7f68] +6.6-upstream-stable: released (6.6.14) [24e05760186dc070d3db190ca61efdbce23afc88] +6.1-upstream-stable: released (6.1.75) [2871aa407007f6f531fae181ad252486e022df42] +5.10-upstream-stable: released (5.10.209) [f775f2621c2ac5cc3a0b3a64665dad4fb146e510] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.6.15-1) +6.1-bookworm-security: released (6.1.76-1) +5.10-bullseye-security: released (5.10.209-1) +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2023-52455 b/retired/CVE-2023-52455 new file mode 100644 index 00000000..002049f3 --- /dev/null +++ b/retired/CVE-2023-52455 @@ -0,0 +1,16 @@ +Description: iommu: Don't reserve 0-length IOVA region +References: +Notes: + carnil> Commit fixes a5bf3cfce8cb ("iommu: Implement + carnil> of_iommu_get_resv_regions()") in 6.3-rc1. +Bugs: +upstream: released (6.8-rc1) [bb57f6705960bebeb832142ce9abf43220c3eab1] +6.7-upstream-stable: released (6.7.2) [5e23e283910c9f30248732ae0770bcb0c9438abf] +6.6-upstream-stable: released (6.6.14) [98b8a550da83cc392a14298c4b3eaaf0332ae6ad] +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.6.15-1) +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2023-52456 b/retired/CVE-2023-52456 new file mode 100644 index 00000000..67375b46 --- /dev/null +++ b/retired/CVE-2023-52456 @@ -0,0 +1,16 @@ +Description: serial: imx: fix tx statemachine deadlock +References: +Notes: + carnil> Commit fixes cb1a60923609 ("serial: imx: implement rts delaying + carnil> for rs485") in 5.9-rc1. +Bugs: +upstream: released (6.8-rc1) [78d60dae9a0c9f09aa3d6477c94047df2fe6f7b0] +6.7-upstream-stable: released (6.7.2) [9a662d06c22ddfa371958c2071dc350436be802b] +6.6-upstream-stable: released (6.6.14) [763cd68746317b5d746dc2649a3295c1efb41181] +6.1-upstream-stable: released (6.1.75) [63ee7be01a3f7d28b1ea8b8d7944f12bb7b0ed06] +5.10-upstream-stable: released (5.10.209) [6e04a9d30509fb53ba6df5d655ed61d607a7cfda] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.6.15-1) +6.1-bookworm-security: released (6.1.76-1) +5.10-bullseye-security: released (5.10.209-1) +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2023-52457 b/retired/CVE-2023-52457 new file mode 100644 index 00000000..4da35150 --- /dev/null +++ b/retired/CVE-2023-52457 @@ -0,0 +1,17 @@ +Description: serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed +References: +Notes: + carnil> Introduced in e3f0c638f428 ("serial: 8250: omap: Fix unpaired + carnil> pm_runtime_put_sync() in omap8250_remove()"). Vulnerable versions: 5.4.225 + carnil> 5.10.156 5.15.80 6.0.10 6.1-rc6. +Bugs: +upstream: released (6.8-rc1) [ad90d0358bd3b4554f243a425168fc7cebe7d04e] +6.7-upstream-stable: released (6.7.2) [95e4e0031effad9837af557ecbfd4294a4d8aeee] +6.6-upstream-stable: released (6.6.14) [887a558d0298d36297daea039954c39940228d9b] +6.1-upstream-stable: released (6.1.75) [d74173bda29aba58f822175d983d07c8ed335494] +5.10-upstream-stable: released (5.10.209) [bc57f3ef8a9eb0180606696f586a6dcfaa175ed0] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.6.15-1) +6.1-bookworm-security: released (6.1.76-1) +5.10-bullseye-security: released (5.10.209-1) +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2023-52459 b/retired/CVE-2023-52459 new file mode 100644 index 00000000..237ed942 --- /dev/null +++ b/retired/CVE-2023-52459 @@ -0,0 +1,16 @@ +Description: media: v4l: async: Fix duplicated list deletion +References: +Notes: + carnil> Commit fixes 28a1295795d8 ("media: v4l: async: Allow multiple + carnil> connections between entities") in 6.6-rc1. +Bugs: +upstream: released (6.8-rc1) [3de6ee94aae701fa949cd3b5df6b6a440ddfb8f2] +6.7-upstream-stable: released (6.7.2) [49d82811428469566667f22749610b8c132cdb3e] +6.6-upstream-stable: released (6.6.14) [b7062628caeaec90e8f691ebab2d70f31b7b6b91] +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.6.15-1) +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2023-52460 b/retired/CVE-2023-52460 new file mode 100644 index 00000000..1fd6acc0 --- /dev/null +++ b/retired/CVE-2023-52460 @@ -0,0 +1,16 @@ +Description: drm/amd/display: Fix NULL pointer dereference at hibernate +References: +Notes: + carnil> Commit fixes 7966f319c66d ("drm/amd/display: Introduce DML2") + carnil> in 6.7-rc1. +Bugs: +upstream: released (6.8-rc1) [b719a9c15d52d4f56bdea8241a5d90fd9197ce99] +6.7-upstream-stable: released (6.7.2) [6b80326efff093d037e0971831dca6ebddba9b45] +6.6-upstream-stable: N/A "Vulnerable code not present" +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: N/A "Vulnerable code not present" +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2023-52461 b/retired/CVE-2023-52461 new file mode 100644 index 00000000..feb497c7 --- /dev/null +++ b/retired/CVE-2023-52461 @@ -0,0 +1,16 @@ +Description: drm/sched: Fix bounds limiting when given a malformed entity +References: +Notes: + carnil> Commit fixes 56e449603f0ac5 ("drm/sched: Convert the GPU + carnil> scheduler to variable number of run-queues") in 6.7-rc1. +Bugs: +upstream: released (6.8-rc1) [2bbe6ab2be53858507f11f99f856846d04765ae3] +6.7-upstream-stable: released (6.7.2) [1470d173925d697b497656b93f7c5bddae2e64b2] +6.6-upstream-stable: N/A "Vulnerable code not present" +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: N/A "Vulnerable code not present" +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2023-52462 b/retired/CVE-2023-52462 new file mode 100644 index 00000000..bc8e940d --- /dev/null +++ b/retired/CVE-2023-52462 @@ -0,0 +1,16 @@ +Description: bpf: fix check for attempt to corrupt spilled pointer +References: +Notes: + carnil> Commit fixes 27113c59b6d0 ("bpf: Check the other end of + carnil> slot_type for STACK_SPILL") in 5.16-rc1 and 5.10.163. +Bugs: +upstream: released (6.8-rc1) [ab125ed3ec1c10ccc36bc98c7a4256ad114a3dae] +6.7-upstream-stable: released (6.7.2) [40617d45ea05535105e202a8a819e388a2b1f036] +6.6-upstream-stable: released (6.6.14) [8dc15b0670594543c356567a1a45b0182ec63174] +6.1-upstream-stable: released (6.1.75) [fc3e3c50a0a4cac1463967c110686189e4a59104] +5.10-upstream-stable: released (5.10.209) [2757f17972d87773b3677777f5682510f13c66ef] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.6.15-1) +6.1-bookworm-security: released (6.1.76-1) +5.10-bullseye-security: released (5.10.209-1) +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2023-52463 b/retired/CVE-2023-52463 new file mode 100644 index 00000000..9a4f2a74 --- /dev/null +++ b/retired/CVE-2023-52463 @@ -0,0 +1,16 @@ +Description: efivarfs: force RO when remounting if SetVariable is not supported +References: +Notes: + carnil> Commit fixes f88814cc2578 ("efi/efivars: Expose RT service + carnil> availability via efivars abstraction") in 5.8-rc7 (and 5.7.11) +Bugs: +upstream: released (6.8-rc1) [0e8d2444168dd519fea501599d150e62718ed2fe] +6.7-upstream-stable: released (6.7.2) [d4a714873db0866cc471521114eeac4a5072d548] +6.6-upstream-stable: released (6.6.14) [0049fe7e4a85849bdd778cdb72e51a791ff3d737] +6.1-upstream-stable: released (6.1.75) [d4a9aa7db574a0da64307729cc031fb68597aa8b] +5.10-upstream-stable: released (5.10.209) [94c742324ed7e42c5bd6a9ed22e4ec6d764db4d8] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.6.15-1) +6.1-bookworm-security: released (6.1.76-1) +5.10-bullseye-security: released (5.10.209-1) +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2024-26599 b/retired/CVE-2024-26599 new file mode 100644 index 00000000..267ed3fc --- /dev/null +++ b/retired/CVE-2024-26599 @@ -0,0 +1,16 @@ +Description: pwm: Fix out-of-bounds access in of_pwm_single_xlate() +References: +Notes: + carnil> Commit fixes 3ab7b6ac5d82 ("pwm: Introduce single-PWM of_xlate + carnil> function") in 5.17-rc1. +Bugs: +upstream: released (6.8-rc1) [a297d07b9a1e4fb8cda25a4a2363a507d294b7c9] +6.7-upstream-stable: released (6.7.2) [bae45b7ebb31984b63b13c3519fd724b3ce92123] +6.6-upstream-stable: released (6.6.14) [e5f2b4b62977fb6c2efcbc5779e0c9dce18215f7] +6.1-upstream-stable: released (6.1.75) [7b85554c7c2aee91171e038e4d5442ffa130b282] +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.6.15-1) +6.1-bookworm-security: released (6.1.76-1) +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" -- cgit v1.2.3