From 66ca01dc952b2c98d592f0a7bebcaa98cca3f343 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sun, 3 Mar 2024 08:13:47 +0100
Subject: Retire several CVEs

---
 retired/CVE-2023-52499 | 16 ++++++++++++++++
 retired/CVE-2023-52502 | 16 ++++++++++++++++
 retired/CVE-2023-52503 | 16 ++++++++++++++++
 retired/CVE-2023-52504 | 16 ++++++++++++++++
 retired/CVE-2023-52505 | 16 ++++++++++++++++
 retired/CVE-2023-52507 | 16 ++++++++++++++++
 retired/CVE-2023-52510 | 16 ++++++++++++++++
 retired/CVE-2023-52512 | 16 ++++++++++++++++
 retired/CVE-2023-52513 | 16 ++++++++++++++++
 retired/CVE-2023-52518 | 16 ++++++++++++++++
 retired/CVE-2023-52519 | 16 ++++++++++++++++
 retired/CVE-2023-52520 | 16 ++++++++++++++++
 retired/CVE-2023-52523 | 16 ++++++++++++++++
 retired/CVE-2023-52524 | 17 +++++++++++++++++
 retired/CVE-2023-52525 | 17 +++++++++++++++++
 retired/CVE-2023-52526 | 16 ++++++++++++++++
 retired/CVE-2023-52527 | 16 ++++++++++++++++
 retired/CVE-2023-52528 | 17 +++++++++++++++++
 retired/CVE-2023-52529 | 16 ++++++++++++++++
 retired/CVE-2023-52532 | 16 ++++++++++++++++
 retired/CVE-2023-52559 | 16 ++++++++++++++++
 retired/CVE-2023-52560 | 16 ++++++++++++++++
 retired/CVE-2023-52562 | 17 +++++++++++++++++
 retired/CVE-2023-52563 | 16 ++++++++++++++++
 retired/CVE-2023-52564 | 17 +++++++++++++++++
 retired/CVE-2023-52565 | 16 ++++++++++++++++
 retired/CVE-2023-52566 | 16 ++++++++++++++++
 retired/CVE-2023-52567 | 17 +++++++++++++++++
 retired/CVE-2023-52568 | 16 ++++++++++++++++
 retired/CVE-2023-52570 | 16 ++++++++++++++++
 retired/CVE-2023-52571 | 16 ++++++++++++++++
 retired/CVE-2023-52573 | 16 ++++++++++++++++
 retired/CVE-2023-52574 | 16 ++++++++++++++++
 retired/CVE-2023-52575 | 16 ++++++++++++++++
 retired/CVE-2023-52576 | 16 ++++++++++++++++
 retired/CVE-2023-52577 | 17 +++++++++++++++++
 retired/CVE-2023-52578 | 16 ++++++++++++++++
 retired/CVE-2023-52579 | 16 ++++++++++++++++
 retired/CVE-2023-52580 | 16 ++++++++++++++++
 retired/CVE-2023-52581 | 17 +++++++++++++++++
 retired/CVE-2023-52582 | 16 ++++++++++++++++
 retired/CVE-2024-26604 | 16 ++++++++++++++++
 retired/CVE-2024-26621 | 16 ++++++++++++++++
 43 files changed, 696 insertions(+)
 create mode 100644 retired/CVE-2023-52499
 create mode 100644 retired/CVE-2023-52502
 create mode 100644 retired/CVE-2023-52503
 create mode 100644 retired/CVE-2023-52504
 create mode 100644 retired/CVE-2023-52505
 create mode 100644 retired/CVE-2023-52507
 create mode 100644 retired/CVE-2023-52510
 create mode 100644 retired/CVE-2023-52512
 create mode 100644 retired/CVE-2023-52513
 create mode 100644 retired/CVE-2023-52518
 create mode 100644 retired/CVE-2023-52519
 create mode 100644 retired/CVE-2023-52520
 create mode 100644 retired/CVE-2023-52523
 create mode 100644 retired/CVE-2023-52524
 create mode 100644 retired/CVE-2023-52525
 create mode 100644 retired/CVE-2023-52526
 create mode 100644 retired/CVE-2023-52527
 create mode 100644 retired/CVE-2023-52528
 create mode 100644 retired/CVE-2023-52529
 create mode 100644 retired/CVE-2023-52532
 create mode 100644 retired/CVE-2023-52559
 create mode 100644 retired/CVE-2023-52560
 create mode 100644 retired/CVE-2023-52562
 create mode 100644 retired/CVE-2023-52563
 create mode 100644 retired/CVE-2023-52564
 create mode 100644 retired/CVE-2023-52565
 create mode 100644 retired/CVE-2023-52566
 create mode 100644 retired/CVE-2023-52567
 create mode 100644 retired/CVE-2023-52568
 create mode 100644 retired/CVE-2023-52570
 create mode 100644 retired/CVE-2023-52571
 create mode 100644 retired/CVE-2023-52573
 create mode 100644 retired/CVE-2023-52574
 create mode 100644 retired/CVE-2023-52575
 create mode 100644 retired/CVE-2023-52576
 create mode 100644 retired/CVE-2023-52577
 create mode 100644 retired/CVE-2023-52578
 create mode 100644 retired/CVE-2023-52579
 create mode 100644 retired/CVE-2023-52580
 create mode 100644 retired/CVE-2023-52581
 create mode 100644 retired/CVE-2023-52582
 create mode 100644 retired/CVE-2024-26604
 create mode 100644 retired/CVE-2024-26621

(limited to 'retired')

diff --git a/retired/CVE-2023-52499 b/retired/CVE-2023-52499
new file mode 100644
index 00000000..c0aba053
--- /dev/null
+++ b/retired/CVE-2023-52499
@@ -0,0 +1,16 @@
+Description: powerpc/47x: Fix 47x syscall return crash
+References:
+Notes:
+ carnil> Introduced in 6f76a01173cc ("powerpc/syscall: implement system call entry/exit
+ carnil> logic in C for PPC32"). Vulnerable versions: 5.12-rc1.
+Bugs:
+upstream: released (6.6-rc6) [f0eee815babed70a749d2496a7678be5b45b4c14]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.59) [8ac2689502f986a46f4221e239d4ff2897f1ccb3]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52502 b/retired/CVE-2023-52502
new file mode 100644
index 00000000..c8427a31
--- /dev/null
+++ b/retired/CVE-2023-52502
@@ -0,0 +1,16 @@
+Description: net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()
+References:
+Notes:
+ carnil> Introduced in 8f50020ed9b8 ("NFC: LLCP late binding"). Vulnerable versions:
+ carnil> 3.6-rc1.
+Bugs:
+upstream: released (6.6-rc6) [31c07dffafce914c1d1543c135382a11ff058d93]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.59) [e4f2611f07c87b3ddb57c4b9e8efcd1e330fc3dc]
+5.10-upstream-stable: released (5.10.199) [6ac22ecdaad2ecc662048f8c6b0ceb1ca0699ef9]
+4.19-upstream-stable: released (4.19.297) [e863f5720a5680e50c4cecf12424d7cc31b3eb0a]
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-52503 b/retired/CVE-2023-52503
new file mode 100644
index 00000000..390f140e
--- /dev/null
+++ b/retired/CVE-2023-52503
@@ -0,0 +1,16 @@
+Description: tee: amdtee: fix use-after-free vulnerability in amdtee_close_session
+References:
+Notes:
+ carnil> Introduced in 757cc3e9ff1d ("tee: add AMD-TEE driver"). Vulnerable versions:
+ carnil> 5.6-rc1.
+Bugs:
+upstream: released (6.6-rc6) [f4384b3e54ea813868bb81a861bf5b2406e15d8f]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.59) [60c3e7a00db954947c265b55099c21b216f2a05c]
+5.10-upstream-stable: released (5.10.199) [da7ce52a2f6c468946195b116615297d3d113a27]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52504 b/retired/CVE-2023-52504
new file mode 100644
index 00000000..de85a9d3
--- /dev/null
+++ b/retired/CVE-2023-52504
@@ -0,0 +1,16 @@
+Description: x86/alternatives: Disable KASAN in apply_alternatives()
+References:
+Notes:
+ carnil> Introduced in 6657fca06e3f ("x86/mm: Allow to boot without LA57 if
+ carnil> CONFIG_X86_5LEVEL=y"). Vulnerable versions: 4.17-rc1.
+Bugs:
+upstream: released (6.6-rc6) [d35652a5fc9944784f6f50a5c979518ff8dacf61]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.59) [5b784489c8158518bf7a466bb3cc045b0fb66b4b]
+5.10-upstream-stable: released (5.10.199) [6788b10620ca6e98575d1e06e72a8974aad7657e]
+4.19-upstream-stable: released (4.19.297) [3719d3c36aa853d5a2401af9f8d6b116c91ad5ae]
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-52505 b/retired/CVE-2023-52505
new file mode 100644
index 00000000..4b3374eb
--- /dev/null
+++ b/retired/CVE-2023-52505
@@ -0,0 +1,16 @@
+Description: phy: lynx-28g: serialize concurrent phy_set_mode_ext() calls to shared registers
+References:
+Notes:
+ carnil> Introduced in 8f73b37cf3fb ("phy: add support for the Layerscape SerDes 28G").
+ carnil> Vulnerable versions: 5.18-rc1.
+Bugs:
+upstream: released (6.6-rc6) [139ad1143151a07be93bf741d4ea7c89e59f89ce]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.59) [6f901f8448c6b25ed843796b114471d2a3fc5dfb]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52507 b/retired/CVE-2023-52507
new file mode 100644
index 00000000..c8221600
--- /dev/null
+++ b/retired/CVE-2023-52507
@@ -0,0 +1,16 @@
+Description: nfc: nci: assert requested protocol is valid
+References:
+Notes:
+ carnil> Introduced in 6a2968aaf50c ("NFC: basic NCI protocol implementation").
+ carnil> Vulnerable versions: 3.2-rc1.
+Bugs:
+upstream: released (6.6-rc6) [354a6e707e29cb0c007176ee5b8db8be7bd2dee0]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.59) [853dda54ba59ea70d5580a298b7ede4707826848]
+5.10-upstream-stable: released (5.10.199) [a424807d860ba816aaafc3064b46b456361c0802]
+4.19-upstream-stable: released (4.19.297) [a686f84101680b8442181a8846fbd3c934653729]
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-52510 b/retired/CVE-2023-52510
new file mode 100644
index 00000000..15312fd9
--- /dev/null
+++ b/retired/CVE-2023-52510
@@ -0,0 +1,16 @@
+Description: ieee802154: ca8210: Fix a potential UAF in ca8210_probe
+References:
+Notes:
+ carnil> Introduced in ded845a781a5 ("ieee802154: Add CA8210 IEEE 802.15.4 device
+ carnil> driver"). Vulnerable versions: 4.12-rc1.
+Bugs:
+upstream: released (6.6-rc6) [f990874b1c98fe8e57ee9385669f501822979258]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.59) [217efe32a45249eb07dcd7197e8403de98345e66]
+5.10-upstream-stable: released (5.10.199) [55e06850c7894f00d41b767c5f5665459f83f58f]
+4.19-upstream-stable: released (4.19.297) [cdb46be93c1f7bbf2c4649e9fc5fb147cfb5245d]
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-52512 b/retired/CVE-2023-52512
new file mode 100644
index 00000000..e492a27d
--- /dev/null
+++ b/retired/CVE-2023-52512
@@ -0,0 +1,16 @@
+Description: pinctrl: nuvoton: wpcm450: fix out of bounds write
+References:
+Notes:
+ carnil> Introduced in a1d1e0e3d80a ("pinctrl: nuvoton: Add driver for WPCM450").
+ carnil> Vulnerable versions: 5.18-rc1.
+Bugs:
+upstream: released (6.6-rc6) [87d315a34133edcb29c4cadbf196ec6c30dfd47b]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.59) [6c18c386fd13dbb3ff31a1086dabb526780d9bda]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52513 b/retired/CVE-2023-52513
new file mode 100644
index 00000000..c6693f28
--- /dev/null
+++ b/retired/CVE-2023-52513
@@ -0,0 +1,16 @@
+Description: RDMA/siw: Fix connection failure handling
+References:
+Notes:
+ carnil> Introduced in 6c52fdc244b5 ("rdma/siw: connection management"). Vulnerable
+ carnil> versions: 5.3-rc1.
+Bugs:
+upstream: released (6.6-rc5) [53a3f777049771496f791504e7dc8ef017cba590]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.57) [5cf38e638e5d01b68f9133968a85e8b3fd1ecf2f]
+5.10-upstream-stable: released (5.10.198) [0d520cdb0cd095eac5d00078dfd318408c9b5eed]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52518 b/retired/CVE-2023-52518
new file mode 100644
index 00000000..9716687b
--- /dev/null
+++ b/retired/CVE-2023-52518
@@ -0,0 +1,16 @@
+Description: Bluetooth: hci_codec: Fix leaking content of local_codecs
+References:
+Notes:
+ carnil> Introduced in 8961987f3f5f ("Bluetooth: Enumerate local supported codec and
+ carnil> cache details"). Vulnerable versions: 5.16-rc1.
+Bugs:
+upstream: released (6.6-rc5) [b938790e70540bf4f2e653dcd74b232494d06c8f]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.57) [626535077ba9dc110787540d1fe24881094c15a1]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52519 b/retired/CVE-2023-52519
new file mode 100644
index 00000000..2e652f89
--- /dev/null
+++ b/retired/CVE-2023-52519
@@ -0,0 +1,16 @@
+Description: HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit
+References:
+Notes:
+ carnil> Introduced in 2e23a70edabe ("HID: intel-ish-hid: ipc: finish power flow for EHL
+ carnil> OOB"). Vulnerable versions: 5.12-rc1.
+Bugs:
+upstream: released (6.6-rc5) [8f02139ad9a7e6e5c05712f8c1501eebed8eacfd]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.57) [cdcc04e844a2d22d9d25cef1e8e504a174ea9f8f]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52520 b/retired/CVE-2023-52520
new file mode 100644
index 00000000..d7fd7d86
--- /dev/null
+++ b/retired/CVE-2023-52520
@@ -0,0 +1,16 @@
+Description: platform/x86: think-lmi: Fix reference leak
+References:
+Notes:
+ carnil> Introduced in 1bcad8e510b2 ("platform/x86: think-lmi: Fix issues with duplicate
+ carnil> attributes"). Vulnerable versions: 5.14-rc1.
+Bugs:
+upstream: released (6.6-rc5) [528ab3e605cabf2f9c9bd5944d3bfe15f6e94f81]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.59) [af21c9119a37cecb7ff27ce0c2f3cf721e9d0ec4]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52523 b/retired/CVE-2023-52523
new file mode 100644
index 00000000..9743e686
--- /dev/null
+++ b/retired/CVE-2023-52523
@@ -0,0 +1,16 @@
+Description: bpf, sockmap: Reject sk_msg egress redirects to non-TCP sockets
+References:
+Notes:
+ carnil> Introduced in 122e6c79efe1 ("sock_map: Update sock type checks for UDP").
+ carnil> Vulnerable versions: 5.13-rc1.
+Bugs:
+upstream: released (6.6-rc5) [b80e31baa43614e086a9d29dc1151932b1bd7fc5]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.57) [b8f97e47b6fb84fcf2f5a22e725eefb6cf5070c2]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52524 b/retired/CVE-2023-52524
new file mode 100644
index 00000000..6d1a339a
--- /dev/null
+++ b/retired/CVE-2023-52524
@@ -0,0 +1,17 @@
+Description: net: nfc: llcp: Add lock when modifying device list
+References:
+Notes:
+ carnil> Introduced in 6709d4b7bc2e ("net: nfc: Fix use-after-free caused by
+ carnil> nfc_llcp_find_local"). Vulnerable versions: 5.4.251 5.10.188 5.15.121 6.1.39
+ carnil> 6.3.13 6.4.4 6.5-rc1.
+Bugs:
+upstream: released (6.6-rc5) [dfc7f7a988dad34c3bf4c053124fb26aa6c5f916]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.57) [7562780e32b84196731d57dd24563546fcf6d082]
+5.10-upstream-stable: released (5.10.198) [dba849cc98113b145c6e720122942c00b8012bdb]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52525 b/retired/CVE-2023-52525
new file mode 100644
index 00000000..03229cd2
--- /dev/null
+++ b/retired/CVE-2023-52525
@@ -0,0 +1,17 @@
+Description: wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet
+References:
+Notes:
+ carnil> Introduced in 119585281617 ("wifi: mwifiex: Fix OOB and integer underflow when
+ carnil> rx packets"). Vulnerable versions: 4.14.326 4.19.295 5.4.257 5.10.195 5.15.132
+ carnil> 6.1.53 6.4.16 6.5.3 6.6-rc1.
+Bugs:
+upstream: released (6.6-rc5) [aef7a0300047e7b4707ea0411dc9597cba108fc8]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.57) [6b706286473db4fd54b5f869faa67f4a8cb18e99]
+5.10-upstream-stable: released (5.10.198) [10a18c8bac7f60d32b7af22da03b66f350beee38]
+4.19-upstream-stable: released (4.19.296) [16cc18b9080892d1a0200a38e36ae52e464bc555]
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-52526 b/retired/CVE-2023-52526
new file mode 100644
index 00000000..f35ab01f
--- /dev/null
+++ b/retired/CVE-2023-52526
@@ -0,0 +1,16 @@
+Description: erofs: fix memory leak of LZMA global compressed deduplication
+References:
+Notes:
+ carnil> Introduced in 5c2a64252c5d ("erofs: introduce partial-referenced pclusters").
+ carnil> Vulnerable versions: 6.1-rc1.
+Bugs:
+upstream: released (6.6-rc5) [75a5221630fe5aa3fedba7a06be618db0f79ba1e]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.57) [6a5a8f0a9740f865693d5aa97a42cc4504538e18]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52527 b/retired/CVE-2023-52527
new file mode 100644
index 00000000..63fc02c1
--- /dev/null
+++ b/retired/CVE-2023-52527
@@ -0,0 +1,16 @@
+Description: ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data()
+References:
+Notes:
+ carnil> Introduced in a32e0eec7042 ("l2tp: introduce L2TPv3 IP encapsulation support
+ carnil> for IPv6"). Vulnerable versions: 3.5-rc1.
+Bugs:
+upstream: released (6.6-rc5) [9d4c75800f61e5d75c1659ba201b6c0c7ead3070]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.57) [f6a7182179c0ed788e3755ee2ed18c888ddcc33f]
+5.10-upstream-stable: released (5.10.198) [96b2e1090397217839fcd6c9b6d8f5d439e705ed]
+4.19-upstream-stable: released (4.19.296) [559d697c5d072593d22b3e0bd8b8081108aeaf59]
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-52528 b/retired/CVE-2023-52528
new file mode 100644
index 00000000..4a654304
--- /dev/null
+++ b/retired/CVE-2023-52528
@@ -0,0 +1,17 @@
+Description: net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg
+References:
+Notes:
+ carnil> Introduced in d0cad871703b ("smsc75xx: SMSC LAN75xx USB gigabit ethernet
+ carnil> adapter driver"). Vulnerable versions: 2.6.34-rc2 3.16.61 3.18.120 4.4.152
+ carnil> 4.9.124 4.14.67 4.17.19.
+Bugs:
+upstream: released (6.6-rc5) [e9c65989920f7c28775ec4e0c11b483910fb67b8]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.57) [9ffc5018020fe646795a8dc1203224b8f776dc09]
+5.10-upstream-stable: released (5.10.198) [30bc4d7aebe33904b0f2d3aad4b4a9c6029ad0c5]
+4.19-upstream-stable: released (4.19.296) [2a36d9e2995c8c3c3f179aab1215a69cff06cbed]
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-52529 b/retired/CVE-2023-52529
new file mode 100644
index 00000000..1bfa3b5d
--- /dev/null
+++ b/retired/CVE-2023-52529
@@ -0,0 +1,16 @@
+Description: HID: sony: Fix a potential memory leak in sony_probe()
+References:
+Notes:
+ carnil> Introduced in fb1a79a6b6e1 ("HID: sony: fix freeze when inserting ghlive
+ carnil> ps3/wii dongles"). Vulnerable versions: 5.12.17 5.13.2 5.14-rc1.
+Bugs:
+upstream: released (6.6-rc5) [e1cd4004cde7c9b694bbdd8def0e02288ee58c74]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.57) [f237b17611fa3501f43f12d1cb64323e10fdcb4f]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52532 b/retired/CVE-2023-52532
new file mode 100644
index 00000000..27847ca6
--- /dev/null
+++ b/retired/CVE-2023-52532
@@ -0,0 +1,16 @@
+Description: net: mana: Fix TX CQE error handling
+References:
+Notes:
+ carnil> Introduced in ca9c54d2d6a5 ("net: mana: Add a driver for Microsoft Azure
+ carnil> Network Adapter (MANA)"). Vulnerable versions: 5.13-rc1.
+Bugs:
+upstream: released (6.6-rc5) [b2b000069a4c307b09548dc2243f31f3ca0eac9c]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.59) [b67d7b1bfc46d05c1a58b172516454698e8d5004]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52559 b/retired/CVE-2023-52559
new file mode 100644
index 00000000..b72c4656
--- /dev/null
+++ b/retired/CVE-2023-52559
@@ -0,0 +1,16 @@
+Description: iommu/vt-d: Avoid memory allocation in iommu_suspend()
+References:
+Notes:
+ carnil> Introduced in 33e07157105e ("iommu/vt-d: Avoid GFP_ATOMIC where it is not
+ carnil> needed"). Vulnerable versions: 5.11-rc1.
+Bugs:
+upstream: released (6.6-rc5) [59df44bfb0ca4c3ee1f1c3c5d0ee8e314844799e]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.57) [c12ef025add77ca3a0902e8719d552b6d47b4282]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52560 b/retired/CVE-2023-52560
new file mode 100644
index 00000000..cdca9fdb
--- /dev/null
+++ b/retired/CVE-2023-52560
@@ -0,0 +1,16 @@
+Description: mm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions()
+References:
+Notes:
+ carnil> Introduced in 9f86d624292c ("mm/damon/vaddr-test: remove unnecessary
+ carnil> variables"). Vulnerable versions: 5.16-rc5.
+Bugs:
+upstream: released (6.6-rc4) [45120b15743fa7c0aa53d5db6dfb4c8f87be4abd]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [9a4fe81a8644b717d57d81ce5849e16583b13fe8]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52562 b/retired/CVE-2023-52562
new file mode 100644
index 00000000..3cb1dc40
--- /dev/null
+++ b/retired/CVE-2023-52562
@@ -0,0 +1,17 @@
+Description: mm/slab_common: fix slab_caches list corruption after kmem_cache_destroy()
+References:
+Notes:
+ carnil> Introduced in , if a module that created a slab cache does not
+ carnil> 0495e337b703 ("mm/slab_common: Deleting kobject in kmem_cache_destroy() without
+ carnil> holding slab_mutex/cpu_hotplug_lock"). Vulnerable versions: 5.19.8 6.0-rc4.
+Bugs:
+upstream: released (6.6-rc4) [46a9ea6681907a3be6b6b0d43776dccc62cad6cf]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [a5569bb187521432f509b69dda7d29f78b2d38b0]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52563 b/retired/CVE-2023-52563
new file mode 100644
index 00000000..550cf32b
--- /dev/null
+++ b/retired/CVE-2023-52563
@@ -0,0 +1,16 @@
+Description: drm/meson: fix memory leak on ->hpd_notify callback
+References:
+Notes:
+ carnil> Introduced in 0af5e0b41110 ("drm/meson: encoder_hdmi: switch to bridge
+ carnil> DRM_BRIDGE_ATTACH_NO_CONNECTOR"). Vulnerable versions: 5.15.61 5.17-rc1.
+Bugs:
+upstream: released (6.6-rc3) [099f0af9d98231bb74956ce92508e87cbcb896be]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [ee335e0094add7fc2c7034e0534e1920d61d2078]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52564 b/retired/CVE-2023-52564
new file mode 100644
index 00000000..74b42758
--- /dev/null
+++ b/retired/CVE-2023-52564
@@ -0,0 +1,17 @@
+Description: Revert "tty: n_gsm: fix UAF in gsm_cleanup_mux"
+References:
+Notes:
+ carnil> Introduced in 9b9c8195f3f0 ("tty: n_gsm: fix UAF in gsm_cleanup_mux").
+ carnil> Vulnerable versions: 5.10.190 5.10.198 5.15.124 5.15.134 6.1.43 6.1.56 6.4.8
+ carnil> 6.5-rc4 6.5.6.
+Bugs:
+upstream: released (6.6-rc4) [29346e217b8ab8a52889b88f00b268278d6b7668]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [c61d0b87a7028c2c10faffc524d748334c7b9827]
+5.10-upstream-stable: released (5.10.198) [6d5c8862932d31a810b6545f7d69ecc124402c6e]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52565 b/retired/CVE-2023-52565
new file mode 100644
index 00000000..375618fe
--- /dev/null
+++ b/retired/CVE-2023-52565
@@ -0,0 +1,16 @@
+Description: media: uvcvideo: Fix OOB read
+References:
+Notes:
+ carnil> Introduced in 40140eda661e ("media: uvcvideo: Implement mask for
+ carnil> V4L2_CTRL_TYPE_MENU"). Vulnerable versions: 6.1.16 6.2.3 6.3-rc1.
+Bugs:
+upstream: released (6.6-rc3) [41ebaa5e0eebea4c3bac96b72f9f8ae0d77c0bdb]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [09635bf4cdd4adf2160198a6041bcc7ca46c0558]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52566 b/retired/CVE-2023-52566
new file mode 100644
index 00000000..a8b83a4c
--- /dev/null
+++ b/retired/CVE-2023-52566
@@ -0,0 +1,16 @@
+Description: nilfs2: fix potential use after free in nilfs_gccache_submit_read_data()
+References:
+Notes:
+ carnil> Introduced in a3d93f709e89 ("nilfs2: block cache for garbage collection").
+ carnil> Vulnerable versions: 2.6.30-rc1.
+Bugs:
+upstream: released (6.6-rc4) [7ee29facd8a9c5a26079148e36bcf07141b3a6bc]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [980663f1d189eedafd18d80053d9cf3e2ceb5c8c]
+5.10-upstream-stable: released (5.10.198) [7130a87ca32396eb9bf48b71a2d42259ae44c6c7]
+4.19-upstream-stable: released (4.19.296) [bb61224f6abc8e71bfdf06d7c984e23460875f5b]
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-52567 b/retired/CVE-2023-52567
new file mode 100644
index 00000000..15afe2bb
--- /dev/null
+++ b/retired/CVE-2023-52567
@@ -0,0 +1,17 @@
+Description: serial: 8250_port: Check IRQ data before use
+References:
+Notes:
+ carnil> Introduced in 0ba9e3a13c6a ("serial: 8250: Add missing wakeup event
+ carnil> reporting"). Vulnerable versions: 4.14.315 4.19.283 5.4.243 5.10.180 5.15.111
+ carnil> 6.1.28 6.2.15 6.3.2 6.4-rc1.
+Bugs:
+upstream: released (6.6-rc4) [cce7fc8b29961b64fadb1ce398dc5ff32a79643b]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [e14f68a48fd445a083ac0750fafcb064df5f18f7]
+5.10-upstream-stable: released (5.10.198) [e14afa4450cb7e4cf93e993a765801203d41d014]
+4.19-upstream-stable: released (4.19.296) [c334650150c29234b0923476f51573ae1b2f252a]
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-52568 b/retired/CVE-2023-52568
new file mode 100644
index 00000000..ab7a0a9f
--- /dev/null
+++ b/retired/CVE-2023-52568
@@ -0,0 +1,16 @@
+Description: x86/sgx: Resolves SECS reclaim vs. page fault for EAUG race
+References:
+Notes:
+ carnil> Introduced in 5a90d2c3f5ef ("x86/sgx: Support adding of pages to an initialized
+ carnil> enclave"). Vulnerable versions: 6.0-rc1.
+Bugs:
+upstream: released (6.6-rc4) [c6c2adcba50c2622ed25ba5d5e7f05f584711358]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [811ba2ef0cb6402672e64ba1419d6ef95aa3405d]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52570 b/retired/CVE-2023-52570
new file mode 100644
index 00000000..d7de4f7f
--- /dev/null
+++ b/retired/CVE-2023-52570
@@ -0,0 +1,16 @@
+Description: vfio/mdev: Fix a null-ptr-deref bug for mdev_unregister_parent()
+References:
+Notes:
+ carnil> Introduced in da44c340c4fe ("vfio/mdev: simplify mdev_type handling").
+ carnil> Vulnerable versions: 6.1-rc1.
+Bugs:
+upstream: released (6.6-rc4) [c777b11d34e0f47dbbc4b018ef65ad030f2b283a]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [c01b2e0ee22ef8b4dd7509a93aecc0ac0826bae4]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52571 b/retired/CVE-2023-52571
new file mode 100644
index 00000000..ccf21bb7
--- /dev/null
+++ b/retired/CVE-2023-52571
@@ -0,0 +1,16 @@
+Description: power: supply: rk817: Fix node refcount leak
+References:
+Notes:
+ carnil> Introduced in 54c03bfd094f ("power: supply: Fix refcount leak in
+ carnil> rk817_charger_probe"). Vulnerable versions: 6.1.2 6.2-rc1.
+Bugs:
+upstream: released (6.6-rc4) [488ef44c068e79752dba8eda0b75f524f111a695]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [fe6406238d5a24e9fb0286c71edd67b99d8db58d]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52573 b/retired/CVE-2023-52573
new file mode 100644
index 00000000..1aed318d
--- /dev/null
+++ b/retired/CVE-2023-52573
@@ -0,0 +1,16 @@
+Description: net: rds: Fix possible NULL-pointer dereference
+References:
+Notes:
+ carnil> Introduced in fd261ce6a30e ("rds: rdma: update rdma transport for tos").
+ carnil> Vulnerable versions: 5.1-rc1.
+Bugs:
+upstream: released (6.6-rc3) [f1d95df0f31048f1c59092648997686e3f7d9478]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [51fa66024a5eabf270164f2dc82a48ffb35a12e9]
+5.10-upstream-stable: released (5.10.198) [f515112e833791001aaa8ab886af3ca78503617f]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52574 b/retired/CVE-2023-52574
new file mode 100644
index 00000000..c1b88ec0
--- /dev/null
+++ b/retired/CVE-2023-52574
@@ -0,0 +1,16 @@
+Description: team: fix null-ptr-deref when team device type is changed
+References:
+Notes:
+ carnil> Introduced in 1d76efe1577b ("team: add support for non-ethernet devices").
+ carnil> Vulnerable versions: 3.7-rc1.
+Bugs:
+upstream: released (6.6-rc3) [492032760127251e5540a5716a70996bacf2a3fd]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [2f0acb0736ecc3eb85dc80ad2790d634dcb10b58]
+5.10-upstream-stable: released (5.10.198) [b44dd92e2afd89eb6e9d27616858e72a67bdc1a7]
+4.19-upstream-stable: released (4.19.296) [a7fb47b9711101d2405b0eb1276fb1f9b9b270c7]
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-52575 b/retired/CVE-2023-52575
new file mode 100644
index 00000000..5ab41c92
--- /dev/null
+++ b/retired/CVE-2023-52575
@@ -0,0 +1,16 @@
+Description: x86/srso: Fix SBPB enablement for spec_rstack_overflow=off
+References:
+Notes:
+ carnil> Introduced in fb3bd914b3ec ("x86/srso: Add a Speculative RAS Overflow
+ carnil> mitigation"). Vulnerable versions: 5.10.189 5.15.125 6.1.44 6.4.9 6.5-rc6.
+Bugs:
+upstream: released (6.6-rc3) [01b057b2f4cc2d905a0bd92195657dbd9a7005ab]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [adbcec23c8423e3d5df1839c5ae91599dcf703cb]
+5.10-upstream-stable: released (5.10.198) [ae806c74c0634b0c23855066d8ba28d850fd1260]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52576 b/retired/CVE-2023-52576
new file mode 100644
index 00000000..9bab156a
--- /dev/null
+++ b/retired/CVE-2023-52576
@@ -0,0 +1,16 @@
+Description: x86/mm, kexec, ima: Use memblock_free_late() from ima_free_kexec_buffer()
+References:
+Notes:
+ carnil> Introduced in fee3ff99bc67 ("powerpc: Move arch independent ima kexec functions
+ carnil> to drivers/of/kexec.c"). Vulnerable versions: 5.13-rc1.
+Bugs:
+upstream: released (6.6-rc3) [34cf99c250d5cd2530b93a57b0de31d3aaf8685b]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [eef16bfdb212da60f5144689f2967fb25b051a2b]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52577 b/retired/CVE-2023-52577
new file mode 100644
index 00000000..706a55b7
--- /dev/null
+++ b/retired/CVE-2023-52577
@@ -0,0 +1,17 @@
+Description: dccp: fix dccp_v4_err()/dccp_v6_err() again
+References:
+Notes:
+ carnil> Introduced in 977ad86c2a1b ("dccp: Fix out of bounds access in DCCP error
+ carnil> handler"). Vulnerable versions: 4.14.326 4.19.295 5.4.257 5.10.195 5.15.132
+ carnil> 6.1.53 6.4.16 6.5.3 6.6-rc1.
+Bugs:
+upstream: released (6.6-rc3) [6af289746a636f71f4c0535a9801774118486c7a]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [73be49248a04746096339a48a33fa2f03bd85969]
+5.10-upstream-stable: released (5.10.198) [60d73c62e3e4464f375758b6f2459c13d46465b6]
+4.19-upstream-stable: released (4.19.296) [62c218124fe58372e0e1f60d5b634d21c264b337]
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-52578 b/retired/CVE-2023-52578
new file mode 100644
index 00000000..d4e35504
--- /dev/null
+++ b/retired/CVE-2023-52578
@@ -0,0 +1,16 @@
+Description: net: bridge: use DEV_STATS_INC()
+References:
+Notes:
+ carnil> Introduced in 1c29fc4989bc ("[BRIDGE]: keep track of received multicast
+ carnil> packets"). Vulnerable versions: 2.6.17-rc4.
+Bugs:
+upstream: released (6.6-rc3) [44bdb313da57322c9b3c108eb66981c6ec6509f4]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [89f9f20b1cbd36d99d5a248a4bf8d11d4fd049a2]
+5.10-upstream-stable: released (5.10.198) [04cc361f029c14dd067ad180525c7392334c9bfd]
+4.19-upstream-stable: released (4.19.296) [d2346e6beb699909ca455d9d20c4e577ce900839]
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-52579 b/retired/CVE-2023-52579
new file mode 100644
index 00000000..9dd2afce
--- /dev/null
+++ b/retired/CVE-2023-52579
@@ -0,0 +1,16 @@
+Description: ipv4: fix null-deref in ipv4_link_failure
+References:
+Notes:
+ carnil> Introduced in ed0de45a1008 ("ipv4: recompile ip options in ipv4_link_failure").
+ carnil> Vulnerable versions: 3.18.139 4.4.179 4.9.171 4.14.114 4.19.37 5.0.10 5.1-rc6.
+Bugs:
+upstream: released (6.6-rc3) [0113d9c9d1ccc07f5a3710dac4aa24b6d711278c]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [2712545e535d7a2e4c53b9c9658a9c88c6055862]
+5.10-upstream-stable: released (5.10.198) [8689c9ace976d6c078e6dc844b09598796e84099]
+4.19-upstream-stable: released (4.19.296) [a2cf7bd75b3992e8df68dd5fdc6499b67d45f6e0]
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: released (5.10.205-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2023-52580 b/retired/CVE-2023-52580
new file mode 100644
index 00000000..414de611
--- /dev/null
+++ b/retired/CVE-2023-52580
@@ -0,0 +1,16 @@
+Description: net/core: Fix ETH_P_1588 flow dissector
+References:
+Notes:
+ carnil> Introduced in 4f1cc51f3488 ("net: flow_dissector: Parse PTP L2 packet header").
+ carnil> Vulnerable versions: 5.12-rc1.
+Bugs:
+upstream: released (6.6-rc3) [75ad80ed88a182ab2ad5513e448cf07b403af5c3]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [488ea2a3e2666022f79abfdd7d12e8305fc27a40]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52581 b/retired/CVE-2023-52581
new file mode 100644
index 00000000..30bb92be
--- /dev/null
+++ b/retired/CVE-2023-52581
@@ -0,0 +1,17 @@
+Description: netfilter: nf_tables: fix memleak when more than 255 elements expired
+References:
+Notes:
+ carnil> Introduced in 5f68718b34a5 ("netfilter: nf_tables: GC transaction API to avoid
+ carnil> race with control plane"). Vulnerable versions: 5.4.262 5.10.198 5.15.134
+ carnil> 6.1.56 6.4.11 6.5-rc6.
+Bugs:
+upstream: released (6.6-rc3) [cf5000a7787cbc10341091d37245a42c119d26c5]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.6-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52582 b/retired/CVE-2023-52582
new file mode 100644
index 00000000..c7970559
--- /dev/null
+++ b/retired/CVE-2023-52582
@@ -0,0 +1,16 @@
+Description: netfs: Only call folio_start_fscache() one time for each folio
+References:
+Notes:
+ carnil> Introduced in 3d3c95046742 ("netfs: Provide readahead and readpage netfs
+ carnil> helpers". Vulnerable versions: 5.13-rc1.
+Bugs:
+upstream: released (6.6-rc3) [df1c357f25d808e30b216188330e708e09e1a412]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: released (6.1.56) [df9950d37df113db59495fa09d060754366a2b7c]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.6-1)
+6.1-bookworm-security: released (6.1.64-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26604 b/retired/CVE-2024-26604
new file mode 100644
index 00000000..b97ee4f2
--- /dev/null
+++ b/retired/CVE-2024-26604
@@ -0,0 +1,16 @@
+Description: Revert "kobject: Remove redundant checks for whether ktype is NULL"
+References:
+Notes:
+ carnil> Introduced in 1b28cb81dab7 ("kobject: Remove redundant checks for whether ktype
+ carnil> is NULL"). Vulnerable versions: 6.6-rc1.
+Bugs:
+upstream: released (6.8-rc5) [3ca8fbabcceb8bfe44f7f50640092fd8f1de375c]
+6.7-upstream-stable: released (6.7.6) [b746d52ce7bcac325a2fa264216ead85b7fbbfaa]
+6.6-upstream-stable: released (6.6.18) [7f414d306320f837cc3df96cf52161cb8290fb1b]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26621 b/retired/CVE-2024-26621
new file mode 100644
index 00000000..4b3f55c1
--- /dev/null
+++ b/retired/CVE-2024-26621
@@ -0,0 +1,16 @@
+Description: mm: huge_memory: don't force huge page alignment on 32 bit
+References:
+Notes:
+ carnil> Introduced in efa7df3e3bb5 ("mm: align larger anonymous mappings on THP
+ carnil> boundaries"). Vulnerable versions: 6.7.
+Bugs:
+upstream: released (6.8-rc3) [4ef9ad19e17676b9ef071309bc62020e2373705d]
+6.7-upstream-stable: released (6.7.6) [7432376c913381c5f24d373a87ff629bbde94b47]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
-- 
cgit v1.2.3