From 9e43e7ec84957ddbdf8c9d4b9591a392dc6177d5 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 10 Feb 2024 10:30:38 +0100
Subject: Retire several CVEs

---
 retired/CVE-2023-1193  | 13 +++++++++++++
 retired/CVE-2023-50431 | 16 ++++++++++++++++
 retired/CVE-2023-5633  | 17 +++++++++++++++++
 retired/CVE-2023-6606  | 17 +++++++++++++++++
 retired/CVE-2024-0646  | 16 ++++++++++++++++
 retired/CVE-2024-1085  | 16 ++++++++++++++++
 retired/CVE-2024-1312  | 16 ++++++++++++++++
 retired/CVE-2024-22705 | 12 ++++++++++++
 8 files changed, 123 insertions(+)
 create mode 100644 retired/CVE-2023-1193
 create mode 100644 retired/CVE-2023-50431
 create mode 100644 retired/CVE-2023-5633
 create mode 100644 retired/CVE-2023-6606
 create mode 100644 retired/CVE-2024-0646
 create mode 100644 retired/CVE-2024-1085
 create mode 100644 retired/CVE-2024-1312
 create mode 100644 retired/CVE-2024-22705

(limited to 'retired')

diff --git a/retired/CVE-2023-1193 b/retired/CVE-2023-1193
new file mode 100644
index 00000000..af419ca5
--- /dev/null
+++ b/retired/CVE-2023-1193
@@ -0,0 +1,13 @@
+Description: use-after-free in setup_async_work()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2154177
+Notes:
+Bugs:
+upstream: released (6.3-rc6) [3a9b557f44ea8f216aab515a7db20e23f0eb51b9]
+6.1-upstream-stable: released (6.1.71) [8d271ef5e5cac8a470076891b248a28a2c57fb1e]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-50431 b/retired/CVE-2023-50431
new file mode 100644
index 00000000..fdfb17ca
--- /dev/null
+++ b/retired/CVE-2023-50431
@@ -0,0 +1,16 @@
+Description: habanalabs: fix information leak in sec_attest_info()
+References:
+ https://lists.freedesktop.org/archives/dri-devel/2023-November/431772.html
+Notes:
+ carnil> Commit fixes 0c88760f8f5e ("habanalabs/gaudi2: add secured
+ carnil> attestation info uapi") in 6.1-rc1.
+ carnil> For 6.6.y fixed as well in 6.6.14, for 6.7.y fixed as well in 6.7.2.
+Bugs:
+upstream: released (6.8-rc1) [a9f07790a4b2250f0140e9a61c7f842fd9b618c7]
+6.1-upstream-stable: released (6.1.75) [6d98d249175e568f72ca94cbd6f959bc4476414e]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-5633 b/retired/CVE-2023-5633
new file mode 100644
index 00000000..194fd068
--- /dev/null
+++ b/retired/CVE-2023-5633
@@ -0,0 +1,17 @@
+Description: drm/vmwgfx: Keep a gem reference to user bos in surfaces
+References:
+ https://lists.freedesktop.org/archives/dri-devel/2023-September/424805.html
+Notes:
+ carnil> Commit fixes a950b989ea29 ("drm/vmwgfx: Do not drop the
+ carnil> reference to the handle too soon") in 6.2 (and backported to
+ carnil> 6.1.13) (which is part of the changes to address CVE-2023-33951
+ carnil> and CVE-2023-33952)
+Bugs:
+upstream: released (6.6-rc6) [91398b413d03660fd5828f7b4abc64e884b98069]
+6.1-upstream-stable: released (6.1.75) [104f95698cad038caa8f7496be67f738d8ace9cb]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.8-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-6606 b/retired/CVE-2023-6606
new file mode 100644
index 00000000..16187076
--- /dev/null
+++ b/retired/CVE-2023-6606
@@ -0,0 +1,17 @@
+Description: smb: client: fix OOB in smbCalcSize()
+References:
+ https://bugzilla.kernel.org/show_bug.cgi?id=218218
+ https://bugzilla.redhat.com/show_bug.cgi?id=2253611
+Notes:
+ bwh> This appears to have been present ever since CIFS was added in
+ bwh> 2.5.42(!).
+ carnil> For 6.6.y fixed as well in 6.6.9.
+Bugs:
+upstream: released (6.7-rc7) [b35858b3786ddbb56e1c35138ba25d6adf8d0bef]
+6.1-upstream-stable: released (6.1.70) [c60e10d1549f8748a68ec13dcd177c62843985ff]
+5.10-upstream-stable: released (5.10.206) [0c54b79d1d9b25f5a406bcf1969f956e14c4704d]
+4.19-upstream-stable: released (4.19.304) [89b6ae907c6bcc175bc95a67d6936217530a29ff]
+sid: released (6.6.9-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: released (5.10.209-1)
+4.19-buster-security: released (4.19.304-1)
diff --git a/retired/CVE-2024-0646 b/retired/CVE-2024-0646
new file mode 100644
index 00000000..735f5c46
--- /dev/null
+++ b/retired/CVE-2024-0646
@@ -0,0 +1,16 @@
+Description: net: tls, update curr on splice as well
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2253908
+Notes:
+ carnil> Commit fixes d829e9c4112b ("tls: convert to generic sk_msg
+ carnil> interface") in 4.20-rc1. In Debian CONFIG_TLS was only enabled
+ carnil> as module in 5.15.1-1~exp1.
+Bugs:
+upstream: released (6.7-rc5) [c5a595000e2677e865a39f249c056bc05d6e55fd]
+6.1-upstream-stable: released (6.1.69) [9b3d3a7f3c4d710c1dd3f723851c3eeaf42642bc]
+5.10-upstream-stable: released (5.10.208) [c6b2a6b827d4b2d0f36b520e54e083df9b330a7b]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.8-1)
+6.1-bookworm-security: released (6.1.69-1)
+5.10-bullseye-security: released (5.10.209-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-1085 b/retired/CVE-2024-1085
new file mode 100644
index 00000000..ebcbacd4
--- /dev/null
+++ b/retired/CVE-2024-1085
@@ -0,0 +1,16 @@
+Description: netfilter: nf_tables: check if catch-all set element is active in next generation
+References:
+ https://kernel.dance/b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7
+Notes:
+ carnil> Fixed for 6.7.y in 6.7.2 and for 6.6.y in 6.6.14.
+ carnil> Commit fixes aaa31047a6d2 ("netfilter: nftables: add catch-all
+ carnil> set element support") in 5.13-rc1.
+Bugs:
+upstream: released (6.8-rc1) [b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7]
+6.1-upstream-stable: released (6.1.75) [a372f1d01bc11aa85773a02353cd01aaf16dc18e]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-1312 b/retired/CVE-2024-1312
new file mode 100644
index 00000000..7fa6db70
--- /dev/null
+++ b/retired/CVE-2024-1312
@@ -0,0 +1,16 @@
+Description: mm: lock_vma_under_rcu() must check vma->anon_vma under vma lock
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2225569
+Notes:
+ carnil> Commit fixes 5e31275cc997 ("mm: add per-VMA lock and helper
+ carnil> functions to control it") 6.4-rc1.
+ carnil> For 6.4.y fixed as well in 6.4.10.
+Bugs:
+upstream: released (6.5-rc4) [657b5146955eba331e01b9a6ae89ce2e716ba306]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.4.11-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-22705 b/retired/CVE-2024-22705
new file mode 100644
index 00000000..f35a6e31
--- /dev/null
+++ b/retired/CVE-2024-22705
@@ -0,0 +1,12 @@
+Description: ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16()
+References:
+Notes:
+Bugs:
+upstream: released (6.7-rc8) [d10c77873ba1e9e6b91905018e29e196fd5f863d]
+6.1-upstream-stable: released (6.1.71) [7a3bbbadac4be9d30b45e9f1134e94294f79ce77]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.11-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
-- 
cgit v1.2.3