From a9846882933a665a393defabda77e2a599c0a021 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 20 Feb 2024 23:17:35 +0100
Subject: Retire some CVEs

---
 retired/CVE-2023-52433 | 17 +++++++++++++++++
 retired/CVE-2023-52438 | 15 +++++++++++++++
 retired/CVE-2024-25744 | 12 ++++++++++++
 3 files changed, 44 insertions(+)
 create mode 100644 retired/CVE-2023-52433
 create mode 100644 retired/CVE-2023-52438
 create mode 100644 retired/CVE-2024-25744

(limited to 'retired')

diff --git a/retired/CVE-2023-52433 b/retired/CVE-2023-52433
new file mode 100644
index 00000000..dab95f09
--- /dev/null
+++ b/retired/CVE-2023-52433
@@ -0,0 +1,17 @@
+Description: netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
+References:
+ https://lore.kernel.org/linux-cve-announce/2024022058-outsell-equator-e1c5@gregkh/
+Notes:
+ carnil> Introduced with f6c383b8c31a ("netfilter: nf_tables: adapt set
+ carnil> backend to use GC transaction API") in 6.5-rc5 which got
+ carnil> backported to 5.10.198, 6.1.56 and 6.4.11. But for 5.10.y and
+ carnil> 6.1.y fixed in the same upstream version along.
+Bugs:
+upstream: released (6.6-rc1) [2ee52ae94baabf7ee09cf2a8d854b990dac5d0e4]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.6-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52438 b/retired/CVE-2023-52438
new file mode 100644
index 00000000..f499922c
--- /dev/null
+++ b/retired/CVE-2023-52438
@@ -0,0 +1,15 @@
+Description: binder: fix use-after-free in shinker's callback
+References:
+ https://lore.kernel.org/linux-cve-announce/2024022017-slit-wish-e5d7@gregkh/
+Notes:
+ carnil> Commit fixes dd2283f2605e ("mm: mmap: zap pages with read
+ carnil> mmap_sem in munmap") in 4.20-rc1.
+Bugs:
+upstream: released (6.8-rc1) [3f489c2067c5824528212b0fc18b28d51332d906]
+6.1-upstream-stable: released (6.1.74) [9fa04c93f24138747807fe75b5591bb680098f56]
+5.10-upstream-stable: released (5.10.209) [c8c1158ffb007197f31f9d9170cf13e4f34cbb5c]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.13-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: released (5.10.209-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-25744 b/retired/CVE-2024-25744
new file mode 100644
index 00000000..fad18842
--- /dev/null
+++ b/retired/CVE-2024-25744
@@ -0,0 +1,12 @@
+Description: x86/coco: Disable 32-bit emulation by default on TDX and SEV
+References:
+Notes:
+Bugs:
+upstream: released (6.7-rc5) [b82a8dbd3d2f4563156f7150c6f2ecab6e960b30]
+6.1-upstream-stable: released (6.1.68) [b8ec27ae221eee458b15b700706db311474ac619]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.8-1)
+6.1-bookworm-security: released (6.1.69-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
-- 
cgit v1.2.3