From cff92fd8cc99085cbc30b5a2c751ba7af7d38aff Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 28 Feb 2024 08:34:39 +0100
Subject: Retire some CVEs

---
 retired/CVE-2021-46969 | 16 ++++++++++++++++
 retired/CVE-2021-46972 | 16 ++++++++++++++++
 retired/CVE-2021-46973 | 16 ++++++++++++++++
 3 files changed, 48 insertions(+)
 create mode 100644 retired/CVE-2021-46969
 create mode 100644 retired/CVE-2021-46972
 create mode 100644 retired/CVE-2021-46973

(limited to 'retired')

diff --git a/retired/CVE-2021-46969 b/retired/CVE-2021-46969
new file mode 100644
index 00000000..ee580941
--- /dev/null
+++ b/retired/CVE-2021-46969
@@ -0,0 +1,16 @@
+Description: bus: mhi: core: Fix invalid error returning in mhi_queue
+References:
+Notes:
+ carnil> Introduced in a8f75cb348fd ("mhi: core: Factorize mhi queuing"). Vulnerable
+ carnil> versions: 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc1) [0ecc1c70dcd32c0f081b173a1a5d89952686f271]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46972 b/retired/CVE-2021-46972
new file mode 100644
index 00000000..47288dbe
--- /dev/null
+++ b/retired/CVE-2021-46972
@@ -0,0 +1,16 @@
+Description: ovl: fix leaked dentry
+References:
+Notes:
+ carnil> Introduced in 6815f479ca90 ("ovl: use only uppermetacopy state in
+ carnil> ovl_lookup()"). Vulnerable versions: 5.8-rc1.
+Bugs:
+upstream: released (5.13-rc1) [eaab1d45cdb4bb0c846bd23c3d666d5b90af7b41]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.35) [71d58457a8afc650da5d3292a7f7029317654d95]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2021-46973 b/retired/CVE-2021-46973
new file mode 100644
index 00000000..fadde52a
--- /dev/null
+++ b/retired/CVE-2021-46973
@@ -0,0 +1,16 @@
+Description: net: qrtr: Avoid potential use after free in MHI send
+References:
+Notes:
+ carnil> Introduced in 6e728f321393 ("net: qrtr: Add MHI transport layer"). Vulnerable
+ carnil> versions: 5.8-rc1.
+Bugs:
+upstream: released (5.13-rc1) [47a017f33943278570c072bc71681809b2567b3a]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.35) [48ec949ac979b4b42d740f67b6177797af834f80]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
-- 
cgit v1.2.3