From d254ab676eb8655b707680a7436247e02d0b2aec Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Sun, 25 Feb 2024 10:30:11 +0100 Subject: Retire some CVEs --- retired/CVE-2023-52465 | 16 ++++++++++++++++ retired/CVE-2023-52466 | 16 ++++++++++++++++ retired/CVE-2023-52467 | 16 ++++++++++++++++ retired/CVE-2023-52468 | 16 ++++++++++++++++ retired/CVE-2023-52471 | 16 ++++++++++++++++ retired/CVE-2023-52472 | 16 ++++++++++++++++ retired/CVE-2023-52473 | 16 ++++++++++++++++ 7 files changed, 112 insertions(+) create mode 100644 retired/CVE-2023-52465 create mode 100644 retired/CVE-2023-52466 create mode 100644 retired/CVE-2023-52467 create mode 100644 retired/CVE-2023-52468 create mode 100644 retired/CVE-2023-52471 create mode 100644 retired/CVE-2023-52472 create mode 100644 retired/CVE-2023-52473 (limited to 'retired') diff --git a/retired/CVE-2023-52465 b/retired/CVE-2023-52465 new file mode 100644 index 00000000..f5f2e849 --- /dev/null +++ b/retired/CVE-2023-52465 @@ -0,0 +1,16 @@ +Description: power: supply: Fix null pointer dereference in smb2_probe +References: +Notes: + carnil> Introduced in 8648aeb5d7b7 ("power: supply: add Qualcomm PMI8998 SMB2 Charger + carnil> driver"). Vulnerable versions: 6.5-rc1. +Bugs: +upstream: released (6.8-rc1) [88f04bc3e737155e13caddf0ba8ed19db87f0212] +6.7-upstream-stable: released (6.7.2) [bd3d2ec447ede9da822addf3960a5f4275e3ae76] +6.6-upstream-stable: released (6.6.14) [e2717302fbc20f148bcda362facee0444b949a3a] +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.6.15-1) +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2023-52466 b/retired/CVE-2023-52466 new file mode 100644 index 00000000..12c8d40d --- /dev/null +++ b/retired/CVE-2023-52466 @@ -0,0 +1,16 @@ +Description: PCI: Avoid potential out-of-bounds read in pci_dev_for_each_resource() +References: +Notes: + carnil> Introduced in 09cc90063240 ("PCI: Introduce pci_dev_for_each_resource()"). + carnil> Vulnerable versions: 6.4-rc1. +Bugs: +upstream: released (6.8-rc1) [3171e46d677a668eed3086da78671f1e4f5b8405] +6.7-upstream-stable: released (6.7.2) [bd26159dcaaa3e9a927070efd348e7ce7e5ee933] +6.6-upstream-stable: released (6.6.14) [5b3e25efe16e06779a9a7c7610217c1b921ec179] +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.6.15-1) +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2023-52467 b/retired/CVE-2023-52467 new file mode 100644 index 00000000..da90a3a3 --- /dev/null +++ b/retired/CVE-2023-52467 @@ -0,0 +1,16 @@ +Description: mfd: syscon: Fix null pointer dereference in of_syscon_register() +References: +Notes: + carnil> Introduced in e15d7f2b81d2 ("mfd: syscon: Use a unique name with + carnil> regmap_config"). Vulnerable versions: 5.9-rc1. +Bugs: +upstream: released (6.8-rc1) [41673c66b3d0c09915698fec5c13b24336f18dd1] +6.7-upstream-stable: released (6.7.2) [7f2c410ac470959b88e03dadd94b7a0b71df7973] +6.6-upstream-stable: released (6.6.14) [3ef1130deee98997275904d9bfc37af75e1e906c] +6.1-upstream-stable: released (6.1.75) [527e8c5f3d00299822612c495d5adf1f8f43c001] +5.10-upstream-stable: released (5.10.209) [927626a2073887ee30ba00633260d4d203f8e875] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.6.15-1) +6.1-bookworm-security: released (6.1.76-1) +5.10-bullseye-security: released (5.10.209-1) +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2023-52468 b/retired/CVE-2023-52468 new file mode 100644 index 00000000..e3efa4eb --- /dev/null +++ b/retired/CVE-2023-52468 @@ -0,0 +1,16 @@ +Description: class: fix use-after-free in class_register() +References: +Notes: + carnil> Introduced in dcfbb67e48a2 ("driver core: class: use lock_class_key already + carnil> present in struct subsys_private"). Vulnerable versions: 6.4-rc1. +Bugs: +upstream: released (6.8-rc1) [93ec4a3b76404bce01bd5c9032bef5df6feb1d62] +6.7-upstream-stable: released (6.7.2) [0f1486dafca3398c4c46b9f6e6452fa27e73b559] +6.6-upstream-stable: released (6.6.14) [b57196a5ec5e4c0ffecde8348b085b778c7dce04] +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.6.15-1) +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2023-52471 b/retired/CVE-2023-52471 new file mode 100644 index 00000000..0c404b2f --- /dev/null +++ b/retired/CVE-2023-52471 @@ -0,0 +1,16 @@ +Description: ice: Fix some null pointer dereference issues in ice_ptp.c +References: +Notes: + carnil> Introduced in d938a8cca88a ("ice: Auxbus devices & driver for E822 TS"). + carnil> Vulnerable versions: 6.7-rc1. +Bugs: +upstream: released (6.8-rc1) [3027e7b15b02d2d37e3f82d6b8404f6d37e3b8cf] +6.7-upstream-stable: released (6.7.2) [3cd9b9bee33f39f6c6d52360fe381b89a7b12695] +6.6-upstream-stable: N/A "Vulnerable code not present" +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: N/A "Vulnerable code not present" +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2023-52472 b/retired/CVE-2023-52472 new file mode 100644 index 00000000..bb2e88ac --- /dev/null +++ b/retired/CVE-2023-52472 @@ -0,0 +1,16 @@ +Description: crypto: rsa - add a check for allocation failure +References: +Notes: + carnil> Introduced in 6637e11e4ad2 ("crypto: rsa - allow only odd e and restrict value + carnil> in FIPS mode"). Vulnerable versions: 6.5-rc1. +Bugs: +upstream: released (6.8-rc1) [d872ca165cb67112f2841ef9c37d51ef7e63d1e4] +6.7-upstream-stable: released (6.7.2) [95ad8b6879e2e49d02e3bfc0e1fb46421633fe2a] +6.6-upstream-stable: released (6.6.14) [2831f4d3bfa68e64c5f83e96688be779c87b3511] +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.6.15-1) +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2023-52473 b/retired/CVE-2023-52473 new file mode 100644 index 00000000..755576eb --- /dev/null +++ b/retired/CVE-2023-52473 @@ -0,0 +1,16 @@ +Description: thermal: core: Fix NULL pointer dereference in zone registration error path +References: +Notes: + carnil> Introduced in 3d439b1a2ad3 ("thermal/core: Alloc-copy-free the thermal zone + carnil> parameters structure"). Vulnerable versions: 6.4-rc1. +Bugs: +upstream: released (6.8-rc1) [04e6ccfc93c5a1aa1d75a537cf27e418895e20ea] +6.7-upstream-stable: released (6.7.2) [02871710b93058eb1249d5847c0b2d1c2c3c98ae] +6.6-upstream-stable: released (6.6.14) [335176dd8ebaca6493807dceea33c478305667fa] +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.6.15-1) +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" -- cgit v1.2.3