[Git][cip-project/cip-kernel/cip-kernel-sec][master] 6 commits: Import more data


Agustin Benito Bethencourt
 

Ben Hutchings pushed to branch master at cip-project / cip-kernel / cip-kernel-sec

Commits:

  • e7b59afe
    by Ben Hutchings at 2019-08-22T20:07:26Z
    Import more data
    
    Signed-off-by: Ben Hutchings <ben.hutchings@...>
    
  • 00e48ddc
    by Ben Hutchings at 2019-08-22T20:16:25Z
    Fill in further details about CVE-2019-15239
    
    This was previously "CVE-2019-tcp-reconnect-uaf" before it got a CVE
    ID.  It turns out to have been discovered multiple times but only
    fixed in some branches until recently.
    
    Signed-off-by: Ben Hutchings <ben.hutchings@...>
    
  • 7d9748fd
    by Ben Hutchings at 2019-08-22T20:30:40Z
    Fill in introduced-by commits for several issues
    
    Signed-off-by: Ben Hutchings <ben.hutchings@...>
    
  • 96ccc480
    by Ben Hutchings at 2019-08-23T17:07:35Z
    Un-ignore two USB audio issues for linux-4.19.y-cip-rt
    
    The USB audio driver is enabled by the siemens_i386-rt configuration.
    
    Signed-off-by: Ben Hutchings <ben.hutchings@...>
    
  • 7c306459
    by Ben Hutchings at 2019-08-23T17:09:44Z
    Mark various issues to be ignored on CIP branches
    
    The components affected by these issues are not enabled by any members
    on some of the CIP branches.
    
    Signed-off-by: Ben Hutchings <ben.hutchings@...>
    
  • 83a64e32
    by Ben Hutchings at 2019-08-27T17:29:07Z
    Merge branch 'bwh/update-issues' into 'master'
    
    Update issues
    
    See merge request cip-project/cip-kernel/cip-kernel-sec!9

25 changed files:

Changes:

  • issues/CVE-2016-10905.yml
    1 1
     description: 'GFS2: don''t set rgrp gl_object until it''s inserted into rgrp tree'
    
    2
    +references:
    
    3
    +- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10905
    
    4
    +- https://git.kernel.org/linus/36e4ad0316c017d5b271378ed9a1c9a4b77fab5f
    
    5
    +- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=36e4ad0316c017d5b271378ed9a1c9a4b77fab5f
    
    2 6
     fixed-by:
    
    3 7
       mainline: [36e4ad0316c017d5b271378ed9a1c9a4b77fab5f]
    
    4 8
     ignore:
    

  • issues/CVE-2016-10906.yml
    1 1
     description: 'net: arc_emac: fix koops caused by sk_buff free'
    
    2
    +references:
    
    3
    +- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10906
    
    4
    +- https://git.kernel.org/linus/c278c253f3d992c6994d08aa0efb2b6806ca396f
    
    5
    +- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c278c253f3d992c6994d08aa0efb2b6806ca396f
    
    2 6
     fixed-by:
    
    3 7
       mainline: [c278c253f3d992c6994d08aa0efb2b6806ca396f]
    
    4 8
     ignore:
    

  • issues/CVE-2018-20976.yml
    1 1
     description: 'xfs: clear sb->s_fs_info on mount failure'
    
    2
    +references:
    
    3
    +- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20976
    
    4
    +- https://git.kernel.org/linus/c9fbd7bbc23dbdd73364be4d045e5d3612cf6e82
    
    5
    +- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c9fbd7bbc23dbdd73364be4d045e5d3612cf6e82
    
    2 6
     fixed-by:
    
    3 7
       mainline: [c9fbd7bbc23dbdd73364be4d045e5d3612cf6e82]
    
    4 8
     ignore:
    

  • issues/CVE-2019-13648.yml
    ... ... @@ -24,3 +24,5 @@ fixed-by:
    24 24
     ignore:
    
    25 25
       linux-4.19.y-cip: No members are using powerpc
    
    26 26
       linux-4.19.y-cip-rt: No members are using powerpc
    
    27
    +  linux-4.4.y-cip: No members are using powerpc
    
    28
    +  linux-4.4.y-cip-rt: No members are using powerpc

  • issues/CVE-2019-14283.yml
    ... ... @@ -17,3 +17,4 @@ fixed-by:
    17 17
     ignore:
    
    18 18
       linux-4.19.y-cip: No members enable the floppy driver
    
    19 19
       linux-4.19.y-cip-rt: No members enable the floppy driver
    
    20
    +  linux-4.4.y-cip: No members enable the floppy driver

  • issues/CVE-2019-14284.yml
    ... ... @@ -17,3 +17,4 @@ fixed-by:
    17 17
     ignore:
    
    18 18
       linux-4.19.y-cip: No members enable the floppy driver
    
    19 19
       linux-4.19.y-cip-rt: No members enable the floppy driver
    
    20
    +  linux-4.4.y-cip: No members enable the floppy driver

  • issues/CVE-2019-15117.yml
    ... ... @@ -3,8 +3,17 @@ references:
    3 3
     - https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=daac07156b330b18eb5071aec4b3ddca1c377f2c
    
    4 4
     - https://lore.kernel.org/lkml/20190814023625.21683-1-benquike@.../
    
    5 5
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15117
    
    6
    +comments:
    
    7
    +  Ubuntu-tyhicks: |-
    
    8
    +    The parse_audio_mixer_unit() function has changed its handling of the
    
    9
    +     input pins and source ID over time but I believe that it is vulnerable all
    
    10
    +     the way back to the start of git history.
    
    11
    +reporters:
    
    12
    +- Hui Peng
    
    13
    +- Mathias Payer
    
    14
    +introduced-by:
    
    15
    +  mainline: [1da177e4c3f41524e886b7f1b8a0c1fc7321cac2]
    
    6 16
     fixed-by:
    
    7 17
       mainline: [daac07156b330b18eb5071aec4b3ddca1c377f2c]
    
    8 18
     ignore:
    
    9
    -  linux-4.19.y-cip-rt: No member enables USB audio
    
    10 19
       linux-4.4.y-cip-rt: No member enables USB audio

  • issues/CVE-2019-15118.yml
    ... ... @@ -7,8 +7,12 @@ comments:
    7 7
       Debian-bwh: |-
    
    8 8
         This is actually a stack overflow (unbounded recursion), not a
    
    9 9
         stack buffer overflow.
    
    10
    +reporters:
    
    11
    +- Hui Peng
    
    12
    +- Mathias Payer
    
    13
    +introduced-by:
    
    14
    +  mainline: [1da177e4c3f41524e886b7f1b8a0c1fc7321cac2]
    
    10 15
     fixed-by:
    
    11 16
       mainline: [19bce474c45be69a284ecee660aa12d8f1e88f18]
    
    12 17
     ignore:
    
    13
    -  linux-4.19.y-cip-rt: No member enables USB audio
    
    14 18
       linux-4.4.y-cip-rt: No member enables USB audio

  • issues/CVE-2019-15211.yml
    1
    +description: 'media: radio-raremono: change devm_k*alloc to k*alloc'
    
    2
    +references:
    
    3
    +- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15211
    
    4
    +- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.6
    
    5
    +- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c666355e60ddb4748ead3bdd983e3f7f2224aaf0
    
    6
    +- https://syzkaller.appspot.com/bug?id=775f90f43cfd6f8ac6c15251ce68e604453da226
    
    7
    +comments:
    
    8
    +  Debian-bwh: |-
    
    9
    +    Introduced in 3.14 by commit 21326c461e10 "[media] radio-raremono:
    
    10
    +    add support for 'Thanko's Raremono' AM/FM/SW USB device".
    
    11
    +introduced-by:
    
    12
    +  mainline: [21326c461e10431767e817e858e66113336d361c]
    
    13
    +fixed-by:
    
    14
    +  linux-4.19.y: [b3836af8560e27cd0d27940ff9c5a08b90b8d256]
    
    15
    +  linux-4.9.y: [4c0a7ec4b98f2e75ac974140291d3c8c6642145c]
    
    16
    +ignore:
    
    17
    +  linux-4.19.y-cip: No member enables radio-raremono
    
    18
    +  linux-4.19.y-cip-rt: No member enables radio-raremono
    
    19
    +  linux-4.4.y-cip: No member enables radio-raremono
    
    20
    +  linux-4.4.y-cip-rt: No member enables radio-raremono

  • issues/CVE-2019-15212.yml
    1
    +description: 'USB: rio500: refuse more than one device at a time'
    
    2
    +references:
    
    3
    +- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15212
    
    4
    +- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.8
    
    5
    +- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3864d33943b4a76c6e64616280e98d2410b1190f
    
    6
    +- https://syzkaller.appspot.com/bug?id=64aa96c96f594a77eb8d945df21ec76dd35573b3
    
    7
    +fixed-by:
    
    8
    +  linux-4.14.y: [f18227d08e6b50717e1560a86fbebda0ca911507]
    
    9
    +  linux-4.19.y: [d2d93077bac37c6895d8c58f564699a3a897c5db]
    
    10
    +  linux-4.19.y-cip: [d2d93077bac37c6895d8c58f564699a3a897c5db]
    
    11
    +  linux-4.19.y-cip-rt: [d2d93077bac37c6895d8c58f564699a3a897c5db]
    
    12
    +  linux-4.4.y: [b92be99a0c8b2c1c66fe37f1fb21ef069c7732f1]
    
    13
    +  linux-4.4.y-cip: [b92be99a0c8b2c1c66fe37f1fb21ef069c7732f1]
    
    14
    +  linux-4.4.y-cip-rt: [b92be99a0c8b2c1c66fe37f1fb21ef069c7732f1]
    
    15
    +  linux-4.9.y: [6496f8ef3242b57f285e5c89134ad95dec17ab62]
    
    16
    +  mainline: [3864d33943b4a76c6e64616280e98d2410b1190f]
    
    17
    +ignore:
    
    18
    +  linux-4.19.y-cip: No member enables rio500
    
    19
    +  linux-4.19.y-cip-rt: No member enables rio500
    
    20
    +  linux-4.4.y-cip: No member enables rio500

  • issues/CVE-2019-15213.yml
    1
    +description: 'media: dvb: usb: use after free in dvb_usb_device_exit'
    
    2
    +references:
    
    3
    +- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15213
    
    4
    +- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3
    
    5
    +- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cf97230cd5f36b7665099083272595c55d72be7
    
    6
    +- https://syzkaller.appspot.com/bug?id=a53c9c9dd2981bfdbfbcbc1ddbd35595eda8bced
    
    7
    +comments:
    
    8
    +  Debian-bwh: |-
    
    9
    +    This is supposed to be fixed by commit 6cf97230cd5f "media: dvb:
    
    10
    +    usb: fix use after free in dvb_usb_device_exit", but that won't fix
    
    11
    +    the syzkaller report it claims to.  The KASAN output shows an 8-byte
    
    12
    +    access to memory that was allocated in dw2102_probe(), apparently by
    
    13
    +    the statement "s421 = kmemdup(...)".  But it was also freed by
    
    14
    +    dw2102_probe(), so d->desc was already a dangling pointer before
    
    15
    +    dvb_usb_device_exit() was called.
    
    16
    +    The name strings seem to be static data that are only freed when
    
    17
    +    the module containing them is unloaded.  Which dvb_usb_device_exit()
    
    18
    +    doesn't do.
    
    19
    +    Introduced in 4.19 by commit 299c7007e936 "media: dw2102: Fix
    
    20
    +    memleak on sequence of probes".
    
    21
    +introduced-by:
    
    22
    +  linux-4.14.y: [6b7c7186c210df8fd3f2bd6f074715f4ac07979b]
    
    23
    +  mainline: [299c7007e93645067e1d2743f4e50156de78c4ff]
    
    24
    +ignore:
    
    25
    +  linux-4.19.y-cip: No member enables dw2102
    
    26
    +  linux-4.19.y-cip-rt: No member enables dw2102
    
    27
    +  linux-4.4.y-cip: No member enables dw2102
    
    28
    +  linux-4.4.y-cip-rt: No member enables dw2102

  • issues/CVE-2019-15214.yml
    1
    +description: ''
    
    2
    +references:
    
    3
    +- https://syzkaller.appspot.com/bug?id=75903e0021cef79bc434d068b5169b599b2a46a9
    
    4
    +- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15214
    
    5
    +- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10
    
    6
    +- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2a3f7221acddfe1caa9ff09b3a8158c39b2fdeac
    
    7
    +- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8c2f870890fd28e023b0fcf49dcee333f2c8bad7
    
    8
    +comments:
    
    9
    +  Debian-carnil: Check if 3.16-upstream-stable fixes complete.
    
    10
    +fixed-by:
    
    11
    +  linux-3.16.y: [dbcb50792a5175b222c181bafa51f470550ba827]
    
    12
    +  linux-4.14.y: [d11a33e9ba584bb6f5cc74df9d74b26156ba9bb2, 216f6570d18bcd06975205b8af1708ea10a1baf6]
    
    13
    +  linux-4.19.y: [b50e435df2d8b9a1d3e956e1c767dfc7e30a441b, 8a6f2ea0c3dd3de75cc344fe8d216457287a2ab2]
    
    14
    +  linux-4.19.y-cip: [b50e435df2d8b9a1d3e956e1c767dfc7e30a441b, 8a6f2ea0c3dd3de75cc344fe8d216457287a2ab2]
    
    15
    +  linux-4.19.y-cip-rt: [b50e435df2d8b9a1d3e956e1c767dfc7e30a441b, 8a6f2ea0c3dd3de75cc344fe8d216457287a2ab2]
    
    16
    +  linux-4.4.y: [f94135f92d97d85444691bcc4f79784d995a5458, abc81720ea872ba9b1fa6ac17e837456869b2281]
    
    17
    +  linux-4.4.y-cip: [f94135f92d97d85444691bcc4f79784d995a5458, abc81720ea872ba9b1fa6ac17e837456869b2281]
    
    18
    +  linux-4.4.y-cip-rt: [f94135f92d97d85444691bcc4f79784d995a5458, abc81720ea872ba9b1fa6ac17e837456869b2281]
    
    19
    +  linux-4.9.y: [d944299e7a6fce01db3603bc55d51ef336c19cc4, a9f62dc69942e2a9aeedd9f5d238674cf1882138]
    
    20
    +  mainline: [2a3f7221acddfe1caa9ff09b3a8158c39b2fdeac, 8c2f870890fd28e023b0fcf49dcee333f2c8bad7]

  • issues/CVE-2019-15215.yml
    1
    +description: 'media: cpia2_usb: first wake up, then free in disconnect'
    
    2
    +references:
    
    3
    +- https://syzkaller.appspot.com/bug?id=b68d3c254cf294f8a802582094fa3251d6de5247
    
    4
    +- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15215
    
    5
    +- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.6
    
    6
    +- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=eff73de2b1600ad8230692f00bc0ab49b166512a
    
    7
    +comments:
    
    8
    +  Debian-bwh: |-
    
    9
    +    Maybe introduced in 3.5 by commit 6c493f8b28c6 "[media] cpia2:
    
    10
    +    major overhaul to get it in a working state again", but might be
    
    11
    +    older.
    
    12
    +fixed-by:
    
    13
    +  linux-4.14.y: [3566a98e59b5cb19829d21bfe18cd396812ce15e]
    
    14
    +  linux-4.19.y: [8b44cc225e6024174508164931cab9f01c79dca2]
    
    15
    +  linux-4.19.y-cip: [8b44cc225e6024174508164931cab9f01c79dca2]
    
    16
    +  linux-4.4.y: [63a80df0ea2b94813f60e8372f9ee93856bcfd5b]
    
    17
    +  linux-4.4.y-cip: [63a80df0ea2b94813f60e8372f9ee93856bcfd5b]
    
    18
    +  linux-4.9.y: [0b8a71a8bd2129ca9cc115195fd9630564765772]
    
    19
    +  linux-5.2.y: [7951663c80a558ac97978e19ba893f9f6d3dec3d]
    
    20
    +  mainline: [eff73de2b1600ad8230692f00bc0ab49b166512a]
    
    21
    +ignore:
    
    22
    +  linux-4.19.y-cip: No member enables cpia2
    
    23
    +  linux-4.19.y-cip-rt: No member enables cpia2
    
    24
    +  linux-4.4.y-cip: No member enables cpia2
    
    25
    +  linux-4.4.y-cip-rt: No member enables cpia2

  • issues/CVE-2019-15216.yml
    1
    +description: 'USB: yurex: Fix protection fault after device removal'
    
    2
    +references:
    
    3
    +- https://syzkaller.appspot.com/bug?id=f0b1f2952022c75394c0eef2afeb17af90f9227e
    
    4
    +- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15216
    
    5
    +- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.14
    
    6
    +- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef61eb43ada6c1d6b94668f0f514e4c268093ff3
    
    7
    +fixed-by:
    
    8
    +  linux-3.16.y: [5133454a1f3a7f22412ab083f7ff53f822d50f49]
    
    9
    +  linux-4.14.y: [5696fa3f42168ee33256c0b0b72ca963d224327f]
    
    10
    +  linux-4.19.y: [9f632afe4f3989d77fdbf8ac6a015d6beb03ccb9]
    
    11
    +  linux-4.19.y-cip: [9f632afe4f3989d77fdbf8ac6a015d6beb03ccb9]
    
    12
    +  linux-4.19.y-cip-rt: [9f632afe4f3989d77fdbf8ac6a015d6beb03ccb9]
    
    13
    +  linux-4.4.y: [438b075fc77d63472892df735fe2a27d3f23dcbf]
    
    14
    +  linux-4.4.y-cip: [438b075fc77d63472892df735fe2a27d3f23dcbf]
    
    15
    +  linux-4.4.y-cip-rt: [438b075fc77d63472892df735fe2a27d3f23dcbf]
    
    16
    +  linux-4.9.y: [965cc8406cf38d6e535b264f5906211c3e5e33b7]
    
    17
    +  mainline: [ef61eb43ada6c1d6b94668f0f514e4c268093ff3]

  • issues/CVE-2019-15217.yml
    1
    +description: 'media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap'
    
    2
    +references:
    
    3
    +- https://syzkaller.appspot.com/bug?id=9c0c178c24d828a7378f483309001329750aad64
    
    4
    +- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15217
    
    5
    +- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3
    
    6
    +- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d2e73a5f80a5b5aff3caf1ec6d39b5b3f54b26e
    
    7
    +comments:
    
    8
    +  Debian-bwh: |-
    
    9
    +    Introduced in 2.6.32 by commit ccbf035ae5de "V4L/DVB (12278): zr364xx:
    
    10
    +    implement V4L2_CAP_STREAMING".
    
    11
    +introduced-by:
    
    12
    +  mainline: [ccbf035ae5de4c535160fc99f73feb44cc55b534]
    
    13
    +fixed-by:
    
    14
    +  linux-5.2.y: [702fc0f88dc5d6124594abafc678d7c3d6022863]
    
    15
    +  mainline: [5d2e73a5f80a5b5aff3caf1ec6d39b5b3f54b26e]
    
    16
    +ignore:
    
    17
    +  linux-4.19.y-cip: No member enables zr364xx
    
    18
    +  linux-4.19.y-cip-rt: No member enables zr364xx
    
    19
    +  linux-4.4.y-cip: No member enables zr364xx
    
    20
    +  linux-4.4.y-cip-rt: No member enables zr364xx

  • issues/CVE-2019-15218.yml
    1
    +description: 'media: usb: siano: Fix general protection fault in smsusb'
    
    2
    +references:
    
    3
    +- https://syzkaller.appspot.com/bug?id=4a5d7c8c2b6dbedb5b7218c6d7e8666bd2387517
    
    4
    +- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15218
    
    5
    +- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.8
    
    6
    +- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=31e0456de5be379b10fea0fa94a681057114a96e
    
    7
    +comments:
    
    8
    +  Debian-bwh: |-
    
    9
    +    Introduced in 2.6.27 by commit 2e5c1ec8865a "V4L/DVB (8258): add support
    
    10
    +    for SMS1010 and SMS1150 based digital television devices".
    
    11
    +introduced-by:
    
    12
    +  mainline: [2e5c1ec8865abd81e24a394918c7ba315e0b7b70]
    
    13
    +fixed-by:
    
    14
    +  linux-4.14.y: [5a7adcda3de26a44fc0fa3f68199358b1527daf4]
    
    15
    +  linux-4.19.y: [35b1044566528b26d48b31a52069f45851d49885]
    
    16
    +  linux-4.19.y-cip: [35b1044566528b26d48b31a52069f45851d49885]
    
    17
    +  linux-4.19.y-cip-rt: [35b1044566528b26d48b31a52069f45851d49885]
    
    18
    +  linux-4.4.y: [b1782be70e1e281216f58ba283a0e55ad6364aaf]
    
    19
    +  linux-4.4.y-cip: [b1782be70e1e281216f58ba283a0e55ad6364aaf]
    
    20
    +  linux-4.4.y-cip-rt: [b1782be70e1e281216f58ba283a0e55ad6364aaf]
    
    21
    +  linux-4.9.y: [6ecd1809002699377d2b3b95b170d636f8a60eb4]
    
    22
    +  mainline: [31e0456de5be379b10fea0fa94a681057114a96e]

  • issues/CVE-2019-15219.yml
    1
    +description: 'USB: sisusbvga: fix oops in error path of sisusb_probe'
    
    2
    +references:
    
    3
    +- https://syzkaller.appspot.com/bug?id=aaf6794922521df1c35c81e32cb2d0bb6a351e7b
    
    4
    +- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15219
    
    5
    +- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.8
    
    6
    +- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9a5729f68d3a82786aea110b1bfe610be318f80a
    
    7
    +comments:
    
    8
    +  Debian-bwh: |-
    
    9
    +    Introduced in 2.6.24 by commit 7b5cd5fefbe0 "USB: SisUSB2VGA: Convert
    
    10
    +    printk to dev_* macros".
    
    11
    +introduced-by:
    
    12
    +  mainline: [7b5cd5fefbe023625a7ff7604e8beb9a15a9efab]
    
    13
    +fixed-by:
    
    14
    +  linux-4.14.y: [47ffaae93ea154ae149315389a30780fa3189caf]
    
    15
    +  linux-4.19.y: [d27ea5e9eb4ac45e0e4cf8250a45aa06b0944787]
    
    16
    +  linux-4.19.y-cip: [d27ea5e9eb4ac45e0e4cf8250a45aa06b0944787]
    
    17
    +  linux-4.19.y-cip-rt: [d27ea5e9eb4ac45e0e4cf8250a45aa06b0944787]
    
    18
    +  linux-4.4.y: [30e66d7d2fb978f7b59fbf6106bdc1092acbb7ef]
    
    19
    +  linux-4.4.y-cip: [30e66d7d2fb978f7b59fbf6106bdc1092acbb7ef]
    
    20
    +  linux-4.4.y-cip-rt: [30e66d7d2fb978f7b59fbf6106bdc1092acbb7ef]
    
    21
    +  linux-4.9.y: [a45f178bcbf22d4c5c6e76dcc26e2b849cda6408]
    
    22
    +  mainline: [9a5729f68d3a82786aea110b1bfe610be318f80a]

  • issues/CVE-2019-15220.yml
    1
    +description: 'p54usb: Fix race between disconnect and firmware loading'
    
    2
    +references:
    
    3
    +- https://syzkaller.appspot.com/bug?id=082c09653e43e33a6a56f8c57cf051eeacae9d5f
    
    4
    +- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15220
    
    5
    +- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.1
    
    6
    +- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6e41e2257f1094acc37618bf6c856115374c6922
    
    7
    +comments:
    
    8
    +  Debian-bwh: |-
    
    9
    +    Probably introduced in 3.5 by commit 5612a508d11f "p54usb: Load firmware
    
    10
    +    asynchronously".
    
    11
    +introduced-by:
    
    12
    +  mainline: [5612a508d11f81c1ca3290260f86328dfb55d513]
    
    13
    +fixed-by:
    
    14
    +  linux-4.14.y: [c760ecb74f84f729ae31b9fbc6b772923cdc78df]
    
    15
    +  linux-4.19.y: [449a8d08a4bc45101fa26e6d233b98258d33620a]
    
    16
    +  linux-4.19.y-cip: [449a8d08a4bc45101fa26e6d233b98258d33620a]
    
    17
    +  linux-4.9.y: [feca0ce34518f69447d0d13cd431d0eef647a794]
    
    18
    +  linux-5.2.y: [9baa5b4925da756e7a47444514bc88a6818d300f]
    
    19
    +  mainline: [6e41e2257f1094acc37618bf6c856115374c6922]
    
    20
    +ignore:
    
    21
    +  linux-4.4.y-cip: No member enables p54usb
    
    22
    +  linux-4.4.y-cip-rt: No member enables p54usb

  • issues/CVE-2019-15221.yml
    1
    +description: 'ALSA: line6: Fix write on zero-sized buffer'
    
    2
    +references:
    
    3
    +- https://syzkaller.appspot.com/bug?id=240f09164db2c3d3af33a117c713dc7650dc29d6
    
    4
    +- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15221
    
    5
    +- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17
    
    6
    +- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3450121997ce872eb7f1248417225827ea249710
    
    7
    +comments:
    
    8
    +  Ubuntu-tyhicks: |-
    
    9
    +    Setting priority to low since this issue requires a malicious piece
    
    10
    +     of hardware to be exploited
    
    11
    +fixed-by:
    
    12
    +  linux-4.14.y: [37eaa74451c1003a6bec548c957890c264559463]
    
    13
    +  linux-4.19.y: [7f52af5e9baa9c478edcecdd4058eeef2835b1c3]
    
    14
    +  linux-4.19.y-cip: [7f52af5e9baa9c478edcecdd4058eeef2835b1c3]
    
    15
    +  linux-4.9.y: [8b449e9dc215e47641c4737a199b7767ffd032a9]
    
    16
    +  mainline: [3450121997ce872eb7f1248417225827ea249710]
    
    17
    +ignore:
    
    18
    +  linux-4.19.y-cip: No member enables line6
    
    19
    +  linux-4.19.y-cip-rt: No member enables line6
    
    20
    +  linux-4.4.y-cip: No member enables line6
    
    21
    +  linux-4.4.y-cip-rt: No member enables line6

  • issues/CVE-2019-15222.yml
    1
    +description: 'ALSA: usb-audio: Fix gpf in snd_usb_pipe_sanity_check'
    
    2
    +references:
    
    3
    +- https://syzkaller.appspot.com/bug?id=3ec1dad62657fef22282536d7532dbb65eee778a
    
    4
    +- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15222
    
    5
    +- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.8
    
    6
    +- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d78e1c2b7f4be00bbe62141603a631dc7812f35
    
    7
    +comments:
    
    8
    +  Debian-bwh: |-
    
    9
    +    Introduced in 5.3-rc1 by commit 801ebf1043ae "ALSA: usb-audio: Sanity
    
    10
    +    checks for each pipe and EP types" (!).  Both the breaking and fixing
    
    11
    +    commits were backported in 5.2.8.
    
    12
    +introduced-by:
    
    13
    +  linux-5.2.y: [f7795140ac4aaf867e84d202f6107921a358e50f]
    
    14
    +  mainline: [801ebf1043ae7b182588554cc9b9ad3c14bc2ab5]
    
    15
    +fixed-by:
    
    16
    +  linux-5.2.y: [bcbfb3efab0671590a14c7baf104173e49b7b248]
    
    17
    +  mainline: [5d78e1c2b7f4be00bbe62141603a631dc7812f35]

  • issues/CVE-2019-15223.yml
    1
    +description: 'ALSA: line6: Assure canceling delayed work at disconnection'
    
    2
    +references:
    
    3
    +- https://syzkaller.appspot.com/bug?id=0c1e517c657d3de2361cb0cc2d3a8663c25039a7
    
    4
    +- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15223
    
    5
    +- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.8
    
    6
    +- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0b074ab7fc0d575247b9cc9f93bb7e007ca38840
    
    7
    +comments:
    
    8
    +  Debian-bwh: |-
    
    9
    +    Introduced in 5.2-rc1 by commit 7f84ff68be05 "ALSA: line6: toneport: Fix
    
    10
    +    broken usage of timer for delayed execution".  This was backported
    
    11
    +    into 4.19.45.
    
    12
    +introduced-by:
    
    13
    +  linux-4.19.y: [741e3efd8174fbc4278bc3dd8d3d5a3caab7f2c5]
    
    14
    +  linux-4.19.y-cip: [741e3efd8174fbc4278bc3dd8d3d5a3caab7f2c5]
    
    15
    +  linux-4.19.y-cip-rt: [741e3efd8174fbc4278bc3dd8d3d5a3caab7f2c5]
    
    16
    +  mainline: [7f84ff68be05ec7a5d2acf8fdc734fe5897af48f]
    
    17
    +fixed-by:
    
    18
    +  linux-4.19.y: [eb2eeec920fb1b9b6faf8ea340f6295a2d03602b]
    
    19
    +  linux-4.19.y-cip: [eb2eeec920fb1b9b6faf8ea340f6295a2d03602b]
    
    20
    +  linux-4.19.y-cip-rt: [eb2eeec920fb1b9b6faf8ea340f6295a2d03602b]
    
    21
    +  mainline: [0b074ab7fc0d575247b9cc9f93bb7e007ca38840]

  • issues/CVE-2019-tcp-reconnect-uaf.ymlissues/CVE-2019-15239.yml
    1
    -description: TCP reconnection use-after-free
    
    1
    +description: |-
    
    2
    +  In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was
    
    3
    +  properly incorporated into 4.16.12, was incorrectly backported to the
    
    4
    +  earlier longterm kernels, introducing a new vulnerability that was
    
    5
    +  potentially more severe than the issue that was intended to be fixed by
    
    6
    +  backporting. Specifically, by adding to a write queue between disconnection
    
    7
    +  and re-connection, a local attacker can trigger multiple use-after-free
    
    8
    +  conditions. This can result in a kernel crash, or potentially in privilege
    
    9
    +  escalation. NOTE: this affects (for example) Linux distributions that use
    
    10
    +  4.9.x longterm kernels before 4.9.190 or 4.14.x longterm kernels before
    
    11
    +  4.14.139.
    
    2 12
     references:
    
    3
    -- https://lore.kernel.org/stable/20190813115317.6cgml2mckd3c6u7z@.../
    
    13
    +- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15239
    
    4 14
     - https://pulsesecurity.co.nz/advisories/linux-kernel-4.9-tcpsocketsuaf
    
    15
    +- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7f582b248d0a86bae5788c548d7bb5bca6f7691a
    
    16
    +- https://lore.kernel.org/stable/41a61a2f87691d2bc839f26cdfe6f5ff2f51e472.camel@.../
    
    17
    +- https://salsa.debian.org/kernel-team/kernel-sec/blob/f6273af2d956a87296b6b60379d0a186c9be4bbc/active/CVE-2019-15239
    
    18
    +- https://www.debian.org/security/2019/dsa-4497
    
    5 19
     comments:
    
    6 20
       Debian-bwh: |-
    
    7 21
         Introduced by backports of commit 7f582b248d0a
    
    8 22
         "tcp: purge write queue in tcp_connect_init()" to stable.
    
    9 23
         Upstream avoided this issue due to the earlier commit
    
    10 24
         75c119afe14f "tcp: implement rb-tree based retransmit queue".
    
    25
    +  Debian-carnil: |-
    
    26
    +    As pointed out by Ben, in https://lore.kernel.org/stable/41a61a2f87691d2bc839f26cdfe6f5ff2f51e472.camel@.../
    
    27
    +    the issue got already fixed by dbbf2d1e4077 ("tcp: reset
    
    28
    +    sk_send_head in tcp_write_queue_purge") in 4.14.32, which got
    
    29
    +    backported to 4.4.187 and 4.9.187.
    
    11 30
     introduced-by:
    
    12 31
       linux-3.16.y: [0da162e05f65a8073ef1dc3c7598b82a9b9caa70]
    
    13 32
       linux-3.18.y: [85611642047443ea8567f5cccc4c282fedde11b6]
    
    ... ... @@ -18,4 +37,8 @@ introduced-by:
    18 37
       linux-4.9.y: [74a4c09d4b05c67ed6bd6aed088a5552f4f64aaa]
    
    19 38
       mainline: never
    
    20 39
     fixed-by:
    
    21
    -  linux-4.14.y: [e99e7745d03fc50ba7c5b7c91c17294fee2d5991]
    40
    +  linux-3.16.y: [3157fbc900bdb366b2186e5a6e506cc5e4697cf0]
    
    41
    +  linux-4.14.y: [dbbf2d1e4077bab0c65ece2765d3fc69cf7d610f]
    
    42
    +  linux-4.4.y: [8f0b77b71f3fec09f86f80cd98c36a1a35109499]
    
    43
    +  linux-4.4.y-cip: [8f0b77b71f3fec09f86f80cd98c36a1a35109499]
    
    44
    +  linux-4.9.y: [704533394e488a109fe46ab3693315376c3824d5]

  • issues/CVE-2019-15290.yml
    1
    +description: general protection fault in ath6kl_usb_alloc_urb_from_pipe
    
    2
    +references:
    
    3
    +- https://syzkaller.appspot.com/bug?id=cd8b9cfe50a0bf36ee19eda2d7e2e06843dfbeaf
    
    4
    +- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15290
    
    5
    +- https://www.openwall.com/lists/oss-security/2019/08/20/2
    
    6
    +- http://www.openwall.com/lists/oss-security/2019/08/20/2

  • issues/CVE-2019-15291.yml
    1
    +description: general protection fault in flexcop_usb_probe
    
    2
    +references:
    
    3
    +- https://syzkaller.appspot.com/bug?id=c0203bd72037d07493f4b7562411e4f5f4553a8f
    
    4
    +- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15291
    
    5
    +- https://www.openwall.com/lists/oss-security/2019/08/20/2
    
    6
    +- http://www.openwall.com/lists/oss-security/2019/08/20/2
    
    7
    +ignore:
    
    8
    +  linux-4.19.y-cip: No member enables flexcop
    
    9
    +  linux-4.19.y-cip-rt: No member enables flexcop
    
    10
    +  linux-4.4.y-cip: No member enables flexcop
    
    11
    +  linux-4.4.y-cip-rt: No member enables flexcop

  • issues/CVE-2019-15292.yml
    1
    +description: 'appletalk: Fix use-after-free in atalk_proc_exit'
    
    2
    +references:
    
    3
    +- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15292
    
    4
    +- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.9
    
    5
    +- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6377f787aeb945cae7abbb6474798de129e1f3ac
    
    6
    +fixed-by:
    
    7
    +  linux-4.14.y: [0ba1fa56351e6e9c2f8db4ffc823cb7057e4ea82]
    
    8
    +  linux-4.19.y: [6c42507f426b40c63e8eb98ce6dd4afbc7efcdb5]
    
    9
    +  linux-4.19.y-cip: [6c42507f426b40c63e8eb98ce6dd4afbc7efcdb5]
    
    10
    +  linux-4.19.y-cip-rt: [6c42507f426b40c63e8eb98ce6dd4afbc7efcdb5]
    
    11
    +  linux-4.4.y: [d49a75f5add4543eb138fb0a8fe0560fb276352e]
    
    12
    +  linux-4.4.y-cip: [d49a75f5add4543eb138fb0a8fe0560fb276352e]
    
    13
    +  linux-4.4.y-cip-rt: [d49a75f5add4543eb138fb0a8fe0560fb276352e]
    
    14
    +  linux-4.9.y: [057a0da1899f00a4ac9a4c4c452cf2cf652bdbf0]
    
    15
    +  mainline: [6377f787aeb945cae7abbb6474798de129e1f3ac]

  • Join cip-dev@lists.cip-project.org to automatically receive all group messages.