[Git][security-tracker-team/security-tracker][master] Sync status of some linux CVEs with kernel-sec

Sat Apr 16 07:42:47 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3f22b0f6 by Salvatore Bonaccorso at 2022-04-16T08:42:12+02:00
Sync status of some linux CVEs with kernel-sec

Link: https://salsa.debian.org/kernel-team/kernel-sec/-/commit/f9f8979344f7df15c2e18998a60d541d13b6a12e

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1630,6 +1630,9 @@ CVE-2022-1271
 CVE-2022-1263
 	RESERVED
 	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	[stretch] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/04/07/1
 	NOTE: https://www.spinics.net/lists/kvm/msg273052.html
 CVE-2022-1249 [NULL pointer dereference in cms_set_pw_data()]
@@ -2251,6 +2254,7 @@ CVE-2022-28390 (ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux
 	NOTE: https://git.kernel.org/linus/c70222752228a62135cee3409dccefd494a24646 (5.18-rc1)
 CVE-2022-28389 (mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux ker ...)
 	- linux <unfixed>
+	[stretch] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/04c9b00ba83594a29813d6b1fb8fdc93a3915174 (5.18-rc1)
 CVE-2022-28388 (usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux ker ...)
 	- linux <unfixed>
@@ -5454,9 +5458,9 @@ CVE-2022-1016
 CVE-2022-1015
 	RESERVED
 	- linux 5.16.18-1
-	[bullseye] - linux <no-dsa> (Vulnerability exploitable only after 5.12-rc1)
-	[buster] - linux <no-dsa> (Vulnerability exploitable only after 5.12-rc1)
-	[stretch] - linux <no-dsa> (Vulnerability exploitable only after 5.12-rc1)
+	[bullseye] - linux <not-affected> (Vulnerability introduced later in 5.12-rc1)
+	[buster] - linux <not-affected> (Vulnerability introduced later in 5.12-rc1)
+	[stretch] - linux <not-affected> (Vulnerability introduced later in 5.12-rc1)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/03/28/5
 	NOTE: Introduced by: https://git.kernel.org/linus/49499c3e6e18b7677a63316f3ff54a16533dc28f (4.1-rc1)
 	NOTE: Exploitable after: https://git.kernel.org/linus/345023b0db315648ccc3c1a36aee88304a8b4d91 (5.12-rc1)
@@ -13314,6 +13318,8 @@ CVE-2022-0501 (Cross-site Scripting (XSS) - Reflected in Packagist ptrofimov/bea
 	NOT-FOR-US: beanstalk_console
 CVE-2022-0500 (A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leadi ...)
 	- linux 5.16.10-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	[stretch] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2044578
 CVE-2022-0499 (The Sermon Browser WordPress plugin through 0.45.22 does not have CSRF ...)
 	NOT-FOR-US: WordPress plugin
@@ -18977,6 +18983,8 @@ CVE-2022-0169 (The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not
 CVE-2022-0168
 	RESERVED
 	- linux <unfixed>
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	[stretch] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2037386
 CVE-2022-0167
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f22b0f6d94bdbd2b93ca491557d0a095a2ab39e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f22b0f6d94bdbd2b93ca491557d0a095a2ab39e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220416/496fe857/attachment.htm>
