[DATA] CVE-2022-1508, CVE-2023-2430, CVE-2023-6560 version information [io_uring]

[DerDakon]

Change Type Requested
Update

CVE id number
CVE-2022-1508
CVE-2023-2430
CVE-2023-6560

References
torvalds/linux@2b188cc

Additional context
io_uring was added in 5.1-rc1, so any issues can not date back to earlier kernels. I have not checked the introduction of individual sub-functions, just giving a more sensible lower bound than 2.6.12-rc2.

These are the 3 active issues that I found in the data file that have lower versions than 5.1-rc1 or unknown. Another candidate may be the rejected CVE-2022-20424 as it affects io_uring as well.

[yuta-hayama]

CVE id number
CVE-2022-1508

Ubuntu and SUSE Bugzilla indicate that the following commit is the cause of the issue:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=632546c4b5a4dad8e3ac456406c65c0db9a0b570

Therefore, the start version would be v5.11-rc1.

References
https://ubuntu.com/security/CVE-2022-1508
https://bugzilla.suse.com/show_bug.cgi?id=1198968#c1

---

CVE id number
CVE-2023-2430

Ubuntu and SUSE Bugzilla indicate that the following commit is the cause of the issue:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f57f06ce2186c31c3da52386125dc57b1cd6f96

Therefore, the start version would be v5.18-rc1.

References
https://ubuntu.com/security/CVE-2023-2430
https://bugzilla.suse.com/show_bug.cgi?id=1211014#c1