Hi!

> New CVEs
> 
> CVE-2020-3702: Specifically timed and handcrafted traffic can cause
> internal errors in a WLAN device that lead to improper layer 2 Wi-Fi
> encryption with a consequent possibility of information disclosure
> over the air for a discrete set of traffic
> 
> This CVE affects ath9k driver.
> 
> Fixed status
> 
> mainline: [56c5485c9e444c2e85e11694b6c44f1338fc20fd,
> 73488cb2fa3bb1ef9f6cf0d757f76958bd4deaca,
>   d2d3e36498dd8e0c83ea99861fac5cf9e8671226,
> 144cd24dbc36650a51f7fe3bf1424a1432f1f480,
>   ca2848022c12789685d3fab3227df02b863f9696]

At least some of the relevant fixes are queued for
5.10.61/4.19. Likely this will resolve itself.

> CVE-2021-3600: eBPF 32-bit source register truncation on div/mod
> 
> The vulnerability has been introduced since 4.15-rc9. 4.4 is not
> affected. 4.19 is not fixed yet as of 2021/08/26.
> 
> mainline: [e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90]
> stable/5.10: [1d16cc210fabd0a7ebf52d3025f81c2bde054a90]
> stable/5.4: [78e2f71b89b22222583f74803d14f3d90cdf9d12]

I took a look into this. Apparently 4.14 and 4.19 is affected. (
https://seclists.org/oss-sec/2021/q2/228 )

Due to BPF 32-bit subregister requirements (see bpf_design_QA.rst)
top 32 bits should be always zero when the 32 bit registers are in
use. So it could be possible to use BPF_JMP instead of BPF_JMP32.

Best regards,
							Pavel
-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany