Hi ! It's this week's CVE report. * CVE short summary ** New CVEs CVE-2021-3635: There is no detailed information as of 2021/08/12 CVE-2021-38160: mainline and stable kernels are fixed. CVE-2021-38166: Fixed in bfp tree. Not fixed in mainline as of 2021/08/12 CVE-2021-38198: mainline and v5.10 are fixed as of 2021/08/12 CVE-2021-38199: mainline, v4.19, and v5.X kernels are fixed. This CVE introduced by commit 5c6e5b6 which is in since v4.8-rc1 CVE-2021-38200: This CVE only affects PowerPC architecture CVE-2021-38201: This CVE is introduced since v5.11-rc1 so before 5.11 kernels aren't affected CVE-2021-38202: This CVE is introduced since v5.13-rc1 so before 5.13 kernels aren't affected CVE-2021-38203: This CVE is introduced since v5.13-rc1 so before 5.13 kernels aren't affected CVE-2021-38204: mainline and stable kernels are fixed CVE-2021-38205: mainline is fixed as of 2021/08/12 CVE-2021-38206: mainline and 5.10 are fixed. This CVE affects since v5.9 CVE-2021-38207: mainline and 5.10 are fixed. This CVE affects since v5.6-rc4 CVE-2021-38208: mainline and stable kernels are fixed as of 2021/08/21 CVE-2021-38209: mainline and 5.10 are fixed. This CVE is introduced since 5.7-rc1 so before 5.7 kernels aren't affected this CVE. ** Updated CVEs No update. ** Traking CVEs CVE-2021-31615: there is no fixed information as of 2021/08/12 CVE-2021-3640: there is no fixed information as of 2021/08/12 * CVE detail New CVEs CVE-2021-3635: flowtable list del corruption with kernel BUG at lib/list_debug.c:50 According to the redhat bugzilla, it said "A flaw was found in the Linux kernels netfilter implementation. A missing generation check during DELTABLE processing causes it to queue the DELFLOWTABLE operation a second time possibly leading to data corruption and denial of service. An attacker must have either root or CAP_SYS_ADMIN capabilities to exploit this flaw." However, there is no more detailed information as of 2021/08/12. Fixed status None CVE-2021-38160: virtio_console: Assure used length from device is limited Fixed status mainline: [d00d8da5869a2608e97cfede094dfc5e11462a46] stable/4.14: [56cf748562d3cbfd33d1ba2eb4a7603a5e20da88] stable/4.19: [b5fba782ccd3d12a14f884cd20f255fc9c0eec0c] stable/4.4: [187f14fb88a9e62d55924748a274816fe6f34de6] stable/4.9: [9e2b8368b2079437c6840f3303cb0b7bc9b896ee] stable/5.10: [f6ec306b93dc600a0ab3bb2693568ef1cc5f7f7a] stable/5.13: [21a06a244d2576f93cbc9ce9bf95814c2810c36a] stable/5.4: [52bd1bce8624acb861fa96b7c8fc2e75422dc8f7] CVE-2021-38166: bpf: Fix integer overflow involving bucket_size This CVE is introcued by commit 057996380a42 ("bpf: Add batch ops to all htab bpf map") which was in since 5.6-rc1. Fixed status None CVE-2021-38198: KVM: X86: MMU: Use the correct inherited permissions to get shadow page Fixed status mainline: [b1bd5cba3306691c771d558e94baa73e8b0b96b7] stable/5.10: [6b6ff4d1f349cb35a7c7d2057819af1b14f80437] CVE-2021-38199: NFSv4: Initialise connection to the server in nfs4_alloc_client() This CVE is introduced by commit 5c6e5b6 ("NFS: Fix an Oops in the pNFS files and flexfiles connection setup to the DS") which was in v4.8-rc1. So, v4.4 is not affected this CVE. Fixed status mainline: [dd99e9f98fbf423ff6d365b37a98e8879170f17c] stable/4.19: [743f6b973c8ba8a0a5ed15ab11e1d07fa00d5368] stable/5.10: [ff4023d0194263a0827c954f623c314978cf7ddd] stable/5.13: [b0bfac939030181177373f549398ba94c384713d] stable/5.4: [81e03fe5bf8f5f66b8a62429fb4832b11ec6b272] CVE-2021-38200: powerpc/perf: Fix crash with 'perf_instruction_pointer' when pmu is not set This CVE only affects PowerPC architecture so we don't have to track it. Fixed status mainline: [60b7ed54a41b550d50caf7f2418db4a7e75b5bdc] CVE-2021-38201: net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations. This CVE is introduced by commit 8d86e37 ("SUNRPC: Clean up helpers xdr_set_iov() and xdr_set_page_base()") which is in since v5.11-rc1. So, we don't have to track it. Fixed status mainline: [6d1c0f3d28f98ea2736128ed3e46821496dc3a8c] stable/5.13: [a02357d7532b88e97329bd7786c7e72601109704] CVE-2021-38202: fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is being used for nfsd. This CVE is introduced by commit 6019ce0 ("NFSD: Add a tracepoint to record directory entry encoding") which is in since v5.13-rc1. We don't have to track it. Fixed status mainline: [7b08cf62b1239a4322427d677ea9363f0ab677c6] stable/5.13: [7605bff387a9972038b217b6c60998778dbae931] CVE-2021-38203: btrfs: fix deadlock with concurrent chunk allocations involving system chunks This CVE is introduced since v5.13-rc1 so 5.10, 4.19, 4.4 kernels aren't affected. We don't have to track it. Fixed status mainline: [1cb3db1cf383a3c7dbda1aa0ce748b0958759947] stable/5.13: [789b24d9950d3e67b227f81b3fab912a8fb257af] CVE-2021-38204: usb: max-3421: Prevent corruption of freed memory Fixed status mainline: [b5fdf5c6e6bee35837e160c00ac89327bdad031b] stable/4.14: [edddc79c4391f8001095320d3ca423214b9aa4bf] stable/4.19: [51fc12f4d37622fa0c481604833f98f11b1cac4f] stable/4.4: [fc2a7c2280fa2be8ff9b5af702368fcd49a0acdb] stable/4.9: [ae3209b9fb086661ec1de4d8f4f0b951b272bbcd] stable/5.10: [7af54a4e221e5619a87714567e2258445dc35435] stable/5.13: [d4179cdb769a651f2ae89c325612a69bf6fbdf70] stable/5.4: [863d071dbcd54dacf47192a1365faec46b7a68ca] CVE-2021-38205: net: xilinx_emaclite: Do not print real IOMEM pointer xemaclite_of_probe() in drivers/net/ethernet/xilinx/xilinx_emaclite.c leaks kernel memory layout. Fixed status mainline: [d0d62baa7f505bd4c59cd169692ff07ec49dde37] stable/5.13: [8722275b41d5127048e1422a8a1b6370b4878533] CVE-2021-38206: mac80211: Fix NULL ptr deref for injected rate info This CVE is introduced by commit cb17ed2 ("mac80211: parse radiotap header when selecting Tx queue") which is in since 5.9-rc1. Therefore before 5.9 kernels aren't affected. Fixed status mainline: [bddc0c411a45d3718ac535a070f349be8eca8d48] stable/5.10: [f74df6e086083dc435f7500bdbc86b05277d17af] stable/5.4: [b6c0ab11c88fb016bfc85fa4f6f878f5f4263646] CVE-2021-38207: net: ll_temac: Fix TX BD buffer overwrite This CVE is introduced by commit 84823ff ("net: ll_temac: Fix race condition causing TX hang") which is in since v5.6-rc4. so before 5.6-rc kernels aren't affected. Fixed status mainline: [c364df2489b8ef2f5e3159b1dff1ff1fdb16040d] stable/5.10: [cfe403f209b11fad123a882100f0822a52a7630f] stable/5.4: [b6c0ab11c88fb016bfc85fa4f6f878f5f4263646] CVE-2021-38208: net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call. Fixed status mainline: [4ac06a1e013cf5fdd963317ffd3b968560f33bba] stable/4.14: [ffff05b9ee5c74c04bba2801c1f99b31975d74d9] stable/4.19: [93e4ac2a9979a9a4ecc158409ed9c3044dc0ae1f] stable/4.4: [eb6875d48590d8e564092e831ff07fa384d7e477] stable/4.9: [39c15bd2e5d11bcf7f4c3dba2aad9e1e110a5d94] stable/5.10: [48ee0db61c8299022ec88c79ad137f290196cac2] stable/5.4: [5d4c4b06ed9fb7a69d0b2e2a73fc73226d25ab70] CVE-2021-38209: net/netfilter/nf_conntrack_standalone.c in the Linux kernel before 5.12.2 allows observation of changes in any net namespace because these changes are leaked into all other net namespaces. This is related to the NF_SYSCTL_CT_MAX, NF_SYSCTL_CT_EXPECT_MAX, and NF_SYSCTL_CT_BUCKETS sysctls. This CVE is introduced by commit d0febd8 ("netfilter: conntrack: re-visit sysctls in unprivileged namespaces") which is in since 5.7-rc1. Therefore before 5.7 kernels aren't affected this CVE. Fixed status mainline: [2671fa4dc0109d3fb581bc3078fdf17b5d9080f6] stable/4.14: [68122479c128a929f8f7bdd951cfdc8dd0e75b8f] stable/4.19: [9b288479f7a901a14ce703938596438559d7df55] stable/4.9: [da50f56e826e1db141693297afb99370ebc160dd] stable/5.10: [d3598eb3915cc0c0d8cab42f4a6258ff44c4033e] stable/5.4: [baea536cf51f8180ab993e374cb134b5edad25e2] Updated CVEs No update. Currenty traking CVEs CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 There is no fixed information as of 2021/08/12. CVE-2021-3640: UAF in sco_send_frame function There is no fixed information as of 2021/08/12. Regards, -- Masami Ichikawa Cybertrust Japan Co., Ltd. Email :masami.ichikawa@cybertrust.co.jp :masami.ichikawa@miraclelinux.com