Hi all, > -----Original Message----- > From: cip-dev@lists.cip-project.org [mailto:cip-dev@lists.cip-project.org] On Behalf Of Masami Ichikawa > Sent: Thursday, September 16, 2021 9:44 AM > To: cip-dev > Subject: [cip-dev] New CVE entry this week > > Hi ! > > It's this week's CVE report. > > This week reported 4 new CVEs. > > * New CVEs > > CVE-2021-3744: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() > > This bug is in the AMD Cryptographic Coprocessor (CCP) driver. This > bug is related to CVE-2021-3744. > > In the cip-kernel-config directory, 4.4 kernel uses this driver. > > $ find . -type f | xargs grep -n "ccp-ops.c" > ./4.4.y-cip-rt/x86/siemens_i386-rt.sources:1716:drivers/crypto/ccp/ccp-ops.c > ./4.4.y-cip-rt/all.sources:3665:drivers/crypto/ccp/ccp-ops.c > > Fixed status > > Patch is available but it hasn't been merged yet. > > CVE-2021-3764: DoS in ccp_run_aes_gcm_cmd() function > > This vulnerability is a memory leak which will cause Dos attack. > This bug is in the AMD Cryptographic Coprocessor (CCP) driver. This > bug is related to CVE-2021-3764. > > Fixed status > > Patch is available but it hasn't been merged yet. > > CVE-2021-3752: UAF in bluetooth > > There is a use after free bug in bluetooth module. > > Fixed status > > This CVE hasn't been fixed in the mainline yet. > > CVE-2021-38300: bpf, mips: Validate conditional branch offsets > > This bug only affects bpf in mips architecture. Patch is available, > but hasn't been merged yet. > > Fixed status: > > Not yet. > > * Updated CVEs > > CVE-2021-40490: A race condition was discovered in > ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem > in the Linux kernel through 5.13.13 > > kernel 5.4 has been fixed. > > Fixed status > > mainline: [a54c4613dac1500b40e4ab55199f7c51f028e848] > stable/5.10: [09a379549620f122de3aa4e65df9329976e4cdf5] > stable/5.13: [c764e8fa4491da66780fcb30a0d43bfd3fccd12c] > stable/5.14: [f8ea208b3fbbc0546d71b47e8abaf98b0961dec1] > stable/5.4: [9b3849ba667af99ee99a7853a021a7786851b9fd] Note: This is included in the -rc release of other trees. 4.4.y-rc: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/commit/?h=linux-4.4.y&id=bfba6dcbeba21e153f80b203cdf95e19fbf6b094 4.19.y-rc: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/commit/?h=linux-4.19.y&id=05738f962071285a60b92d30fd4bbc5375d67df7 > > CVE-2021-3635: flowtable list del corruption with kernel BUG at > lib/list_debug.c:50 > > This vulnerability has been affected from 4.16-rc1 to 5.5-rc7. > Therefore 4.4 kernel, and above 5.5 kernels aren't affected. > > Fixed status > > cip/4.19: [8260ce5aeee4d7c4a6305e469edeae1066de2800] > cip/4.19-rt: [8260ce5aeee4d7c4a6305e469edeae1066de2800] > mainline: [335178d5429c4cee61b58f4ac80688f556630818] > stable/4.19: [8260ce5aeee4d7c4a6305e469edeae1066de2800] > stable/5.4: [8f4dc50b5c12e159ac846fdc00702c547fdf2e95] > > Currently tracking CVEs > > CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in > Bluetooth Core Specifications 4.0 through 5.2 > > There is no fix information. > > CVE-2021-3640: UAF in sco_send_frame function > > There is no fix information. > > CVE-2020-26555: BR/EDR pin code pairing broken > > No fix information > > CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning > > No fix information. > > CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh > Provisioning Leads to MITM > > No fix information. > > CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning > > No fix information. > > CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning > > No fix information. > > Best regards, Nobuhiro