RE: [cip-dev] New CVE entry this week

[<nobuhiro1.iwamatsu@toshiba.co.jp>]

Hi,

> -----Original Message-----
> From: cip-dev@lists.cip-project.org [mailto:cip-dev@lists.cip-project.org] On Behalf Of Masami Ichikawa
> Sent: Thursday, October 21, 2021 10:21 AM
> To: cip-dev <cip-dev@lists.cip-project.org>
> Subject: [cip-dev] New CVE entry this week
> 
> Hi !
> 
> It's this week's CVE report.
> 
> This week reported 7 new CVEs.
> 
> * New CVEs
> 
> CVE-2021-20320: kernel: s390 eBPF JIT miscompilation issues fixes.
> 
> This bug is in BPF subsystem and s390 architecture specific. Patches
> haven't been backported to 4.4 kernel. However, according to the
> cip-kernel-config, it looks like no one uses s390, so can it ignore it
> until someone backport patches?
> 
> CVSS v3 score is not provided.
> 
> Fixed status
> 
> mainline: [db7bee653859ef7179be933e7d1384644f795f26,
> 6e61dc9da0b7a0d91d57c2e20b5ea4fd2d4e7e53,
>   1511df6f5e9ef32826f20db2ee81f8527154dc14]
> stable/4.19: [ddf58efd05b5d16d86ea4638675e8bd397320930]
> stable/4.9: [c22cf38428cb910f1996839c917e9238d2e44d4b,
> 8a09222a512bf7b32e55bb89a033e08522798299]
> stable/5.10: [d92d3a9c2b6541f29f800fc2bd44620578b8f8a6,
> 4320c222c2ffe778a8aff5b8bc4ac33af6d54eba,
>   ab7cf225016159bc2c3590be6fa12965565d903b]
> stable/5.14: [7a31ec4d215a800b504de74b248795f8be666f8e,
> 6a8787093b04057d855822094d63d04a2506444a,
>   a7593244dc31ad0eea70319f6110975f9c738dca]
> 
> CVE-2021-20321: kernel: In Overlayfs missing a check for a negative
> dentry before calling vfs_rename()
> 
> CVSS v3 score is not provided.
> 
> A local attacker can escalate their privileges up to root via
> overlayfs vulnerability.
> Patch for 4.4 is applied
> failed(https://lore.kernel.org/stable/163378772914820@kroah.com/). It
> needs to modify the patch. I attached a patch, if it looks good, I'll
> send it to the stable mailing list.

Thanks, I checked your patch. LGTM.

Best regards,
  Nobuhiro