[cip-dev] New CVE entry this week

From: "Masami Ichikawa" <masami.ichikawa@miraclelinux.com>
To: cip-dev <cip-dev@lists.cip-project.org>
Subject: [cip-dev] New CVE entry this week
Date: Thu, 16 Sep 2021 09:43:58 +0900	[thread overview]
Message-ID: <CAODzB9rpFGi8xKkocVfEy-4wJFfR9AwkebC9kSrO3W=zK_PsTQ@mail.gmail.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 3038 bytes --]

Hi !

It's this week's CVE report.

This week reported 4 new CVEs.

* New CVEs

CVE-2021-3744: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()

This bug is in the AMD Cryptographic Coprocessor (CCP) driver. This
bug is related to CVE-2021-3744.

In the cip-kernel-config directory, 4.4 kernel uses this driver.

$ find . -type f | xargs grep -n "ccp-ops.c"
./4.4.y-cip-rt/x86/siemens_i386-rt.sources:1716:drivers/crypto/ccp/ccp-ops.c
./4.4.y-cip-rt/all.sources:3665:drivers/crypto/ccp/ccp-ops.c

Fixed status

Patch is available but it hasn't been merged yet.

CVE-2021-3764: DoS in ccp_run_aes_gcm_cmd() function

This vulnerability is a memory leak which will cause Dos attack.
This bug is in the AMD Cryptographic Coprocessor (CCP) driver. This
bug is related to CVE-2021-3764.

Fixed status

Patch is available but it hasn't been merged yet.

CVE-2021-3752: UAF in bluetooth

There is a use after free bug in bluetooth module.

Fixed status

This CVE hasn't been fixed in the mainline yet.

CVE-2021-38300: bpf, mips: Validate conditional branch offsets

This bug only affects bpf in mips architecture.  Patch is available,
but hasn't been merged yet.

Fixed status:

Not yet.

* Updated CVEs

CVE-2021-40490:  A race condition was discovered in
ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem
in the Linux kernel through 5.13.13

kernel 5.4 has been fixed.

Fixed status

mainline: [a54c4613dac1500b40e4ab55199f7c51f028e848]
stable/5.10: [09a379549620f122de3aa4e65df9329976e4cdf5]
stable/5.13: [c764e8fa4491da66780fcb30a0d43bfd3fccd12c]
stable/5.14: [f8ea208b3fbbc0546d71b47e8abaf98b0961dec1]
stable/5.4: [9b3849ba667af99ee99a7853a021a7786851b9fd]

CVE-2021-3635: flowtable list del corruption with kernel BUG at
lib/list_debug.c:50

This vulnerability has been affected from 4.16-rc1 to 5.5-rc7.
Therefore 4.4 kernel, and above 5.5 kernels aren't affected.

Fixed status

cip/4.19: [8260ce5aeee4d7c4a6305e469edeae1066de2800]
cip/4.19-rt: [8260ce5aeee4d7c4a6305e469edeae1066de2800]
mainline: [335178d5429c4cee61b58f4ac80688f556630818]
stable/4.19: [8260ce5aeee4d7c4a6305e469edeae1066de2800]
stable/5.4: [8f4dc50b5c12e159ac846fdc00702c547fdf2e95]

Currently tracking CVEs

CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in
Bluetooth Core Specifications 4.0 through 5.2

There is no fix information.

CVE-2021-3640: UAF in sco_send_frame function

There is no fix information.

CVE-2020-26555: BR/EDR pin code pairing broken

No fix information

CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning

No fix information.

CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh
Provisioning Leads to MITM

No fix information.

CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning

No fix information.

CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning

No fix information.

Regards,

-- 
Masami Ichikawa
Cybertrust Japan Co., Ltd.

Email :masami.ichikawa@cybertrust.co.jp
          :masami.ichikawa@miraclelinux.com

[-- Attachment #2: Type: text/plain, Size: 429 bytes --]

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#6739): https://lists.cip-project.org/g/cip-dev/message/6739
Mute This Topic: https://lists.cip-project.org/mt/85642333/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/10495289/4520388/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-