[cip-dev] New CVE entries this week

[cip-dev] New CVE entries this week

[市川正美]

[-- Attachment #1: Type: text/plain, Size: 4705 bytes --]

Hi !

It's this week's CVE report.

* CVE short summary

** New CVEs

CVE-2021-3653: mainline, 5.10, 5.13, 5.4 are fixed.

CVE-2021-3656: mainline, 5.10, 5.13, 5.4 are fixed. 4.4 is not affected.

** Updated CVEs

CVE-2021-33624: mainline, 4.19, 5.10, 5,12, 5.4 are fixed. 4.4 is not
affected by this vulnerability.

CVE-2021-38198: mainline, 4.19, 5.10, 5.4 are fixed. 4.4 affects this
vulnerability.

CVE-2021-38205: mainline and stable kernels are fixed.

** Tracking CVEs

CVE-2021-31615: there is no fixed information as of 2021/08/12

CVE-2021-3640: there is no fixed information as of 2021/08/12


* CVE detail

New CVEs

CVE-2021-3653: KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl

CVE-2021-3653 and CVE-2021-3656 are vulnerable when nested kvm is enabled.

Patch for 4.19 is backported by
https://lore.kernel.org/stable/20210816140240.11399-2-pbonzini@redhat.com/
but not applyed yet.

Fixed status

mainline: [0f923e07124df069ba68d8bb12324398f4b6b709]
stable/5.10: [c0883f693187c646c0972d73e525523f9486c2e3]
stable/5.13: [a0949ee63cf95408870a564ccad163018b1a9e6b]
stable/5.4: [7c1c96ffb658fbfe66c5ebed6bcb5909837bc267]

CVE-2021-3656: KVM: nSVM: always intercept VMLOAD/VMSAVE when nested

This vulnerability has been introduced since 4.13-rc1 so that 4.4
kernel is not affected.
CVE-2021-3653 and CVE-2021-3656 are vulnerable when nested kvm is enabled.

Patch for 4.19 is backported by
https://lore.kernel.org/stable/20210816140240.11399-9-pbonzini@redhat.com/
but not applyed yet.

Fixed status

mainline: [c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc]
stable/5.10: [3dc5666baf2a135f250e4101d41d5959ac2c2e1f]
stable/5.13: [639a033fd765ed473dfee27028df5ccbe1038a2e]
stable/5.4: [a17f2f2c89494c0974529579f3552ecbd1bc2d52]

Updated CVEs

CVE-2021-33624: Linux kernel BPF protection against speculative
execution attacks can be bypassed to read arbitrary kernel memory

The main patch 9183671af6dbf60a1219371d4ed73e23f43b49db fixes commit
b2157399cc9898260d6031c5bfe45fe137c1fbe7 which has been merged since
4.15-rc8 so 4.4 aren't affected this vulnerability.

Fixed status

mainline: [d203b0fd863a2261e5d00b97f3d060c4c2a6db71,
fe9a5ca7e370e613a9a75a13008a3845ea759d6e,
    9183671af6dbf60a1219371d4ed73e23f43b49db,
973377ffe8148180b2651825b92ae91988141b05]
stable/4.19: [0abc8c9754c953f5cd0ac7488c668ca8d53ffc90,
c510c1845f7b54214b4117272e0d87dff8732af6,
    9df311b2e743642c5427ecf563c5050ceb355d1d,
c15b387769446c37a892f958b169744dabf7ff23]
stable/5.10: [e9d271731d21647f8f9e9a261582cf47b868589a,
8c82c52d1de931532200b447df8b4fc92129cfd9,
    5fc6ed1831ca5a30fb0ceefd5e33c7c689e7627b]
stable/5.12: [408a4956acde24413f3c684912b1d3e404bed8e2,
68a1936e1812653b68c5b68e698d88fb35018835,
    4a99047ed51c98a09a537fe2c12420d815dfe296,
e5e2010ac3e27efa1e6e830b250f491da82d51b4]
stable/5.4: [283d742988f6b304f32110f39e189a00d4e52b92,
d2f790327f83b457db357e7c66f942bc00d43462,
    fd568de5806f8859190e6305a1792ba8cb20de61,
a0f66ddf05c2050e1b7f53256bd9c25c2bb3022b]

CVE-2021-38198: KVM: X86: MMU: Use the correct inherited permissions
to get shadow page

This vulnerability has been introduced since 2.6.20-rc4 so 4.4 affects
this CVE but patch didn't apply to 4.4
(https://lore.kernel.org/stable/162358450944186@kroah.com/). 4.19 also
failed to apply this patch but backport patch has been merged
recently(https://lore.kernel.org/stable/20210812174140.2370680-1-ovidiu.panait@windriver.com/).


Fixed status

mainline: [b1bd5cba3306691c771d558e94baa73e8b0b96b7]
stable/4.19: [4c07e70141eebd3db64297515a427deea4822957]
stable/5.10: [6b6ff4d1f349cb35a7c7d2057819af1b14f80437]
stable/5.4: [d28adaabbbf4a6949d0f6f71daca6744979174e2]

CVE-2021-38205: net: xilinx_emaclite: Do not print real IOMEM pointer

We talked about this CVE at previous weekly CVE report. Thank your for
Pavel to backport the patch.

Fixed status

mainline: [d0d62baa7f505bd4c59cd169692ff07ec49dde37]
stable/4.14: [1994eacac7af52da86e4b0cb6ae61621bef7393f]
stable/4.19: [9322401477a6d1f9de8f18e5d6eb43a68e0b113a]
stable/4.4: [3d4ba14fc5ffbe5712055af09a5c0cbab93c0f44]
stable/4.9: [ffdc1e312e2074875147c1df90764a9bae56f11f]
stable/5.10: [25cff25ec60690247db8138cd1af8b867df2c489]
stable/5.13: [8722275b41d5127048e1422a8a1b6370b4878533]
stable/5.4: [38b8485b72cbe4521fd2e0b8770e3d78f9b89e60]

Currently tracking CVEs

CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in
Bluetooth Core Specifications 4.0 through 5.2

There is no fixed information as of 2021/08/19.

CVE-2021-3640: UAF in sco_send_frame function

There is no fixed information as of 2021/08/19.

Regards,


-- 
Masami Ichikawa
Cybertrust Japan Co., Ltd.

Email :masami.ichikawa@cybertrust.co.jp
          :masami.ichikawa@miraclelinux.com

[-- Attachment #2: Type: text/plain, Size: 429 bytes --]


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#6694): https://lists.cip-project.org/g/cip-dev/message/6694
Mute This Topic: https://lists.cip-project.org/mt/84986288/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/10495289/4520388/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [cip-dev] New CVE entries this week

[Pavel Machek]

[-- Attachment #1.1: Type: text/plain, Size: 3754 bytes --]

Hi!


> CVE-2021-38198: KVM: X86: MMU: Use the correct inherited permissions
> to get shadow page
> 
> This vulnerability has been introduced since 2.6.20-rc4 so 4.4 affects
> this CVE but patch didn't apply to 4.4
> (https://lore.kernel.org/stable/162358450944186@kroah.com/). 4.19 also
> failed to apply this patch but backport patch has been merged
> recently(https://lore.kernel.org/stable/20210812174140.2370680-1-ovidiu.panait@windriver.com/).
> 

I tried to look at this, and it is rather non-trivial. In particular,
I'd not know how to test it. I ended up with this patch, but it is not
even compile-tested.

Best regards,
								Pavel

diff --git a/Documentation/virtual/kvm/mmu.txt b/Documentation/virtual/kvm/mmu.txt
index b653641d4261..ee5bd16a0856 100644
--- a/Documentation/virtual/kvm/mmu.txt
+++ b/Documentation/virtual/kvm/mmu.txt
@@ -152,8 +152,8 @@ Shadow pages contain the following information:
     shadow pages) so role.quadrant takes values in the range 0..3.  Each
     quadrant maps 1GB virtual address space.
   role.access:
-    Inherited guest access permissions in the form uwx.  Note execute
-    permission is positive, not negative.
+    Inherited guest access permissions from the parent ptes in the form uwx.
+    Note execute permission is positive, not negative.
   role.invalid:
     The page is invalid and should not be used.  It is a root page that is
     currently pinned (by a cpu hardware register pointing to it); once it is
diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h
index 7be8a251363e..cebcf7b29b15 100644
--- a/arch/x86/kvm/paging_tmpl.h
+++ b/arch/x86/kvm/paging_tmpl.h
@@ -100,8 +100,8 @@ struct guest_walker {
 	gpa_t pte_gpa[PT_MAX_FULL_LEVELS];
 	pt_element_t __user *ptep_user[PT_MAX_FULL_LEVELS];
 	bool pte_writable[PT_MAX_FULL_LEVELS];
-	unsigned pt_access;
-	unsigned pte_access;
+	unsigned int pt_access[PT_MAX_FULL_LEVELS];
+	unsigned int pte_access;
 	gfn_t gfn;
 	struct x86_exception fault;
 };
@@ -354,6 +354,9 @@ retry_walk:
 		pte_access = pt_access & FNAME(gpte_access)(vcpu, pte);
 
 		walker->ptes[walker->level - 1] = pte;
+
+		/* Convert to ACC_*_MASK flags for struct guest_walker.  */
+		walker->pt_access[walker->level - 1] = FNAME(gpte_access)(pt_access ^ walk_nx_mask);
 	} while (!is_last_gpte(mmu, walker->level, pte));
 
 	if (unlikely(permission_fault(vcpu, mmu, pte_access, access))) {
@@ -392,10 +395,11 @@ retry_walk:
 			goto retry_walk;
 	}
 
-	walker->pt_access = pt_access;
-	walker->pte_access = pte_access;
+	walker->pt_access = FNAME(gpte_access)(pt_access ^ walk_nx_mask);
+	walker->pte_access = FNAME(gpte_access)(pte_access ^ walk_nx_mask);
 	pgprintk("%s: pte %llx pte_access %x pt_access %x\n",
-		 __func__, (u64)pte, pte_access, pt_access);
+		 __func__, (u64)pte, walker->pte_access,
+		 walker->pt_access[walker->level - 1]);
 	return 1;
 
 error:
@@ -555,7 +559,7 @@ static int FNAME(fetch)(struct kvm_vcpu *vcpu, gva_t addr,
 {
 	struct kvm_mmu_page *sp = NULL;
 	struct kvm_shadow_walk_iterator it;
-	unsigned direct_access, access = gw->pt_access;
+	unsigned int direct_access, access;
 	int top_level, emulate = 0;
 
 	direct_access = gw->pte_access;
@@ -586,6 +590,7 @@ static int FNAME(fetch)(struct kvm_vcpu *vcpu, gva_t addr,
 		sp = NULL;
 		if (!is_shadow_present_pte(*it.sptep)) {
 			table_gfn = gw->table_gfn[it.level - 2];
+			access = gw->pt_access[it.level - 2];
 			sp = kvm_mmu_get_page(vcpu, table_gfn, addr, it.level-1,
 					      false, access, it.sptep);
 		}


-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany

[-- Attachment #1.2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

[-- Attachment #2: Type: text/plain, Size: 429 bytes --]


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#6696): https://lists.cip-project.org/g/cip-dev/message/6696
Mute This Topic: https://lists.cip-project.org/mt/84986288/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/10495289/4520388/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-

Old CVE entries worth watching -- was Re: [cip-dev] New CVE entries this week

[Pavel Machek]

[-- Attachment #1.1: Type: text/plain, Size: 625 bytes --]

Hi!

I was going through CVE entries for a month or so and these
accumulated in that time. Would it make sense to add them to the
current "watch list"?

** Bluetooth

Unfortunately, not enough info is present here:

CVE-2020-26555 -- BR/EDR pin code pairing broken
CVE-2020-26556 CVE-2020-26557 CVE-2020-26559 CVE-2020-26560 -- bluetooth mesh

** BPF

CVE-2021-3600 -- More eBPF  issues. 4.19+, but we still may need to
fix 4.19

Best regards,
								Pavel
-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany

[-- Attachment #1.2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

[-- Attachment #2: Type: text/plain, Size: 429 bytes --]


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#6697): https://lists.cip-project.org/g/cip-dev/message/6697
Mute This Topic: https://lists.cip-project.org/mt/84991735/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/10495289/4520388/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [cip-dev] New CVE entries this week

[Masami Ichikawa]

[-- Attachment #1: Type: text/plain, Size: 4643 bytes --]

Hi !

On Thu, Aug 19, 2021 at 4:10 PM Pavel Machek <pavel@denx.de> wrote:
>
> Hi!
>
>
> > CVE-2021-38198: KVM: X86: MMU: Use the correct inherited permissions
> > to get shadow page
> >
> > This vulnerability has been introduced since 2.6.20-rc4 so 4.4 affects
> > this CVE but patch didn't apply to 4.4
> > (https://lore.kernel.org/stable/162358450944186@kroah.com/). 4.19 also
> > failed to apply this patch but backport patch has been merged
> > recently(https://lore.kernel.org/stable/20210812174140.2370680-1-ovidiu.panait@windriver.com/).
> >
>
> I tried to look at this, and it is rather non-trivial. In particular,
> I'd not know how to test it. I ended up with this patch, but it is not
> even compile-tested.
>
> Best regards,
>                                                                 Pavel
>
> diff --git a/Documentation/virtual/kvm/mmu.txt b/Documentation/virtual/kvm/mmu.txt
> index b653641d4261..ee5bd16a0856 100644
> --- a/Documentation/virtual/kvm/mmu.txt
> +++ b/Documentation/virtual/kvm/mmu.txt
> @@ -152,8 +152,8 @@ Shadow pages contain the following information:
>      shadow pages) so role.quadrant takes values in the range 0..3.  Each
>      quadrant maps 1GB virtual address space.
>    role.access:
> -    Inherited guest access permissions in the form uwx.  Note execute
> -    permission is positive, not negative.
> +    Inherited guest access permissions from the parent ptes in the form uwx.
> +    Note execute permission is positive, not negative.
>    role.invalid:
>      The page is invalid and should not be used.  It is a root page that is
>      currently pinned (by a cpu hardware register pointing to it); once it is
> diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h
> index 7be8a251363e..cebcf7b29b15 100644
> --- a/arch/x86/kvm/paging_tmpl.h
> +++ b/arch/x86/kvm/paging_tmpl.h
> @@ -100,8 +100,8 @@ struct guest_walker {
>         gpa_t pte_gpa[PT_MAX_FULL_LEVELS];
>         pt_element_t __user *ptep_user[PT_MAX_FULL_LEVELS];
>         bool pte_writable[PT_MAX_FULL_LEVELS];
> -       unsigned pt_access;
> -       unsigned pte_access;
> +       unsigned int pt_access[PT_MAX_FULL_LEVELS];
> +       unsigned int pte_access;
>         gfn_t gfn;
>         struct x86_exception fault;
>  };
> @@ -354,6 +354,9 @@ retry_walk:
>                 pte_access = pt_access & FNAME(gpte_access)(vcpu, pte);
>
>                 walker->ptes[walker->level - 1] = pte;
> +
> +               /* Convert to ACC_*_MASK flags for struct guest_walker.  */
> +               walker->pt_access[walker->level - 1] = FNAME(gpte_access)(pt_access ^ walk_nx_mask);
>         } while (!is_last_gpte(mmu, walker->level, pte));
>
>         if (unlikely(permission_fault(vcpu, mmu, pte_access, access))) {
> @@ -392,10 +395,11 @@ retry_walk:
>                         goto retry_walk;
>         }
>
> -       walker->pt_access = pt_access;
> -       walker->pte_access = pte_access;
> +       walker->pt_access = FNAME(gpte_access)(pt_access ^ walk_nx_mask);
> +       walker->pte_access = FNAME(gpte_access)(pte_access ^ walk_nx_mask);
>         pgprintk("%s: pte %llx pte_access %x pt_access %x\n",
> -                __func__, (u64)pte, pte_access, pt_access);
> +                __func__, (u64)pte, walker->pte_access,
> +                walker->pt_access[walker->level - 1]);
>         return 1;
>
>  error:
> @@ -555,7 +559,7 @@ static int FNAME(fetch)(struct kvm_vcpu *vcpu, gva_t addr,
>  {
>         struct kvm_mmu_page *sp = NULL;
>         struct kvm_shadow_walk_iterator it;
> -       unsigned direct_access, access = gw->pt_access;
> +       unsigned int direct_access, access;
>         int top_level, emulate = 0;
>
>         direct_access = gw->pte_access;
> @@ -586,6 +590,7 @@ static int FNAME(fetch)(struct kvm_vcpu *vcpu, gva_t addr,
>                 sp = NULL;
>                 if (!is_shadow_present_pte(*it.sptep)) {
>                         table_gfn = gw->table_gfn[it.level - 2];
> +                       access = gw->pt_access[it.level - 2];
>                         sp = kvm_mmu_get_page(vcpu, table_gfn, addr, it.level-1,
>                                               false, access, it.sptep);
>                 }
>
>

Thank you for the patch. I looked at both original
patch(b1bd5cba3306691c771d558e94baa73e8b0b96b7) and your's.
This patch looks good to me.

> --
> DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
> HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
>
> 
>

Regards,

-- 
Masami Ichikawa
Cybertrust Japan Co., Ltd.

Email :masami.ichikawa@cybertrust.co.jp
          :masami.ichikawa@miraclelinux.com

[-- Attachment #2: Type: text/plain, Size: 429 bytes --]


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#6698): https://lists.cip-project.org/g/cip-dev/message/6698
Mute This Topic: https://lists.cip-project.org/mt/84986288/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/10495289/4520388/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [cip-dev] New CVE entries this week

[Nobuhiro Iwamatsu]

[-- Attachment #1: Type: text/plain, Size: 4467 bytes --]

Hi,

> -----Original Message-----
> From: cip-dev@lists.cip-project.org [mailto:cip-dev@lists.cip-project.org] On Behalf Of Pavel Machek
> Sent: Thursday, August 19, 2021 4:10 PM
> To: cip-dev@lists.cip-project.org
> Subject: Re: [cip-dev] New CVE entries this week
> 
> Hi!
> 
> 
> > CVE-2021-38198: KVM: X86: MMU: Use the correct inherited permissions
> > to get shadow page
> >
> > This vulnerability has been introduced since 2.6.20-rc4 so 4.4 affects
> > this CVE but patch didn't apply to 4.4
> > (https://lore.kernel.org/stable/162358450944186@kroah.com/). 4.19 also
> > failed to apply this patch but backport patch has been merged
> > recently(https://lore.kernel.org/stable/20210812174140.2370680-1-ovidiu.panait@windriver.com/).
> >
> 
> I tried to look at this, and it is rather non-trivial. In particular,
> I'd not know how to test it. I ended up with this patch, but it is not
> even compile-tested.

Thanks for your work. I just checked this issue.

This probably won't compile because the walk_nx_mask variable isn't well defined.
I think we need to backport a patch for this variable or create another patch.

> 
> Best regards,
> 								Pavel

Best regards,
  Nobuhiro

> 
> diff --git a/Documentation/virtual/kvm/mmu.txt b/Documentation/virtual/kvm/mmu.txt
> index b653641d4261..ee5bd16a0856 100644
> --- a/Documentation/virtual/kvm/mmu.txt
> +++ b/Documentation/virtual/kvm/mmu.txt
> @@ -152,8 +152,8 @@ Shadow pages contain the following information:
>      shadow pages) so role.quadrant takes values in the range 0..3.  Each
>      quadrant maps 1GB virtual address space.
>    role.access:
> -    Inherited guest access permissions in the form uwx.  Note execute
> -    permission is positive, not negative.
> +    Inherited guest access permissions from the parent ptes in the form uwx.
> +    Note execute permission is positive, not negative.
>    role.invalid:
>      The page is invalid and should not be used.  It is a root page that is
>      currently pinned (by a cpu hardware register pointing to it); once it is
> diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h
> index 7be8a251363e..cebcf7b29b15 100644
> --- a/arch/x86/kvm/paging_tmpl.h
> +++ b/arch/x86/kvm/paging_tmpl.h
> @@ -100,8 +100,8 @@ struct guest_walker {
>  	gpa_t pte_gpa[PT_MAX_FULL_LEVELS];
>  	pt_element_t __user *ptep_user[PT_MAX_FULL_LEVELS];
>  	bool pte_writable[PT_MAX_FULL_LEVELS];
> -	unsigned pt_access;
> -	unsigned pte_access;
> +	unsigned int pt_access[PT_MAX_FULL_LEVELS];
> +	unsigned int pte_access;
>  	gfn_t gfn;
>  	struct x86_exception fault;
>  };
> @@ -354,6 +354,9 @@ retry_walk:
>  		pte_access = pt_access & FNAME(gpte_access)(vcpu, pte);
> 
>  		walker->ptes[walker->level - 1] = pte;
> +
> +		/* Convert to ACC_*_MASK flags for struct guest_walker.  */
> +		walker->pt_access[walker->level - 1] = FNAME(gpte_access)(pt_access ^ walk_nx_mask);
>  	} while (!is_last_gpte(mmu, walker->level, pte));
> 
>  	if (unlikely(permission_fault(vcpu, mmu, pte_access, access))) {
> @@ -392,10 +395,11 @@ retry_walk:
>  			goto retry_walk;
>  	}
> 
> -	walker->pt_access = pt_access;
> -	walker->pte_access = pte_access;
> +	walker->pt_access = FNAME(gpte_access)(pt_access ^ walk_nx_mask);
> +	walker->pte_access = FNAME(gpte_access)(pte_access ^ walk_nx_mask);
>  	pgprintk("%s: pte %llx pte_access %x pt_access %x\n",
> -		 __func__, (u64)pte, pte_access, pt_access);
> +		 __func__, (u64)pte, walker->pte_access,
> +		 walker->pt_access[walker->level - 1]);
>  	return 1;
> 
>  error:
> @@ -555,7 +559,7 @@ static int FNAME(fetch)(struct kvm_vcpu *vcpu, gva_t addr,
>  {
>  	struct kvm_mmu_page *sp = NULL;
>  	struct kvm_shadow_walk_iterator it;
> -	unsigned direct_access, access = gw->pt_access;
> +	unsigned int direct_access, access;
>  	int top_level, emulate = 0;
> 
>  	direct_access = gw->pte_access;
> @@ -586,6 +590,7 @@ static int FNAME(fetch)(struct kvm_vcpu *vcpu, gva_t addr,
>  		sp = NULL;
>  		if (!is_shadow_present_pte(*it.sptep)) {
>  			table_gfn = gw->table_gfn[it.level - 2];
> +			access = gw->pt_access[it.level - 2];
>  			sp = kvm_mmu_get_page(vcpu, table_gfn, addr, it.level-1,
>  					      false, access, it.sptep);
>  		}
> 
> 
> --
> DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
> HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany

[-- Attachment #2: Type: text/plain, Size: 429 bytes --]


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#6699): https://lists.cip-project.org/g/cip-dev/message/6699
Mute This Topic: https://lists.cip-project.org/mt/84986288/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/10495289/4520388/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-

Re: Old CVE entries worth watching -- was Re: [cip-dev] New CVE entries this week

[Masami Ichikawa]

[-- Attachment #1: Type: text/plain, Size: 992 bytes --]

Hi !

On Thu, Aug 19, 2021 at 4:23 PM Pavel Machek <pavel@denx.de> wrote:
>
> Hi!
>
> I was going through CVE entries for a month or so and these
> accumulated in that time. Would it make sense to add them to the
> current "watch list"?
>
> ** Bluetooth
>
> Unfortunately, not enough info is present here:
>
> CVE-2020-26555 -- BR/EDR pin code pairing broken
> CVE-2020-26556 CVE-2020-26557 CVE-2020-26559 CVE-2020-26560 -- bluetooth mesh
>
> ** BPF
>
> CVE-2021-3600 -- More eBPF  issues. 4.19+, but we still may need to
> fix 4.19
>

Thank you for the information.
I'll add these CVEs to tracking list.

> Best regards,
>                                                                 Pavel
> --
> DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
> HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
>
> 
>

Regrads,
-- 
Masami Ichikawa
Cybertrust Japan Co., Ltd.

Email :masami.ichikawa@cybertrust.co.jp
          :masami.ichikawa@miraclelinux.com

[-- Attachment #2: Type: text/plain, Size: 429 bytes --]


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#6700): https://lists.cip-project.org/g/cip-dev/message/6700
Mute This Topic: https://lists.cip-project.org/mt/84991735/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/10495289/4520388/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-