* [cip-dev] New CVE entries this week @ 2021-08-19 0:12 市川正美 2021-08-19 7:10 ` Pavel Machek 2021-08-19 7:23 ` Old CVE entries worth watching -- was " Pavel Machek 0 siblings, 2 replies; 6+ messages in thread From: 市川正美 @ 2021-08-19 0:12 UTC (permalink / raw) To: cip-dev [-- Attachment #1: Type: text/plain, Size: 4705 bytes --] Hi ! It's this week's CVE report. * CVE short summary ** New CVEs CVE-2021-3653: mainline, 5.10, 5.13, 5.4 are fixed. CVE-2021-3656: mainline, 5.10, 5.13, 5.4 are fixed. 4.4 is not affected. ** Updated CVEs CVE-2021-33624: mainline, 4.19, 5.10, 5,12, 5.4 are fixed. 4.4 is not affected by this vulnerability. CVE-2021-38198: mainline, 4.19, 5.10, 5.4 are fixed. 4.4 affects this vulnerability. CVE-2021-38205: mainline and stable kernels are fixed. ** Tracking CVEs CVE-2021-31615: there is no fixed information as of 2021/08/12 CVE-2021-3640: there is no fixed information as of 2021/08/12 * CVE detail New CVEs CVE-2021-3653: KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl CVE-2021-3653 and CVE-2021-3656 are vulnerable when nested kvm is enabled. Patch for 4.19 is backported by https://lore.kernel.org/stable/20210816140240.11399-2-pbonzini@redhat.com/ but not applyed yet. Fixed status mainline: [0f923e07124df069ba68d8bb12324398f4b6b709] stable/5.10: [c0883f693187c646c0972d73e525523f9486c2e3] stable/5.13: [a0949ee63cf95408870a564ccad163018b1a9e6b] stable/5.4: [7c1c96ffb658fbfe66c5ebed6bcb5909837bc267] CVE-2021-3656: KVM: nSVM: always intercept VMLOAD/VMSAVE when nested This vulnerability has been introduced since 4.13-rc1 so that 4.4 kernel is not affected. CVE-2021-3653 and CVE-2021-3656 are vulnerable when nested kvm is enabled. Patch for 4.19 is backported by https://lore.kernel.org/stable/20210816140240.11399-9-pbonzini@redhat.com/ but not applyed yet. Fixed status mainline: [c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc] stable/5.10: [3dc5666baf2a135f250e4101d41d5959ac2c2e1f] stable/5.13: [639a033fd765ed473dfee27028df5ccbe1038a2e] stable/5.4: [a17f2f2c89494c0974529579f3552ecbd1bc2d52] Updated CVEs CVE-2021-33624: Linux kernel BPF protection against speculative execution attacks can be bypassed to read arbitrary kernel memory The main patch 9183671af6dbf60a1219371d4ed73e23f43b49db fixes commit b2157399cc9898260d6031c5bfe45fe137c1fbe7 which has been merged since 4.15-rc8 so 4.4 aren't affected this vulnerability. Fixed status mainline: [d203b0fd863a2261e5d00b97f3d060c4c2a6db71, fe9a5ca7e370e613a9a75a13008a3845ea759d6e, 9183671af6dbf60a1219371d4ed73e23f43b49db, 973377ffe8148180b2651825b92ae91988141b05] stable/4.19: [0abc8c9754c953f5cd0ac7488c668ca8d53ffc90, c510c1845f7b54214b4117272e0d87dff8732af6, 9df311b2e743642c5427ecf563c5050ceb355d1d, c15b387769446c37a892f958b169744dabf7ff23] stable/5.10: [e9d271731d21647f8f9e9a261582cf47b868589a, 8c82c52d1de931532200b447df8b4fc92129cfd9, 5fc6ed1831ca5a30fb0ceefd5e33c7c689e7627b] stable/5.12: [408a4956acde24413f3c684912b1d3e404bed8e2, 68a1936e1812653b68c5b68e698d88fb35018835, 4a99047ed51c98a09a537fe2c12420d815dfe296, e5e2010ac3e27efa1e6e830b250f491da82d51b4] stable/5.4: [283d742988f6b304f32110f39e189a00d4e52b92, d2f790327f83b457db357e7c66f942bc00d43462, fd568de5806f8859190e6305a1792ba8cb20de61, a0f66ddf05c2050e1b7f53256bd9c25c2bb3022b] CVE-2021-38198: KVM: X86: MMU: Use the correct inherited permissions to get shadow page This vulnerability has been introduced since 2.6.20-rc4 so 4.4 affects this CVE but patch didn't apply to 4.4 (https://lore.kernel.org/stable/162358450944186@kroah.com/). 4.19 also failed to apply this patch but backport patch has been merged recently(https://lore.kernel.org/stable/20210812174140.2370680-1-ovidiu.panait@windriver.com/). Fixed status mainline: [b1bd5cba3306691c771d558e94baa73e8b0b96b7] stable/4.19: [4c07e70141eebd3db64297515a427deea4822957] stable/5.10: [6b6ff4d1f349cb35a7c7d2057819af1b14f80437] stable/5.4: [d28adaabbbf4a6949d0f6f71daca6744979174e2] CVE-2021-38205: net: xilinx_emaclite: Do not print real IOMEM pointer We talked about this CVE at previous weekly CVE report. Thank your for Pavel to backport the patch. Fixed status mainline: [d0d62baa7f505bd4c59cd169692ff07ec49dde37] stable/4.14: [1994eacac7af52da86e4b0cb6ae61621bef7393f] stable/4.19: [9322401477a6d1f9de8f18e5d6eb43a68e0b113a] stable/4.4: [3d4ba14fc5ffbe5712055af09a5c0cbab93c0f44] stable/4.9: [ffdc1e312e2074875147c1df90764a9bae56f11f] stable/5.10: [25cff25ec60690247db8138cd1af8b867df2c489] stable/5.13: [8722275b41d5127048e1422a8a1b6370b4878533] stable/5.4: [38b8485b72cbe4521fd2e0b8770e3d78f9b89e60] Currently tracking CVEs CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 There is no fixed information as of 2021/08/19. CVE-2021-3640: UAF in sco_send_frame function There is no fixed information as of 2021/08/19. Regards, -- Masami Ichikawa Cybertrust Japan Co., Ltd. Email :masami.ichikawa@cybertrust.co.jp :masami.ichikawa@miraclelinux.com [-- Attachment #2: Type: text/plain, Size: 429 bytes --] -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#6694): https://lists.cip-project.org/g/cip-dev/message/6694 Mute This Topic: https://lists.cip-project.org/mt/84986288/4520388 Group Owner: cip-dev+owner@lists.cip-project.org Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/10495289/4520388/727948398/xyzzy [cip-dev@archiver.kernel.org] -=-=-=-=-=-=-=-=-=-=-=- ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [cip-dev] New CVE entries this week 2021-08-19 0:12 [cip-dev] New CVE entries this week 市川正美 @ 2021-08-19 7:10 ` Pavel Machek 2021-08-19 8:37 ` Masami Ichikawa 2021-08-19 8:55 ` Nobuhiro Iwamatsu 2021-08-19 7:23 ` Old CVE entries worth watching -- was " Pavel Machek 1 sibling, 2 replies; 6+ messages in thread From: Pavel Machek @ 2021-08-19 7:10 UTC (permalink / raw) To: cip-dev [-- Attachment #1.1: Type: text/plain, Size: 3754 bytes --] Hi! > CVE-2021-38198: KVM: X86: MMU: Use the correct inherited permissions > to get shadow page > > This vulnerability has been introduced since 2.6.20-rc4 so 4.4 affects > this CVE but patch didn't apply to 4.4 > (https://lore.kernel.org/stable/162358450944186@kroah.com/). 4.19 also > failed to apply this patch but backport patch has been merged > recently(https://lore.kernel.org/stable/20210812174140.2370680-1-ovidiu.panait@windriver.com/). > I tried to look at this, and it is rather non-trivial. In particular, I'd not know how to test it. I ended up with this patch, but it is not even compile-tested. Best regards, Pavel diff --git a/Documentation/virtual/kvm/mmu.txt b/Documentation/virtual/kvm/mmu.txt index b653641d4261..ee5bd16a0856 100644 --- a/Documentation/virtual/kvm/mmu.txt +++ b/Documentation/virtual/kvm/mmu.txt @@ -152,8 +152,8 @@ Shadow pages contain the following information: shadow pages) so role.quadrant takes values in the range 0..3. Each quadrant maps 1GB virtual address space. role.access: - Inherited guest access permissions in the form uwx. Note execute - permission is positive, not negative. + Inherited guest access permissions from the parent ptes in the form uwx. + Note execute permission is positive, not negative. role.invalid: The page is invalid and should not be used. It is a root page that is currently pinned (by a cpu hardware register pointing to it); once it is diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h index 7be8a251363e..cebcf7b29b15 100644 --- a/arch/x86/kvm/paging_tmpl.h +++ b/arch/x86/kvm/paging_tmpl.h @@ -100,8 +100,8 @@ struct guest_walker { gpa_t pte_gpa[PT_MAX_FULL_LEVELS]; pt_element_t __user *ptep_user[PT_MAX_FULL_LEVELS]; bool pte_writable[PT_MAX_FULL_LEVELS]; - unsigned pt_access; - unsigned pte_access; + unsigned int pt_access[PT_MAX_FULL_LEVELS]; + unsigned int pte_access; gfn_t gfn; struct x86_exception fault; }; @@ -354,6 +354,9 @@ retry_walk: pte_access = pt_access & FNAME(gpte_access)(vcpu, pte); walker->ptes[walker->level - 1] = pte; + + /* Convert to ACC_*_MASK flags for struct guest_walker. */ + walker->pt_access[walker->level - 1] = FNAME(gpte_access)(pt_access ^ walk_nx_mask); } while (!is_last_gpte(mmu, walker->level, pte)); if (unlikely(permission_fault(vcpu, mmu, pte_access, access))) { @@ -392,10 +395,11 @@ retry_walk: goto retry_walk; } - walker->pt_access = pt_access; - walker->pte_access = pte_access; + walker->pt_access = FNAME(gpte_access)(pt_access ^ walk_nx_mask); + walker->pte_access = FNAME(gpte_access)(pte_access ^ walk_nx_mask); pgprintk("%s: pte %llx pte_access %x pt_access %x\n", - __func__, (u64)pte, pte_access, pt_access); + __func__, (u64)pte, walker->pte_access, + walker->pt_access[walker->level - 1]); return 1; error: @@ -555,7 +559,7 @@ static int FNAME(fetch)(struct kvm_vcpu *vcpu, gva_t addr, { struct kvm_mmu_page *sp = NULL; struct kvm_shadow_walk_iterator it; - unsigned direct_access, access = gw->pt_access; + unsigned int direct_access, access; int top_level, emulate = 0; direct_access = gw->pte_access; @@ -586,6 +590,7 @@ static int FNAME(fetch)(struct kvm_vcpu *vcpu, gva_t addr, sp = NULL; if (!is_shadow_present_pte(*it.sptep)) { table_gfn = gw->table_gfn[it.level - 2]; + access = gw->pt_access[it.level - 2]; sp = kvm_mmu_get_page(vcpu, table_gfn, addr, it.level-1, false, access, it.sptep); } -- DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany [-- Attachment #1.2: Digital signature --] [-- Type: application/pgp-signature, Size: 181 bytes --] [-- Attachment #2: Type: text/plain, Size: 429 bytes --] -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#6696): https://lists.cip-project.org/g/cip-dev/message/6696 Mute This Topic: https://lists.cip-project.org/mt/84986288/4520388 Group Owner: cip-dev+owner@lists.cip-project.org Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/10495289/4520388/727948398/xyzzy [cip-dev@archiver.kernel.org] -=-=-=-=-=-=-=-=-=-=-=- ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [cip-dev] New CVE entries this week 2021-08-19 7:10 ` Pavel Machek @ 2021-08-19 8:37 ` Masami Ichikawa 2021-08-19 8:55 ` Nobuhiro Iwamatsu 1 sibling, 0 replies; 6+ messages in thread From: Masami Ichikawa @ 2021-08-19 8:37 UTC (permalink / raw) To: cip-dev [-- Attachment #1: Type: text/plain, Size: 4643 bytes --] Hi ! On Thu, Aug 19, 2021 at 4:10 PM Pavel Machek <pavel@denx.de> wrote: > > Hi! > > > > CVE-2021-38198: KVM: X86: MMU: Use the correct inherited permissions > > to get shadow page > > > > This vulnerability has been introduced since 2.6.20-rc4 so 4.4 affects > > this CVE but patch didn't apply to 4.4 > > (https://lore.kernel.org/stable/162358450944186@kroah.com/). 4.19 also > > failed to apply this patch but backport patch has been merged > > recently(https://lore.kernel.org/stable/20210812174140.2370680-1-ovidiu.panait@windriver.com/). > > > > I tried to look at this, and it is rather non-trivial. In particular, > I'd not know how to test it. I ended up with this patch, but it is not > even compile-tested. > > Best regards, > Pavel > > diff --git a/Documentation/virtual/kvm/mmu.txt b/Documentation/virtual/kvm/mmu.txt > index b653641d4261..ee5bd16a0856 100644 > --- a/Documentation/virtual/kvm/mmu.txt > +++ b/Documentation/virtual/kvm/mmu.txt > @@ -152,8 +152,8 @@ Shadow pages contain the following information: > shadow pages) so role.quadrant takes values in the range 0..3. Each > quadrant maps 1GB virtual address space. > role.access: > - Inherited guest access permissions in the form uwx. Note execute > - permission is positive, not negative. > + Inherited guest access permissions from the parent ptes in the form uwx. > + Note execute permission is positive, not negative. > role.invalid: > The page is invalid and should not be used. It is a root page that is > currently pinned (by a cpu hardware register pointing to it); once it is > diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h > index 7be8a251363e..cebcf7b29b15 100644 > --- a/arch/x86/kvm/paging_tmpl.h > +++ b/arch/x86/kvm/paging_tmpl.h > @@ -100,8 +100,8 @@ struct guest_walker { > gpa_t pte_gpa[PT_MAX_FULL_LEVELS]; > pt_element_t __user *ptep_user[PT_MAX_FULL_LEVELS]; > bool pte_writable[PT_MAX_FULL_LEVELS]; > - unsigned pt_access; > - unsigned pte_access; > + unsigned int pt_access[PT_MAX_FULL_LEVELS]; > + unsigned int pte_access; > gfn_t gfn; > struct x86_exception fault; > }; > @@ -354,6 +354,9 @@ retry_walk: > pte_access = pt_access & FNAME(gpte_access)(vcpu, pte); > > walker->ptes[walker->level - 1] = pte; > + > + /* Convert to ACC_*_MASK flags for struct guest_walker. */ > + walker->pt_access[walker->level - 1] = FNAME(gpte_access)(pt_access ^ walk_nx_mask); > } while (!is_last_gpte(mmu, walker->level, pte)); > > if (unlikely(permission_fault(vcpu, mmu, pte_access, access))) { > @@ -392,10 +395,11 @@ retry_walk: > goto retry_walk; > } > > - walker->pt_access = pt_access; > - walker->pte_access = pte_access; > + walker->pt_access = FNAME(gpte_access)(pt_access ^ walk_nx_mask); > + walker->pte_access = FNAME(gpte_access)(pte_access ^ walk_nx_mask); > pgprintk("%s: pte %llx pte_access %x pt_access %x\n", > - __func__, (u64)pte, pte_access, pt_access); > + __func__, (u64)pte, walker->pte_access, > + walker->pt_access[walker->level - 1]); > return 1; > > error: > @@ -555,7 +559,7 @@ static int FNAME(fetch)(struct kvm_vcpu *vcpu, gva_t addr, > { > struct kvm_mmu_page *sp = NULL; > struct kvm_shadow_walk_iterator it; > - unsigned direct_access, access = gw->pt_access; > + unsigned int direct_access, access; > int top_level, emulate = 0; > > direct_access = gw->pte_access; > @@ -586,6 +590,7 @@ static int FNAME(fetch)(struct kvm_vcpu *vcpu, gva_t addr, > sp = NULL; > if (!is_shadow_present_pte(*it.sptep)) { > table_gfn = gw->table_gfn[it.level - 2]; > + access = gw->pt_access[it.level - 2]; > sp = kvm_mmu_get_page(vcpu, table_gfn, addr, it.level-1, > false, access, it.sptep); > } > > Thank you for the patch. I looked at both original patch(b1bd5cba3306691c771d558e94baa73e8b0b96b7) and your's. This patch looks good to me. > -- > DENX Software Engineering GmbH, Managing Director: Wolfgang Denk > HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany > > > Regards, -- Masami Ichikawa Cybertrust Japan Co., Ltd. Email :masami.ichikawa@cybertrust.co.jp :masami.ichikawa@miraclelinux.com [-- Attachment #2: Type: text/plain, Size: 429 bytes --] -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#6698): https://lists.cip-project.org/g/cip-dev/message/6698 Mute This Topic: https://lists.cip-project.org/mt/84986288/4520388 Group Owner: cip-dev+owner@lists.cip-project.org Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/10495289/4520388/727948398/xyzzy [cip-dev@archiver.kernel.org] -=-=-=-=-=-=-=-=-=-=-=- ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [cip-dev] New CVE entries this week 2021-08-19 7:10 ` Pavel Machek 2021-08-19 8:37 ` Masami Ichikawa @ 2021-08-19 8:55 ` Nobuhiro Iwamatsu 1 sibling, 0 replies; 6+ messages in thread From: Nobuhiro Iwamatsu @ 2021-08-19 8:55 UTC (permalink / raw) To: cip-dev [-- Attachment #1: Type: text/plain, Size: 4467 bytes --] Hi, > -----Original Message----- > From: cip-dev@lists.cip-project.org [mailto:cip-dev@lists.cip-project.org] On Behalf Of Pavel Machek > Sent: Thursday, August 19, 2021 4:10 PM > To: cip-dev@lists.cip-project.org > Subject: Re: [cip-dev] New CVE entries this week > > Hi! > > > > CVE-2021-38198: KVM: X86: MMU: Use the correct inherited permissions > > to get shadow page > > > > This vulnerability has been introduced since 2.6.20-rc4 so 4.4 affects > > this CVE but patch didn't apply to 4.4 > > (https://lore.kernel.org/stable/162358450944186@kroah.com/). 4.19 also > > failed to apply this patch but backport patch has been merged > > recently(https://lore.kernel.org/stable/20210812174140.2370680-1-ovidiu.panait@windriver.com/). > > > > I tried to look at this, and it is rather non-trivial. In particular, > I'd not know how to test it. I ended up with this patch, but it is not > even compile-tested. Thanks for your work. I just checked this issue. This probably won't compile because the walk_nx_mask variable isn't well defined. I think we need to backport a patch for this variable or create another patch. > > Best regards, > Pavel Best regards, Nobuhiro > > diff --git a/Documentation/virtual/kvm/mmu.txt b/Documentation/virtual/kvm/mmu.txt > index b653641d4261..ee5bd16a0856 100644 > --- a/Documentation/virtual/kvm/mmu.txt > +++ b/Documentation/virtual/kvm/mmu.txt > @@ -152,8 +152,8 @@ Shadow pages contain the following information: > shadow pages) so role.quadrant takes values in the range 0..3. Each > quadrant maps 1GB virtual address space. > role.access: > - Inherited guest access permissions in the form uwx. Note execute > - permission is positive, not negative. > + Inherited guest access permissions from the parent ptes in the form uwx. > + Note execute permission is positive, not negative. > role.invalid: > The page is invalid and should not be used. It is a root page that is > currently pinned (by a cpu hardware register pointing to it); once it is > diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h > index 7be8a251363e..cebcf7b29b15 100644 > --- a/arch/x86/kvm/paging_tmpl.h > +++ b/arch/x86/kvm/paging_tmpl.h > @@ -100,8 +100,8 @@ struct guest_walker { > gpa_t pte_gpa[PT_MAX_FULL_LEVELS]; > pt_element_t __user *ptep_user[PT_MAX_FULL_LEVELS]; > bool pte_writable[PT_MAX_FULL_LEVELS]; > - unsigned pt_access; > - unsigned pte_access; > + unsigned int pt_access[PT_MAX_FULL_LEVELS]; > + unsigned int pte_access; > gfn_t gfn; > struct x86_exception fault; > }; > @@ -354,6 +354,9 @@ retry_walk: > pte_access = pt_access & FNAME(gpte_access)(vcpu, pte); > > walker->ptes[walker->level - 1] = pte; > + > + /* Convert to ACC_*_MASK flags for struct guest_walker. */ > + walker->pt_access[walker->level - 1] = FNAME(gpte_access)(pt_access ^ walk_nx_mask); > } while (!is_last_gpte(mmu, walker->level, pte)); > > if (unlikely(permission_fault(vcpu, mmu, pte_access, access))) { > @@ -392,10 +395,11 @@ retry_walk: > goto retry_walk; > } > > - walker->pt_access = pt_access; > - walker->pte_access = pte_access; > + walker->pt_access = FNAME(gpte_access)(pt_access ^ walk_nx_mask); > + walker->pte_access = FNAME(gpte_access)(pte_access ^ walk_nx_mask); > pgprintk("%s: pte %llx pte_access %x pt_access %x\n", > - __func__, (u64)pte, pte_access, pt_access); > + __func__, (u64)pte, walker->pte_access, > + walker->pt_access[walker->level - 1]); > return 1; > > error: > @@ -555,7 +559,7 @@ static int FNAME(fetch)(struct kvm_vcpu *vcpu, gva_t addr, > { > struct kvm_mmu_page *sp = NULL; > struct kvm_shadow_walk_iterator it; > - unsigned direct_access, access = gw->pt_access; > + unsigned int direct_access, access; > int top_level, emulate = 0; > > direct_access = gw->pte_access; > @@ -586,6 +590,7 @@ static int FNAME(fetch)(struct kvm_vcpu *vcpu, gva_t addr, > sp = NULL; > if (!is_shadow_present_pte(*it.sptep)) { > table_gfn = gw->table_gfn[it.level - 2]; > + access = gw->pt_access[it.level - 2]; > sp = kvm_mmu_get_page(vcpu, table_gfn, addr, it.level-1, > false, access, it.sptep); > } > > > -- > DENX Software Engineering GmbH, Managing Director: Wolfgang Denk > HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany [-- Attachment #2: Type: text/plain, Size: 429 bytes --] -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#6699): https://lists.cip-project.org/g/cip-dev/message/6699 Mute This Topic: https://lists.cip-project.org/mt/84986288/4520388 Group Owner: cip-dev+owner@lists.cip-project.org Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/10495289/4520388/727948398/xyzzy [cip-dev@archiver.kernel.org] -=-=-=-=-=-=-=-=-=-=-=- ^ permalink raw reply [flat|nested] 6+ messages in thread
* Old CVE entries worth watching -- was Re: [cip-dev] New CVE entries this week 2021-08-19 0:12 [cip-dev] New CVE entries this week 市川正美 2021-08-19 7:10 ` Pavel Machek @ 2021-08-19 7:23 ` Pavel Machek 2021-08-19 9:18 ` Masami Ichikawa 1 sibling, 1 reply; 6+ messages in thread From: Pavel Machek @ 2021-08-19 7:23 UTC (permalink / raw) To: cip-dev [-- Attachment #1.1: Type: text/plain, Size: 625 bytes --] Hi! I was going through CVE entries for a month or so and these accumulated in that time. Would it make sense to add them to the current "watch list"? ** Bluetooth Unfortunately, not enough info is present here: CVE-2020-26555 -- BR/EDR pin code pairing broken CVE-2020-26556 CVE-2020-26557 CVE-2020-26559 CVE-2020-26560 -- bluetooth mesh ** BPF CVE-2021-3600 -- More eBPF issues. 4.19+, but we still may need to fix 4.19 Best regards, Pavel -- DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany [-- Attachment #1.2: Digital signature --] [-- Type: application/pgp-signature, Size: 181 bytes --] [-- Attachment #2: Type: text/plain, Size: 429 bytes --] -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#6697): https://lists.cip-project.org/g/cip-dev/message/6697 Mute This Topic: https://lists.cip-project.org/mt/84991735/4520388 Group Owner: cip-dev+owner@lists.cip-project.org Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/10495289/4520388/727948398/xyzzy [cip-dev@archiver.kernel.org] -=-=-=-=-=-=-=-=-=-=-=- ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Old CVE entries worth watching -- was Re: [cip-dev] New CVE entries this week 2021-08-19 7:23 ` Old CVE entries worth watching -- was " Pavel Machek @ 2021-08-19 9:18 ` Masami Ichikawa 0 siblings, 0 replies; 6+ messages in thread From: Masami Ichikawa @ 2021-08-19 9:18 UTC (permalink / raw) To: cip-dev [-- Attachment #1: Type: text/plain, Size: 992 bytes --] Hi ! On Thu, Aug 19, 2021 at 4:23 PM Pavel Machek <pavel@denx.de> wrote: > > Hi! > > I was going through CVE entries for a month or so and these > accumulated in that time. Would it make sense to add them to the > current "watch list"? > > ** Bluetooth > > Unfortunately, not enough info is present here: > > CVE-2020-26555 -- BR/EDR pin code pairing broken > CVE-2020-26556 CVE-2020-26557 CVE-2020-26559 CVE-2020-26560 -- bluetooth mesh > > ** BPF > > CVE-2021-3600 -- More eBPF issues. 4.19+, but we still may need to > fix 4.19 > Thank you for the information. I'll add these CVEs to tracking list. > Best regards, > Pavel > -- > DENX Software Engineering GmbH, Managing Director: Wolfgang Denk > HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany > > > Regrads, -- Masami Ichikawa Cybertrust Japan Co., Ltd. Email :masami.ichikawa@cybertrust.co.jp :masami.ichikawa@miraclelinux.com [-- Attachment #2: Type: text/plain, Size: 429 bytes --] -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#6700): https://lists.cip-project.org/g/cip-dev/message/6700 Mute This Topic: https://lists.cip-project.org/mt/84991735/4520388 Group Owner: cip-dev+owner@lists.cip-project.org Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/10495289/4520388/727948398/xyzzy [cip-dev@archiver.kernel.org] -=-=-=-=-=-=-=-=-=-=-=- ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-08-19 9:19 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-08-19 0:12 [cip-dev] New CVE entries this week 市川正美 2021-08-19 7:10 ` Pavel Machek 2021-08-19 8:37 ` Masami Ichikawa 2021-08-19 8:55 ` Nobuhiro Iwamatsu 2021-08-19 7:23 ` Old CVE entries worth watching -- was " Pavel Machek 2021-08-19 9:18 ` Masami Ichikawa
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.