Hi!

> * CVE short summary

These summaries are not so short; I simply skip them and go to full
list. Perhaps they don't need to be included, or could include only
CVEs where we need to take an action?

> * CVE detail
> 
> New CVEs
> 
> CVE-2021-3739: btrfs: fix NULL pointer dereference when deleting
> device by invalid id
> 
> Fixed in btrfs tree but not fixed in mainline yet.
> This vulnerability has been introduced since 4.20-rc1 so before 4.20
> kernel aren't affected this vulnerability.
> 
> Fixed status
> 
> mainline: [e4571b8c5e9ffa1e85c0c671995bd4dcc5c75091]

This one is queued for 5.10.62, so this is getting fixed for us.

> CVE-2021-3743: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c
> 
> The Qualcomm's IPC router protocol(qrtr) has been introduced since
> 4.15-rc1 so before 4.15 kernels aren't affected.
> Checked on cip-kernel-config, it looks like no CIP member enables QRTR.
> 
> Fixed status
> 
> mainline: [7e78c597c3ebfd0cb329aa09a838734147e4f117]

Fixes are queued for 4.19 and 5.10.62, so this is getting fixed for us.

> CVE-2021-3753: A out-of-bounds caused by the race of KDSETMODE in vt
> 
> Commit ffb324e6f874121f7dce5bdae5e05d02baae7269 introduced race
> condition and oob bug. The commit ffb324e6f874 have been backported to
> 4.4 and 4.19.

Agreed, fixed in 4.19.192 and 4.4.270. Nothing for us to do there.

> Updated CVEs
> 
> CVE-2020-3702: Specifically timed and handcrafted traffic can cause
> internal errors in a WLAN device that lead to improper layer 2 Wi-Fi
> encryption with a consequent possibility of information disclosure
> over the air for a discrete set of traffic
> 
> Vulnerability in ath9k driver. 4.4.y-cip/arm/siemens_imx6_defconfig
> and 4.4.y-cip/arm/moxa_mxc_defconfig use ath9k.

Fixed in 4.14 but not 4.4.

> stable/4.14: [2cbb22fd4b4fb4d0822d185bf5bd6d027107bfda,
> 20e7de09cbdb76a38f28fb71709fae347123ddb7,
>   995586a56748c532850870523d3a9080492b3433,
> f4d4f4473129e9ee55b8562250adc53217bad529,
>   61b014a8f8de02bedc56f76620170437f5638588]

Diffstat looks like this:

 key.c |   11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)
 main.c |    5 +++++
 1 file changed, 5 insertions(+)
 ath.h |    1 +
 key.c |    4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)
 ath.h                |    2 +-
 ath5k/mac80211-ops.c |    2 +-
 ath9k/htc_drv_main.c |    2 +-
 ath9k/main.c         |    5 ++---
 key.c                |   34 +++++++++++++++++-----------------
 5 files changed, 22 insertions(+), 23 deletions(-)
 hw.h   |    1 
 main.c |   87 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 87 insertions(+), 1 deletion(-)

Best regards,
								Pavel

-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany