All of lore.kernel.org
 help / color / mirror / Atom feed
From: Pavel Machek <pavel@denx.de>
To: cip-dev@lists.cip-project.org
Subject: Re: [cip-dev] New CVE Entries in this week
Date: Thu, 4 Nov 2021 10:57:23 +0100	[thread overview]
Message-ID: <20211104095723.GA2592@amd> (raw)
In-Reply-To: <CAODzB9rc8Y_kUnMfYebK_sHt5tOSvf+qr0pgYkZy+N0zqudu4g@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 2734 bytes --]

Hi!

> CVE-2021-34981: Bluetooth CMTP Module Double Free Privilege Escalation
> Vulnerability
> 
> This CVE is fixed in 5.14-rc1.
> 
> Fixed status
> 
> mainline: [3cfdf8fcaafa62a4123f92eb0f4a72650da3a479]
> stable/4.19: [f8be26b9950710fe50fb45358df5bd01ad18efb7]
> stable/4.9: [77c559407276ed4a8854dafc4a5efc8608e51906]
> stable/5.10: [1b364f8ede200e79e25df0df588fcedc322518fb]
> stable/5.4: [fe201316ac36c48fc3cb2891dfdc8ab68058734d]

This seems to be fixed in stable/4.4, too, as
61a811e8f5229264b822361f8b23d7638fd8c914. And cip-kernel-sec says so,
good.

> CVE-2021-43267: tipc: fix size validations for the MSG_CRYPTO type
> 
> This vulnerability was introduced since 5.1-rc1 so before 5.10 kernels
> aren't affected by this issue.
> The mainline and stable kernels have been fixed.

AFAICT the vulnerability was introduced by 1ef6f7c9390f in
5.9-rc3. But that does not change anything for us.

> * Updated CVEs
> 
> CVE-2021-3772: Invalid chunks may be used to remotely remove existing
> associations
> 
> This bug is in SCTP stack that attacker may be able to send packet
> with spoofed IP address if attacker knows IP address and port number
> being used.

AFAICT it is more of "if attacker can send packets with spoofed IP
addresses, he can...". Many of our configs use SCTP.

> CVE-2021-42327: drm/amdgpu: fix out of bounds write
> 
> The parse_write_buffer_into_params() was introduced since 5.9 so
> before 5.9 kernels aren't affected by this vulnerability.
> 
> This CVE was fixed by 5afa7898ab7a ("drm/amdgpu: fix out of bounds
> write"), however next commit 3f4e54bd312d ("drm/amdgpu: Fix even more
> out of bound writes from debugfs") said that amdgpu_dm_debugfs.c
> contains same issues so it'd be nice to apply 3f4e54bd312d
> ("drm/amdgpu: Fix even more out of bound writes from debugfs") too.

This looks quite easy to fix, OTOH CIP configs do not use amdgpu and
it is not too serious in the fist place.

> CVE-2021-20322: new DNS Cache Poisoning Attack based on ICMP fragment
> needed packets replies
> 
> Update stable/5.4 and stable/4.19 fixed revisions.
> It seems like stable/4.4 and stable/4.9 need backport following patches.
> - 4785305c05b2 ("ipv6: use siphash in rt6_exception_hash()")
> - a00df2caffed ("ipv6: make exception cache less predictible")
> - 6457378fe796 ("ipv4: use siphash instead of Jenkins in
> fnhe_hashfun()")

It would not be bad to understand the problem in the first place. Yes,
I guess different hashes have different qualities, but...

Best regards,
								Pavel
-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

  reply	other threads:[~2021-11-04  9:57 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-11-04  1:11 New CVE Entries in this week Masami Ichikawa
2021-11-04  9:57 ` Pavel Machek [this message]
2021-11-04 13:04   ` [cip-dev] " Masami Ichikawa
2021-11-10 23:52 New CVE entries " Masami Ichikawa
2021-11-11  9:21 ` [cip-dev] " Pavel Machek
2021-11-11 12:47   ` Masami Ichikawa
2021-11-25  2:41 Masami Ichikawa
2021-11-25  9:14 ` [cip-dev] " Pavel Machek
     [not found] <16BAA9D56D09F20A.23256@lists.cip-project.org>
2021-11-25  5:16 ` Masami Ichikawa
2021-11-25  8:00   ` nobuhiro1.iwamatsu
2021-11-25 12:00     ` Masami Ichikawa
2021-11-25  9:09   ` Pavel Machek
2021-11-25 12:01     ` Masami Ichikawa
2021-12-08 23:44 Masami Ichikawa
2021-12-09  9:20 ` [cip-dev] " Pavel Machek
2021-12-09 14:12   ` Masami Ichikawa
2021-12-15 23:49 Masami Ichikawa
2021-12-16  5:26 ` [cip-dev] " nobuhiro1.iwamatsu
2021-12-16  5:58   ` Masami Ichikawa
2021-12-16  8:49 ` Pavel Machek
2021-12-23  0:48 Masami Ichikawa
2021-12-23 17:11 ` [cip-dev] " Pavel Machek
2021-12-29 23:29 Masami Ichikawa
2021-12-30 10:20 ` [cip-dev] " Pavel Machek
2021-12-30 23:05   ` Masami Ichikawa
2022-01-12 23:39 Masami Ichikawa
2022-01-13  8:07 ` [cip-dev] " Pavel Machek
2022-01-13 12:41   ` Masami Ichikawa
2022-01-26 23:51 Masami Ichikawa
2022-01-27  8:21 ` [cip-dev] " nobuhiro1.iwamatsu
2022-01-28  6:18   ` Masami Ichikawa
2022-01-29 21:03 ` Pavel Machek
2022-01-31  0:00   ` Masami Ichikawa

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20211104095723.GA2592@amd \
    --to=pavel@denx.de \
    --cc=cip-dev@lists.cip-project.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.