Hi!

> * Updated CVEs
> 
> CVE-2021-3640: UAF in sco_send_frame function
> 
> 5.10 and 5.15 are fixed this week.
> 
> Fixed status
> 
> mainline: [99c23da0eed4fd20cae8243f2b51e10e66aa0951]
> stable/5.10: [4dfba42604f08a505f1a1efc69ec5207ea6243de]
> stable/5.14: [2c2b295af72e4e30d17556375e100ae65ac0b896]
> stable/5.15: [b990c219c4c9d4993ef65ea9db73d9497e70f697]
> stable/5.4: [d416020f1a9cc5f903ae66649b2c56d9ad5256ab]

Interesting.

commit 99c23da0eed4fd20cae8243f2b51e10e66aa0951
Author: Takashi Iwai <tiwai@suse.de>

Says:

    This should be the last piece for fixing CVE-2021-3640 after a few
    already queued fixes.

Which means more than 99c23da0eed is needed to fix this one,
unfortunately it does not give us good way to identify what commits
are needed.

> CVE-2021-43975: atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait
> 
> The mainline kernel was fixed in 5.16-rc2.
> 
> Fixed status
> 
> mainline: [b922f622592af76b57cbc566eaeccda0b31a3496]

This is protection of kernel against malicious hardware. I believe we
can ignore this.

Best regards,
								Pavel
-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany