Hi!

> CVE-2021-3864: descendant's dumpable setting with certain SUID binaries
> 
> CVSS v3 score is not provided
> 
> This bug is able to write coredump file anyware. However, abusing this
> bug, such as arbitrary code execution is required some program. The
> PoC(https://www.openwall.com/lists/oss-security/2021/10/20/2).
> There is two mitigation techniques are suggested. So, users follow
> these mitigation technique is recommended.
> 
> Fixed status
> 
> Not fixed yet.

This one is actually quite interesting.

Untrusted users should not normally have shell access on embedded
systems, but it highlights topic of coredumps. Default config of
coredumping is unsuitable for many embedded systems; coredumps should
be probably disabled.

Best regards,
								Pavel

-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany