Re: [cip-dev] New CVE entries in this week

[Pavel Machek <pavel@denx.de>]

[-- Attachment #1: Type: text/plain, Size: 1819 bytes --]

Hi!

> * New CVEs
> 
> CVE-2021-39633: ip_gre: add validation for csum_start
> 
> CVSS v3 score is not provided
> 
> An information leak bug was found in gre_handle_offloads() which is in
> net/ipv4/ip_gre.c.
> This fix uses skb_checksum_start() to check data but this function was
> introduced at 4.6-rc1 commit 08b64fc ("net: Store checksum result for
> offloaded GSO checksums") so applying this patch requires commit
> 08b64fc too.
> 
> Fixed status
> 
> mainline: [1d011c4803c72f3907eccfc1ec63caefb852fcbf]
> stable/4.9: [41d5dfa408130433cc5f037ad89bed854bf936f7]

So this needs more investigation and possibly 4.4 port? 08b64fc looks
quite small/simple.

> CVE-2021-39634: epoll: do not insert into poll queues until all sanity
> checks are done
> 
> CVSS v3 score is not provided
> 
> A local attacker could gain his privilege by abusing this bug. All
> stable kernels and the mainline kernels have already been fixed.
> 
> Fixed status

...and 4.19 and older is fixed, and 5.10 already contains
f8d4f44df056c5b504b0d49683fb7279218fd207, so nothing to do here. Good.

> CVE-2021-4204: eBPF Improper Input Validation Vulnerability
> 
> CVSS v3 score is not provided
> 
> A local attacker can escalate privileges via this bug.
> This bug is affecting the 5.8 or later kernel. The commit 457f4436
> ("bpf: Implement BPF ring buffer and verifier support for it")
> introduced this issue.
> 
> To mitigate this issue, set kernel.unprivileged_bpf_disabled to 1.
> 
> Fixed status
> 
> Not fixed yet.

Apparently Ubuntu has a fix for this. But I guess we can wait till it
hits mainline.

Best regards,
								Pavel
-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]