[cip-dev] Cip-kernel-sec Updates for Week of 2021-01-28

[cip-dev] Cip-kernel-sec Updates for Week of 2021-01-28

[Chen-Yu Tsai]

[-- Attachment #1: Type: text/plain, Size: 875 bytes --]

Hi everyone,

One new issue this week:
- CVE-2020-35513 [nfsd: incorrect umask] - fixed in all branches

In addition, the fix for CVE-2021-3178 was backported to all stable kernels.
The security concerns for this issue are being disputed though.

Also, information for CVE-2020-27066 still hasn't been disclosed, and
the affected commit is still unclear.

Last, for CVE-2020-27825 the Fixes tag was incorrect; it is actually a
Depends-On [1].
The issue is known to affect at least in 4.14, 4.19 and 5.4. A sample
backport for 4.4+ [2]
was posted, but a proper backport is still pending [3].


Regards
ChenYu

[1] https://lore.kernel.org/linux-arm-msm/20200915141304.41fa7c30@gandalf.local.home/
[2] https://lore.kernel.org/stable/021b1b38-47ce-bc8b-3867-99160cc85523@linux.com/
[3] https://lore.kernel.org/stable/YA1GU+xjL+zUDIjN@kroah.com/
  * All from the same mail thread

[-- Attachment #2: Type: text/plain, Size: 420 bytes --]


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#6146): https://lists.cip-project.org/g/cip-dev/message/6146
Mute This Topic: https://lists.cip-project.org/mt/80176441/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [cip-dev] Cip-kernel-sec Updates for Week of 2021-01-28

[Chen-Yu Tsai (Moxa)]

[-- Attachment #1: Type: text/plain, Size: 1177 bytes --]

On Thu, Jan 28, 2021 at 10:47 AM Chen-Yu Tsai <wens@csie.org> wrote:
>
> (Resent from correct email address)
>
> Hi everyone,
>
> One new issue this week:
> - CVE-2020-35513 [nfsd: incorrect umask] - fixed in all branches
>
> In addition, the fix for CVE-2021-3178 was backported to all stable kernels.
> The security concerns for this issue are being disputed though.
>
> Also, information for CVE-2020-27066 still hasn't been disclosed, and
> the affected commit is still unclear.
>
> Last, for CVE-2020-27825 the Fixes tag was incorrect; it is actually a
> Depends-On [1].
> The issue is known to affect at least in 4.14, 4.19 and 5.4. A sample
> backport for 4.4+ [2]
> was posted, but a proper backport is still pending [3].

Looks like there's an update:
https://lore.kernel.org/stable/20210125142126.70d6a33c@gandalf.local.home/

I will update the tracker.


ChenYu


> Regards
> ChenYu
> Moxa
>
> [1] https://lore.kernel.org/linux-arm-msm/20200915141304.41fa7c30@gandalf.local.home/
> [2] https://lore.kernel.org/stable/021b1b38-47ce-bc8b-3867-99160cc85523@linux.com/
> [3] https://lore.kernel.org/stable/YA1GU+xjL+zUDIjN@kroah.com/
>   * All from the same mail thread

[-- Attachment #2: Type: text/plain, Size: 420 bytes --]


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#6147): https://lists.cip-project.org/g/cip-dev/message/6147
Mute This Topic: https://lists.cip-project.org/mt/80176441/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [cip-dev] Cip-kernel-sec Updates for Week of 2021-01-28

[Chen-Yu Tsai (Moxa)]

[-- Attachment #1: Type: text/plain, Size: 2053 bytes --]

Hi,

On Thu, Jan 28, 2021 at 4:52 PM Pavel Machek <pavel@denx.de> wrote:
>
> Hi!
>
> > Also, information for CVE-2020-27066 still hasn't been disclosed, and
> > the affected commit is still unclear.
>
> According to
>
> https://nvd.nist.gov/vuln/detail/CVE-2020-27066
>
> "In xfrm6_tunnel_free_spi of net/ipv6/xfrm6_tunnel.c, ..."
>
> That source file is in use by 4.4 & 4.19, rt & non-rt. There are no
> recent commits in that file in -next, so I believe it is not fixed in
> next or mainline.

Debian maintainers speculate it might be related to 4c59406ed003
("xfrm: policy: Fix doulbe free in xfrm_policy_timer").

Of course we won't really know until Google discloses the facts.

ChenYu

> Many of our configs enable it as a module:
>
> pavel@amd:~/cip/cip-kernel-config$ grep 6_XFRM_MODE_TUN */*/*
> 4.19.y-cip/arm/moxa_mxc_defconfig:CONFIG_INET6_XFRM_MODE_TUNNEL=m
> 4.19.y-cip/arm/siemens_imx6.config:CONFIG_INET6_XFRM_MODE_TUNNEL=y
> 4.19.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_INET6_XFRM_MODE_TUNNEL=m
> 4.19.y-cip/x86/plathome_obsvx2.config:CONFIG_INET6_XFRM_MODE_TUNNEL=m
> 4.19.y-cip/x86/plathome_obsvx2_defconfig:CONFIG_INET6_XFRM_MODE_TUNNEL=m
> 4.19.y-cip/x86/siemens_ipc227e_defconfig:#
> CONFIG_INET6_XFRM_MODE_TUNNEL is not set
> 4.4.y-cip/arm/moxa_mxc_defconfig:CONFIG_INET6_XFRM_MODE_TUNNEL=m
> 4.4.y-cip/arm/siemens_am57xx-pxm3.config:CONFIG_INET6_XFRM_MODE_TUNNEL=m
> 4.4.y-cip/arm/siemens_dcu2.config:CONFIG_INET6_XFRM_MODE_TUNNEL=y
> 4.4.y-cip/arm/siemens_imx6_defconfig:CONFIG_INET6_XFRM_MODE_TUNNEL=y
> 4.4.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_INET6_XFRM_MODE_TUNNEL=m
> 4.4.y-cip/x86/plathome_obsvx1.config:CONFIG_INET6_XFRM_MODE_TUNNEL=m
> 4.4.y-cip/x86/siemens_iot2000.config:CONFIG_INET6_XFRM_MODE_TUNNEL=y
> 5.10.y-cip/arm/moxa_mxc_defconfig:CONFIG_INET6_XFRM_MODE_TUNNEL=m
> 5.10.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_INET6_XFRM_MODE_TUNNEL=m
> 5.10.y-cip/x86/plathome_obsvx2_defconfig:CONFIG_INET6_XFRM_MODE_TUNNEL=m
> 5.10.y-cip/x86/siemens_ipc227e_defconfig:#
> CONFIG_INET6_XFRM_MODE_TUNNEL is not set

[-- Attachment #2: Type: text/plain, Size: 420 bytes --]


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#6148): https://lists.cip-project.org/g/cip-dev/message/6148
Mute This Topic: https://lists.cip-project.org/mt/80176441/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-