[cip-dev] Cip-kernel-sec Updates for Week of 2020-11-26

[cip-dev] Cip-kernel-sec Updates for Week of 2020-11-26

[Chen-Yu Tsai]

[-- Attachment #1: Type: text/plain, Size: 1240 bytes --]

Hi everyone,

This week we have six new issues:

- CVE-2020-15436 [blockdev UAF] - Fixed in all stable kernels

- CVE-2020-15437 [serial/8250 NULL pointer dereference] -
  Fixed in all stable kernels

- CVE-2020-27777 [powerpc/rtas usage check] - Fix backported to 4.14+

Since no member requires ppc support, we can ignore this.
Though if anyone wishes to look into this, this might require backporting
to 4.4 and 4.9.

- CVE-2020-28915 [fbcon_get_font() global-out-of-bounds] -
  Fixed in all stable kernels

- CVE-2020-28941 [accessibility/speakup] - Fixed in relevant stable kernels

- CVE-2020-4788 [powerpc/power9 speculation] - Fixed in 4.9, 4.19, and mainline

The stable commits were imported from Debian, which only tracks 4.9 and 4.19.
4.9 requires one less commit compared to 4.19 and mainline. I suspect 4.14
and 5.4 might also contain the fixes, but manual matching would be required.


Regarding old issues:

CVE-2020-27673 is fixed for 4.9 with one less commit than mainline, due to
a feature introduced later. I suspect 4.4 might be the same, but this will
require some manual matching.

CVE-2019-12881 marked as fixed for all stable kernels.

CVE-2020-slab-out-of-bounds-read-fbcon is now CVE-2020-28974.


Regards
ChenYu

[-- Attachment #2: Type: text/plain, Size: 420 bytes --]


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#5889): https://lists.cip-project.org/g/cip-dev/message/5889
Mute This Topic: https://lists.cip-project.org/mt/78608275/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-

[cip-dev] Cip-kernel-sec Updates for Week of 2020-11-26

[Chen-Yu Tsai (Moxa)]

[-- Attachment #1: Type: text/plain, Size: 1283 bytes --]

(Resent from correct email address.)

Hi everyone,

This week we have six new issues:

- CVE-2020-15436 [blockdev UAF] - Fixed in all stable kernels

- CVE-2020-15437 [serial/8250 NULL pointer dereference] -
  Fixed in all stable kernels

- CVE-2020-27777 [powerpc/rtas usage check] - Fix backported to 4.14+

Since no member requires ppc support, we can ignore this.
Though if anyone wishes to look into this, this might require backporting
to 4.4 and 4.9.

- CVE-2020-28915 [fbcon_get_font() global-out-of-bounds] -
  Fixed in all stable kernels

- CVE-2020-28941 [accessibility/speakup] - Fixed in relevant stable kernels

- CVE-2020-4788 [powerpc/power9 speculation] - Fixed in 4.9, 4.19, and mainline

The stable commits were imported from Debian, which only tracks 4.9 and 4.19.
4.9 requires one less commit compared to 4.19 and mainline. I suspect 4.14
and 5.4 might also contain the fixes, but manual matching would be required.


Regarding old issues:

CVE-2020-27673 is fixed for 4.9 with one less commit than mainline, due to
a feature introduced later. I suspect 4.4 might be the same, but this will
require some manual matching.

CVE-2019-12881 marked as fixed for all stable kernels.

CVE-2020-slab-out-of-bounds-read-fbcon is now CVE-2020-28974.


Regards
ChenYu
Moxa

[-- Attachment #2: Type: text/plain, Size: 420 bytes --]


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#5882): https://lists.cip-project.org/g/cip-dev/message/5882
Mute This Topic: https://lists.cip-project.org/mt/78526203/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-