[cip-dev] Cip-kernel-sec Updates for Week of 2021-04-22

[cip-dev] Cip-kernel-sec Updates for Week of 2021-04-22

[Chen-Yu Tsai (Moxa)]

[-- Attachment #1: Type: text/plain, Size: 985 bytes --]

Hi everyone,

Seven new CVEs this week, though three can be ignored.

- CVE-2021-1076 [nvidia out-of-tree driver DoS] - ignore
- CVE-2021-1077 [nvidia out-of-tree driver DoS] - ignore
- CVE-2021-23133 [net/sctp: race in sctp_destroy_sock] - fixed
  Needs backport to kernels before 5.4

- CVE-2021-29155 [bpf: kernel memory content leak] - fixed
  Debian notes this likely only affects 5.8 and later.
  I intend to mark it as such if no one objects.

- CVE-2021-3492 [shiftfs: double free] - ignore Ubuntu specific
- CVE-2021-3493 [overlayfs: privilege escalation] - fixed
- CVE-2021-3506 [f2fs: out-of-bounds access] - fix queued up for -next

Regarding CVE-2021-29650 from 4/1, it seems Pavel's backport
still didn't hit the stable mailing list. Guenter ended up
posting backports [1] for all the old LTS kernels, but there
were some other issues and he asked Greg to drop them.


Regards
ChenYu

[1] https://lore.kernel.org/stable/1780f159-140b-231f-8af5-ccec049dc8b0@roeck-us.net/

[-- Attachment #2: Type: text/plain, Size: 428 bytes --]


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#6382): https://lists.cip-project.org/g/cip-dev/message/6382
Mute This Topic: https://lists.cip-project.org/mt/82280293/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/4520388/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-