* [cip-dev] Cip-kernel-sec Updates for Week of 2021-04-22
@ 2021-04-22 7:04 Chen-Yu Tsai (Moxa)
0 siblings, 0 replies; only message in thread
From: Chen-Yu Tsai (Moxa) @ 2021-04-22 7:04 UTC (permalink / raw)
To: cip-dev; +Cc: Pavel Machek, Nobuhiro Iwamatsu, masashi.kudo
[-- Attachment #1: Type: text/plain, Size: 985 bytes --]
Hi everyone,
Seven new CVEs this week, though three can be ignored.
- CVE-2021-1076 [nvidia out-of-tree driver DoS] - ignore
- CVE-2021-1077 [nvidia out-of-tree driver DoS] - ignore
- CVE-2021-23133 [net/sctp: race in sctp_destroy_sock] - fixed
Needs backport to kernels before 5.4
- CVE-2021-29155 [bpf: kernel memory content leak] - fixed
Debian notes this likely only affects 5.8 and later.
I intend to mark it as such if no one objects.
- CVE-2021-3492 [shiftfs: double free] - ignore Ubuntu specific
- CVE-2021-3493 [overlayfs: privilege escalation] - fixed
- CVE-2021-3506 [f2fs: out-of-bounds access] - fix queued up for -next
Regarding CVE-2021-29650 from 4/1, it seems Pavel's backport
still didn't hit the stable mailing list. Guenter ended up
posting backports [1] for all the old LTS kernels, but there
were some other issues and he asked Greg to drop them.
Regards
ChenYu
[1] https://lore.kernel.org/stable/1780f159-140b-231f-8af5-ccec049dc8b0@roeck-us.net/
[-- Attachment #2: Type: text/plain, Size: 428 bytes --]
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#6382): https://lists.cip-project.org/g/cip-dev/message/6382
Mute This Topic: https://lists.cip-project.org/mt/82280293/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/4520388/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-04-22 7:04 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-22 7:04 [cip-dev] Cip-kernel-sec Updates for Week of 2021-04-22 Chen-Yu Tsai (Moxa)
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.