From: "Masami Ichikawa" <masami.ichikawa@miraclelinux.com>
To: cip-dev <cip-dev@lists.cip-project.org>
Subject: [cip-dev] New CVE entry this week
Date: Thu, 9 Sep 2021 11:39:58 +0900 [thread overview]
Message-ID: <CAODzB9oqUztiFZjcd0=dSBJ-bDjfdZ4eW8R69=m0fuZmKOb0qg@mail.gmail.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 8073 bytes --]
Hi !
It's this week's CVE report.
This week reported 3 new CVEs. These CVEs have been fixed in mainline
and some stable kernels.
* New CVEs
CVE-2021-3715: kernel: use-after-free in route4_change() in
net/sched/cls_route.c
This vulnerability was introduced in 3.18-rc1 and fixed in 5.6.
Therefore 5.6 or later kernels aren't affect this vulnerability.
Fixed status
cip/4.19: [ea3d6652c240978736a91b9e85fde9fee9359be4]
cip/4.19-rt: [ea3d6652c240978736a91b9e85fde9fee9359be4]
cip/4.4: [7518af6464b47a0d775173570c3d25f699da2a5e]
cip/4.4-rt: [7518af6464b47a0d775173570c3d25f699da2a5e]
mainline: [ef299cc3fa1a9e1288665a9fdc8bff55629fd359]
stable/4.14: [f0c92f59cf528bc1b872f2ca91b01e128a2af3e6]
stable/4.19: [ea3d6652c240978736a91b9e85fde9fee9359be4]
stable/4.4: [7518af6464b47a0d775173570c3d25f699da2a5e]
stable/4.9: [97a8e7afaee8fc4f08662cf8e4f495b87874aa91]
stable/5.4: [ff28c6195814bdbd4038b08d39e40f8d65d2025e]
CVE-2021-3759: memcg: charge semaphores and sem_undo objects
This causes DoS attack. Patch was merged into mainline this week.
for 4.19, it needs modify or apply following patches to apply commit
18319498fdd4.
4a2ae92993be24ba727faa733e99d7980d389ec0: ipc/sem.c: replace
kvmalloc/memset with kvzalloc and use struct_size
bc8136a543aa839a848b49af5e101ac6de5f6b27: ipc: use kmalloc for
msg_queue and shmid_kernel
fc37a3b8b4388e73e8e3525556d9f1feeb232bb9: ipc sem: use kvmalloc for
sem_undo allocation
for 4.4, need to modify the patch.
Fixed status
mainline: [18319498fdd4cdf8c1c2c48cd432863b1f915d6f]
CVE-2021-40490: A race condition was discovered in
ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem
in the Linux kernel through 5.13.13.
Commit a54c4613dac1 fixes f19d5870cbf72d4cb2a8e1f749dff97af99b071e
which has been merged into 3.8-rc1.
Fixed status
mainline: [a54c4613dac1500b40e4ab55199f7c51f028e848]
stable/5.10: [09a379549620f122de3aa4e65df9329976e4cdf5]
stable/5.13: [c764e8fa4491da66780fcb30a0d43bfd3fccd12c]
stable/5.14: [f8ea208b3fbbc0546d71b47e8abaf98b0961dec1]
* Updated CVEs
CVE-2021-3542: media: firewire: firedtv-avc: fix a buffer overflow in
avc_ca_pmt()
Patch has been sent to linux-media list
(https://lore.kernel.org/linux-media/20210816072721.GA10534@kili/).
btw, no cip member enables DVB_FIREDTV.
Fixed status
Not fixed in mainline yet.
CVE-2021-3640: UAF in sco_send_frame function
According to the SUSE
bugzilla(https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=99c23da0eed4fd20cae8243f2b51e10e66aa0951
), patch has been merged into bluetooth-next tree as of 2021/09/03.
Fixed status
Not fixed in mainline yet.
CVE-2021-3739: btrfs: fix NULL pointer dereference when deleting
device by invalid id
This vulnerability is not affected before 4.20-rc1.
Fixed status
mainline: [e4571b8c5e9ffa1e85c0c671995bd4dcc5c75091]
stable/5.10: [c43add24dffdbac269d5610465ced70cfc1bad9e]
stable/5.13: [301aabe0239f227818622096be7e180fcdbedf80]
stable/5.14: [734dabfb6918d399024063c9db9093a83f804ce5]
stable/5.4: [d7f7eca72ecc08f0bb6897fda2290293fca63068]
CVE-2021-3753: vt_kdsetmode: extend console locking
A out-of-bounds caused by the race of KDSETMODE in VT.
Fixed status
mainline: [2287a51ba822384834dafc1c798453375d1107c7]
stable/4.14: [3f488313d96fc6512a4a0fe3ed56cce92cbeec94]
stable/4.19: [0776c1a20babb4ad0b7ce7f2f4e0806a97663187]
stable/4.4: [01da584f08cbb1e04f22796cc49b10d570cd5ec1]
stable/4.9: [755a2f40dda2d6b2e3b8624cb052e68947ee4d1f]
stable/5.10: [60d69cb4e60de0067e5d8aecacd86dfe92a5384a]
stable/5.13: [a5dfcf3d8ecc549f8dc324ab6caf9dd14de87986]
stable/5.14: [acf3c7b4fae092e7f5c170bc8a0fe2ead9b2a320]
stable/5.4: [f4418015201bdca0cd4e28b363d88096206e4ad0]
CVE-2021-3743: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c
The Qualcomm's IPC router protocol(qrtr) has been introduced since
4.15-rc1 so before 4.15 kernels aren't affected.
Fixed status
mainline: [7e78c597c3ebfd0cb329aa09a838734147e4f117]
stable/4.19: [ce7d8be2eaa4cab3032e256d154d1c33843d2367]
stable/5.10: [ad41706c771a038e9a334fa55216abd69b32bfdf]
stable/5.13: [d6060df9b53ab8098c954aac9acbacef6915e42a]
stable/5.4: [a6b049aeefa880a8bd7b1ae3a8804bda1e8b077e]
CVE-2021-38198: KVM: X86: MMU: Use the correct inherited permissions
to get shadow page
4.14 has been fixed this week.
mainline: [b1bd5cba3306691c771d558e94baa73e8b0b96b7]
stable/4.14: [cea9e8ee3b8059bd2b36d68f1f428d165e5d13ce]
stable/4.19: [4c07e70141eebd3db64297515a427deea4822957]
stable/5.10: [6b6ff4d1f349cb35a7c7d2057819af1b14f80437]
stable/5.4: [d28adaabbbf4a6949d0f6f71daca6744979174e2]
CVE-2021-3444: bpf: Fix truncation handling for mod32 dst reg wrt zero
The vulnerability has been introduced since 4.15-rc9. 4.4 is not affected.
4.19 has been fixed in this week.
Fixed status
mainline: [9b00f1b78809309163dda2d044d9e94a3c0248a3]
stable/4.19: [39f74b7c81cca139c05757d9c8f9d1e35fbbf56b]
stable/5.10: [3320bae8c115863b6f17993c2b7970f7f419da57]
stable/5.11: [55c262ea5d0f754648cd25aa73de081adaab07d9]
stable/5.4: [185c2266c1df80bec001c987d64cae2d9cd13816]
CVE-2021-3600: eBPF 32-bit source register truncation on div/mod
The vulnerability has been introduced since 4.15-rc9. 4.4 is not affected.
4.19 has been fixed in this week.We have been tracking this
vulnerability since Aug to watch 4.19 to be fixed, and now it is
finally fixed.
Fixed status
mainline: [e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90]
stable/4.19: [1d16cc210fabd0a7ebf52d3025f81c2bde054a90]
stable/5.10: [1d16cc210fabd0a7ebf52d3025f81c2bde054a90]
stable/5.4: [78e2f71b89b22222583f74803d14f3d90cdf9d12]
CVE-2021-3655: missing size validations on inbound SCTP packets
cip/4.4, cip/4.19, cip/4.4-rt, cip/4.19-rt, stable/4.14, and
stable/5.4 have been fixed this week.
Fixed status
mainline: [0c5dc070ff3d6246d22ddd931f23a6266249e3db,
50619dbf8db77e98d821d615af4f634d08e22698,
b6ffe7671b24689c09faa5675dd58f93758a97ae,
ef6c8d6ccf0c1dccdda092ebe8782777cd7803c9]
stable/4.19: [c7a03ebace4f9cd40d9cd9dd5fb2af558025583c,
dd16e38e1531258d332b0fc7c247367f60c6c381]
cip/4.19: [c7a03ebace4f9cd40d9cd9dd5fb2af558025583c,
dd16e38e1531258d332b0fc7c247367f60c6c381]
cip/4.19-rt: [c7a03ebace4f9cd40d9cd9dd5fb2af558025583c,
dd16e38e1531258d332b0fc7c247367f60c6c381]
stable/4.4: [48cd035cad5b5fad0648aa8294c4223bedb166dd]
cip/4.4: [48cd035cad5b5fad0648aa8294c4223bedb166dd]
cip/4.4-rt: [48cd035cad5b5fad0648aa8294c4223bedb166dd]
stable/4.9: [c7da1d1ed43a6c2bece0d287e2415adf2868697e]
stable/5.10: [d4dbef7046e24669278eba4455e9e8053ead6ba0,
6ef81a5c0e22233e13c748e813c54d3bf0145782]
stable/4.14: [f01bfaea62d14938ff2fbeaf67f0afec2ec64ab9,
d890768c1ed6688ca5cd54ee37a69d90ea8c422f]
stable/5.4: [03a5e454614dc095a70d88c85ac45ba799c79971,
a01745edc1c95ff53e261c493f15bb43b1338003]
Currently tracking CVEs
CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in
Bluetooth Core Specifications 4.0 through 5.2
There is no fix information.
CVE-2021-3640: UAF in sco_send_frame function
There is no fix information.
CVE-2020-26555: BR/EDR pin code pairing broken
There is no fix information
CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning
No fix information.
CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh
Provisioning Leads to MITM
No fix information.
CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning
No fix information.
CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning
No fix information.
Other topics.
About cve.mitre.org
CVE Website Transitioning to New Web Address – “CVE.ORG”
https://cve.mitre.org/news/archives/2021/news.html#September022021_CVE_Website_Transitioning_to_New_Web_Address_-_CVE.ORG
Regards,
--
Masami Ichikawa
Cybertrust Japan Co., Ltd.
Email :masami.ichikawa@cybertrust.co.jp
:masami.ichikawa@miraclelinux.com
[-- Attachment #2: Type: text/plain, Size: 429 bytes --]
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#6719): https://lists.cip-project.org/g/cip-dev/message/6719
Mute This Topic: https://lists.cip-project.org/mt/85476557/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/10495289/4520388/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-
next reply other threads:[~2021-09-09 2:40 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-09 2:39 Masami Ichikawa [this message]
2021-09-09 6:41 ` [cip-dev] New CVE entry this week Pavel Machek
2021-09-09 12:23 ` Masami Ichikawa
[not found] ` <CAMLqsBZCbrdOaxhuc81kvZsinS+_bFPp2tpmuVnczC1EXCA3Zg@mail.gmail.com>
2021-09-10 0:40 ` Masami Ichikawa
-- strict thread matches above, loose matches on Subject: below --
2021-10-21 1:21 Masami Ichikawa
2021-10-21 8:41 ` [cip-dev] " nobuhiro1.iwamatsu
2021-10-21 12:05 ` Masami Ichikawa
2021-10-13 23:54 Masami Ichikawa
2021-10-13 23:54 ` Masami Ichikawa
2021-10-14 6:55 ` Pavel Machek
2021-10-14 6:55 ` Pavel Machek
2021-10-07 0:59 Masami Ichikawa
2021-10-07 0:59 ` Masami Ichikawa
2021-10-07 7:30 ` Pavel Machek
2021-10-07 7:30 ` Pavel Machek
2021-10-07 11:38 ` Masami Ichikawa
2021-10-07 11:38 ` Masami Ichikawa
2021-09-30 0:12 Masami Ichikawa
2021-09-30 0:12 ` Masami Ichikawa
2021-09-30 6:33 ` nobuhiro1.iwamatsu
2021-09-30 6:33 ` Nobuhiro Iwamatsu
2021-09-30 12:11 ` Masami Ichikawa
2021-09-30 12:11 ` Masami Ichikawa
2021-09-23 1:52 Masami Ichikawa
2021-09-16 0:43 Masami Ichikawa
2021-09-16 4:55 ` Nobuhiro Iwamatsu
2021-09-02 1:05 Masami Ichikawa
2021-09-02 6:27 ` Pavel Machek
2021-09-02 7:10 ` Nobuhiro Iwamatsu
2021-09-02 12:17 ` Masami Ichikawa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAODzB9oqUztiFZjcd0=dSBJ-bDjfdZ4eW8R69=m0fuZmKOb0qg@mail.gmail.com' \
--to=masami.ichikawa@miraclelinux.com \
--cc=cip-dev@lists.cip-project.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.