Hi! On Thu, Aug 5, 2021 at 6:00 PM Pavel Machek wrote: > > Hi! > > > ** Updated CVEs > > > CVE-2021-22543: v4.19 and v5.10 are fixed. v4.4 uses another way to > > get pfn. If v4.4 is vulnerable it needs to write its own patch. > > 4.4 is very different in that area, and KVM is not exactly our > focus. A lot of research would be needed. I guess we can simply ignore > this one. > > > * CVE detail > > > > CVE-2021-35477: unprivileged BPF program can obtain sensitive > > information from kernel memory via a speculative store bypass > > side-channel attack because the technique used by the BPF verifier to > > manage speculation is unreliable > > > > CVE-2021-34556 and CVE-2021-35477 are fixed by the same commits. > > commit 2039f26f3aca fixes af86ca4e3088(introduced by v4.17-rc7) and > > f7cf25b2026d(introduced by v5.3-rc1). > > > > Fixed status > > mainline: [f5e81d1117501546b7be050c5fbafa6efd2c722c, > > 2039f26f3aca5b0e419b98f65dd36481337b86ee] > > stable/5.10: [bea9e2fd180892eba2574711b05b794f1d0e7b73, > > 0e9280654aa482088ee6ef3deadef331f5ac5fb0] > > stable/5.13: [ddab060f996e17b38bb181c5fd11a83fd1bfa0df, > > 0b27bdf02c400684225ee5ee99970bcbf5082282] > > Yes, speculation is huge problem, and getting BPF right with broken > CPUs will be hard. I'd hope CIP people are not using untrusted BTF > programs, and that we can ignore it. > I agree. Don't run untrusted programs on production system is most important thing. Ignore both CVE-2021-34556 and CVE-2021-35477. > > CVE-2021-3669: reading /proc/sysvipc/shm does not scale with large > > shared memory segment counts > > > > According to redhat bugzilla, it said "Not reported upstream, patches > > are being worked on. It is not considered high impact because of the > > requirements and need to have massive amount of shm (usually well > > above ulimits) ". > > > > https://bugzilla.redhat.com/show_bug.cgi?id=1986473#c10 > > DoS only, and only in unusual configuration. I believe we can ignore > this one. > I agree. > > CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c in the > > Linux kernel through 5.13.4 calls unregister_netdev without checking > > for the NETREG_REGISTERED state, leading to a use-after-free and a > > double free. > > > > The mainline, 5.10, 5.13 are fixed. > > > > Fixed status > > mainline: [a6ecfb39ba9d7316057cea823b196b734f6b18ca] > > stable/5.10: [115e4f5b64ae8d9dd933167cafe2070aaac45849] > > stable/5.13: [eeaa4b8d1e2e6f10362673d283a97dccc7275afa] > > I guess we could try to rework the function in similar way 5.10 did, > but... we are not using HSO in our configs, and I have hard time > imagining how "attacker" would trigger it. So this is... just a > bug. I'd suggest ignoring. > Thank you for checking the configuration. We don't use HSO configs so that we don't have attack surface therefore we can ignore it. > Best regards, > Pavel > > -- > DENX Software Engineering GmbH, Managing Director: Wolfgang Denk > HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany > > > Regards, -- Masami Ichikawa Cybertrust Japan Co., Ltd. Email :masami.ichikawa@cybertrust.co.jp :masami.ichikawa@miraclelinux.com