From: Masami Ichikawa <masami.ichikawa@miraclelinux.com>
To: cip-dev <cip-dev@lists.cip-project.org>
Subject: New CVE entries this week
Date: Thu, 10 Nov 2022 08:02:05 +0900 [thread overview]
Message-ID: <CAODzB9pTzPzkeG7W6uY-E5ivktoXzv5=tQ77QnC7qNbk-h1udg@mail.gmail.com> (raw)
Hi !
It's this week's CVE report.
This week reported 3 new CVEs and 2 updated CVEs.
* New CVEs
CVE-2022-42895: Bluetooth: L2CAP: Fix attempting to access uninitialized memory
CVSS v3 score is not provided.
An accessing uninitialized variable bug was found in
l2cap_parse_conf_req() in net/bluetooth/l2cap_core.c
The efs variable is on the stack. It is initialized when the type
variable is L2CAP_CONF_EFS.
So, if type isn't L2CAP_CONF_EFS and rfc.mode is L2CAP_MODE_ERTM, then
accessing uninitialized variable bug occurs.
It looks 4.4 is affected by this issue too.
Fixed status
mainline: [b1a2cd50c0357f243b7435a732b4e62ba3157a2e]
CVE-2022-42896: Bluetooth: L2CAP: Fix accepting connection request for
invalid SPSM
CVSS v3 score is not provided.
There was a valid range check for SPSM. Therefore, it will accept
connections with invalid SPSM value.
It looks 4.4 is affected by this issue too.
Fixed status
mainline: [711f8c3fb3db61897080468586b970c87c61d9e4]
CVE-2022-43945: A buffer overflow bug was found in nfsd
CVSS v3 score is 7.5 HIGH.
The Linux kernel NFSD implementation prior to versions 5.19.17 and
6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of
pages held by each NFSD thread by combining the receive and send
buffers of a remote procedure call (RPC) into a single array of pages.
A client can force the send buffer to shrink by sending an RPC message
over TCP with garbage data added at the end of the message. The RPC
message with garbage data is still correctly formed according to the
specification and is passed forward to handlers. Vulnerable code in
NFSD is not expecting the oversized request and writes beyond the
allocated buffer space.
nfsd3_proc_read() and nfsd_proc_read() changed to set argp->count
value adding an extra min_t() macro.
nfsd_init_dirlist_pages() and nfsd3_init_dirlist_pages() changed the
process of setting buf->buflen value.
However, 4.4, 4.19, 5.10 use different ways to set these values. So,
even if these kernels are vulnerable, it needs a different way to fix
them.
Fixed status
mainline: [00b4492686e0497fdb924a9d4c8f6f99377e176c,
640f87c190e0d1b2a0fcb2ecf6d2cd53b1c41991,
401bc1f90874280a80b93f23be33a0e7e2d1f912,
fa6be9cc6e80ec79892ddf08a8c10cabab9baf38]
stable/5.15: [dc7f225090c29a5f3b9419b1af32846a201555e7,
071a076fd1b763aa6fe478efa047e0a549ba9c22,
2be9331ca6061bc6ea32247266f45b8b21030244,
75d9de25a6f833dd0701ca546ac926cabff2b5af]
stable/6.0: [f59c74df82f6ac9d2ea4e01aa3ae7c6c4481652d,
279274e31270c28b86feffe5e166d4088f22317b,
1868332032eccbab8c1878a0d918193058c0a905,
309f29361b6bfae96936317376f1114568c5de19]
* Updated CVEs
CVE-2022-20369: 'media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP
buffers across ioctls
4.14 and 4.19 were fixed this week.
Fixed status
mainline: [8310ca94075e784bbb06593cd6c068ee6b6e4ca6]
stable/4.14: [7339b6bdf9e084f9e83c084ccc8879b6ae80b75a]
stable/4.19: [95c4751705f7eef0f16a245e121259857f867c4a]
stable/5.10: [8a83731a09a5954b85b1ce49c01ff5c2a3465cb7]
stable/5.15: [48d00e24822e4384edcee3aae03d54c1b7982eba]
stable/5.4: [54e1abbe856020522a7952140c26a4426f01dab6]
CVE-2022-3524: tcp/udp: Fix memory leak in ipv6_renew_options().
5.15 and 6.0 were fixed this week.
Fixed status
mainline: [3c52c6bb831f6335c176a0fc7214e26f43adbd11]
stable/5.15: [1401e9336bebaa6dd5a320f83bddc17619d4e3a6]
stable/6.0: [0c5d628f1e1d049c33595693fab1b6e9baf25795]
Currently tracking CVEs
CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in
Bluetooth Core Specifications 4.0 through 5.2
There is no fix information.
CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning
No fix information.
CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh
Provisioning Leads to MITM
No fix information.
CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning
No fix information.
CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning
No fix information.
Regards,
--
Masami Ichikawa
Cybertrust Japan Co., Ltd.
Email :masami.ichikawa@cybertrust.co.jp
:masami.ichikawa@miraclelinux.com
next reply other threads:[~2022-11-09 23:02 UTC|newest]
Thread overview: 94+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-09 23:02 Masami Ichikawa [this message]
2022-11-10 8:33 ` [cip-dev] New CVE entries this week Pavel Machek
-- strict thread matches above, loose matches on Subject: below --
2023-09-13 22:34 Masami Ichikawa
2023-09-06 23:22 Masami Ichikawa
2023-08-30 23:08 Masami Ichikawa
2023-08-23 22:47 Masami Ichikawa
2023-08-16 23:04 Masami Ichikawa
2023-08-10 0:04 Masami Ichikawa
2023-08-02 23:38 Masami Ichikawa
2023-07-26 23:15 Masami Ichikawa
2023-07-20 0:25 Masami Ichikawa
2023-07-12 23:24 Masami Ichikawa
2023-07-06 0:35 Masami Ichikawa
2023-06-29 0:26 Masami Ichikawa
2023-06-21 23:07 Masami Ichikawa
2023-06-14 22:43 Masami Ichikawa
2023-06-07 22:19 Masami Ichikawa
2023-05-31 23:54 Masami Ichikawa
2023-05-24 22:50 Masami Ichikawa
2023-05-17 23:10 Masami Ichikawa
2023-05-10 23:47 Masami Ichikawa
2023-05-03 22:53 Masami Ichikawa
2023-04-26 23:10 Masami Ichikawa
2023-04-19 23:49 Masami Ichikawa
2023-04-13 0:19 Masami Ichikawa
2023-04-06 0:19 Masami Ichikawa
2023-03-29 23:52 Masami Ichikawa
2023-03-22 23:10 Masami Ichikawa
2023-03-16 0:03 Masami Ichikawa
2023-03-08 23:53 Masami Ichikawa
2023-03-02 1:40 Masami Ichikawa
2023-02-22 23:33 Masami Ichikawa
2023-02-15 23:19 Masami Ichikawa
2023-02-08 23:44 Masami Ichikawa
2023-02-02 0:55 Masami Ichikawa
2023-01-25 23:59 Masami Ichikawa
2023-01-19 0:14 Masami Ichikawa
2023-03-03 14:08 ` Dan Carpenter
2023-01-12 0:21 Masami Ichikawa
2023-01-05 1:04 Masami Ichikawa
2022-12-29 0:00 Masami Ichikawa
2022-12-21 22:58 Masami Ichikawa
2023-02-01 8:09 ` Dan Carpenter
2023-02-01 13:59 ` Dan Carpenter
2022-12-15 3:25 Masami Ichikawa
2023-01-19 7:51 ` Dan Carpenter
2023-01-19 13:56 ` Masami Ichikawa
2023-01-19 15:24 ` Dan Carpenter
2022-12-07 23:25 Masami Ichikawa
2022-11-30 23:26 Masami Ichikawa
2022-11-24 1:24 Masami Ichikawa
2022-11-17 0:11 Masami Ichikawa
2022-11-02 23:20 Masami Ichikawa
2022-10-27 0:55 Masami Ichikawa
2022-10-20 0:48 Masami Ichikawa
2022-10-12 23:43 Masami Ichikawa
2022-10-05 23:53 Masami Ichikawa
2022-09-28 23:42 Masami Ichikawa
2022-09-22 0:06 Masami Ichikawa
2022-09-14 23:53 Masami Ichikawa
2022-09-07 23:07 Masami Ichikawa
2022-09-01 0:12 Masami Ichikawa
2022-08-25 1:18 Masami Ichikawa
2022-08-17 23:23 Masami Ichikawa
2022-08-10 23:20 Masami Ichikawa
2022-08-04 0:29 Masami Ichikawa
2022-07-27 23:45 Masami Ichikawa
2022-07-21 0:01 Masami Ichikawa
2022-07-14 0:54 Masami Ichikawa
2022-07-06 23:21 Masami Ichikawa
2022-06-29 22:50 Masami Ichikawa
2022-06-22 23:47 Masami Ichikawa
2022-06-15 23:44 Masami Ichikawa
2022-06-08 23:44 Masami Ichikawa
2022-06-02 0:14 Masami Ichikawa
2022-05-25 23:12 Masami Ichikawa
2022-05-19 0:21 Masami Ichikawa
2022-05-12 0:15 Masami Ichikawa
2022-05-04 22:53 Masami Ichikawa
2022-04-27 23:03 Masami Ichikawa
2022-04-21 0:00 Masami Ichikawa
2022-04-14 0:10 Masami Ichikawa
2022-04-06 23:50 Masami Ichikawa
2022-03-30 23:22 Masami Ichikawa
2022-03-24 0:42 Masami Ichikawa
2022-03-16 23:34 Masami Ichikawa
2022-03-09 23:55 Masami Ichikawa
2022-03-02 23:50 Masami Ichikawa
2022-02-23 23:41 Masami Ichikawa
2022-02-17 0:09 Masami Ichikawa
2022-02-10 1:35 Masami Ichikawa
2022-02-03 0:28 Masami Ichikawa
2022-01-05 23:31 Masami Ichikawa
2021-10-28 0:05 Masami Ichikawa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAODzB9pTzPzkeG7W6uY-E5ivktoXzv5=tQ77QnC7qNbk-h1udg@mail.gmail.com' \
--to=masami.ichikawa@miraclelinux.com \
--cc=cip-dev@lists.cip-project.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.