From: Masami Ichikawa <masami.ichikawa@miraclelinux.com>
To: cip-dev <cip-dev@lists.cip-project.org>
Subject: [kernel-cve-report] New CVE entries this week
Date: Thu, 7 Dec 2023 08:22:13 +0900 [thread overview]
Message-ID: <CAODzB9poD5_hCa4hZfxHbiRyqt15PgjrzzK_cZpcRW-Lkenu5Q@mail.gmail.com> (raw)
Hi!
It's this week's CVE report.
This week reported 2 new CVEs and 2 updated CVEs.
A cpu vulnerability called "Spectre based on Linear Address Masking"
(shortly SLAM) was published this week.
For more information is in https://seclists.org/oss-sec/2023/q4/260.
* New CVEs
CVE-2023-24023: A man-in-the-middle attacks was found in Bluetooth
Core Specification 4.2 through 5.4
CVSS v3(NIST): 6.8 (MEDIUM)
CVSS v3(CNA): N/A
Bluetooth BR/EDR devices with Secure Simple Pairing and Secure
Connections pairing in Bluetooth Core Specification 4.2 through 5.4
allow certain man-in-the-middle attacks that force a short key length,
and might lead to discovery of the encryption key and live injection,
aka BLUFFS.
This CVE's CPE is assigned to bluetooth(vendor) and
bluetooth_core_specification(product).
Fixed status
Not yet.
CVE-2023-33053: Memory corruption in Kernel while parsing metadata.
CVSS v3(NIST): N/A
CVSS v3(CNA): 8.4 (HIGH)
Bug is in the qcom_mdt_read_metadata() in the
drivers/soc/qcom/mdt_loader.c. This function was introduced by commit
498b98e ("soc: qcom: mdt_loader: Support loading non-split images") in
5.3-rc1.
The qcom_mdt_read_metadata() doesn't check if ehdr->e_phnum is bigger
than PN_XNUM so if ehdr->e_phnum is bigger than PN_XNUM it will occur
an oob access.
According to the cip-kernel-config repo, no CIP member enables
CONFIG_QCOM_MDT_LOADER.
Fixed status
Patch is available(https://git.codelinaro.org/clo/la/kernel/msm-5.4/-/commit/06426824a281c9aef5bf0c50927eae9c7431db1e)
but it hasn't been merged into the mainline yet.
* Updated CVEs
CVE-2023-45898: ext4: fix slab-use-after-free in ext4_es_insert_extent()
stable 5.15 and 6.1 were fixed.
Fixed status:
mainline: [768d612f79822d30a1e7d132a4d4b05337ce42ec]
stable/5.15: [e33eb4997585f2e17513e3f2923080dc08cbb00b]
stable/6.1: [8384d8c5cc398cf59ab829d71d750752002f0a21]
stable/6.5: [c15bf3330a9e3c01b23e59899a6a02432a62ddc3]
CVE-2023-6121: nvmet: nul-terminate the NQNs passed in the connect command
stable 5.15, 6.1, and 6.6 were fixed.
Fixed status
mainline: [1c22e0295a5eb571c27b53c7371f95699ef705ff]
stable/5.15: [e26c6febac43a2dd2c5fb993b2137489005d43bf]
stable/6.1: [0e485f12ebb7b69b67c7f85195a1b4aad95d354a]
stable/6.6: [2291653c27236d34ca7df3bfd3427ce6e30c2d95]
Currently tracking CVEs
CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in
Bluetooth Core Specifications 4.0 through 5.2
There is no fix information.
CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning
No fix information.
CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh
Provisioning Leads to MITM
No fix information.
CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning
No fix information.
CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning
No fix information.
Regards,
--
Masami Ichikawa
Cybertrust Japan Co., Ltd.
Email :masami.ichikawa@cybertrust.co.jp
:masami.ichikawa@miraclelinux.com
next reply other threads:[~2023-12-06 23:22 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-06 23:22 Masami Ichikawa [this message]
-- strict thread matches above, loose matches on Subject: below --
2024-05-23 0:56 [kernel-cve-report] New CVE entries this week Masami Ichikawa
2024-05-23 6:12 ` Jan Kiszka
2024-05-15 22:11 Masami Ichikawa
2024-05-08 23:45 Masami Ichikawa
2024-05-02 3:10 Masami Ichikawa
2024-04-24 22:53 Masami Ichikawa
2024-04-18 4:09 Masami Ichikawa
2024-04-11 2:21 Masami Ichikawa
2024-04-04 5:34 Masami Ichikawa
2024-03-27 23:10 Masami Ichikawa
2024-03-20 23:36 Masami Ichikawa
2024-03-13 23:34 Masami Ichikawa
2024-03-07 3:08 Masami Ichikawa
2024-02-29 0:02 Masami Ichikawa
2024-02-22 0:31 Masami Ichikawa
2024-02-14 22:47 Masami Ichikawa
2024-02-07 23:05 Masami Ichikawa
2024-01-31 23:18 Masami Ichikawa
2024-01-24 23:17 Masami Ichikawa
2024-01-10 22:52 Masami Ichikawa
2024-01-03 23:09 Masami Ichikawa
2023-12-27 22:47 Masami Ichikawa
2023-12-20 23:08 Masami Ichikawa
2023-12-13 22:52 Masami Ichikawa
2023-11-29 23:03 Masami Ichikawa
2023-11-22 23:21 Masami Ichikawa
2023-11-15 22:48 Masami Ichikawa
2023-11-08 22:55 Masami Ichikawa
2023-11-01 22:42 Masami Ichikawa
2023-10-25 23:30 Masami Ichikawa
2023-10-18 23:20 Masami Ichikawa
2023-10-11 22:54 Masami Ichikawa
2023-10-04 22:09 Masami Ichikawa
2023-09-27 22:58 Masami Ichikawa
2023-09-20 22:51 Masami Ichikawa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAODzB9poD5_hCa4hZfxHbiRyqt15PgjrzzK_cZpcRW-Lkenu5Q@mail.gmail.com \
--to=masami.ichikawa@miraclelinux.com \
--cc=cip-dev@lists.cip-project.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.