From: Masami Ichikawa <masami.ichikawa@miraclelinux.com>
To: cip-dev@lists.cip-project.org
Subject: Re: [cip-dev] New CVE entries in this week
Date: Thu, 9 Dec 2021 23:12:07 +0900 [thread overview]
Message-ID: <CAODzB9qxwVDVCosFY6LU9iXxqBTOFcjoANgj9-cLkzoc6mam4Q@mail.gmail.com> (raw)
In-Reply-To: <20211209092052.GA14638@amd>
Hi !
On Thu, Dec 9, 2021 at 6:21 PM Pavel Machek <pavel@denx.de> wrote:
>
> Hi!
>
> > * New CVEs
> >
> > CVE-2021-39636: "no details"
> >
> > CVSS v3 score is not provided
> >
> > There is no vulnerability details yet. However, there is five patches
> > are addressed so the bug is in the netfilter module.
> >
> > f32815d ("xtables: add xt_match, xt_target and data copy_to_user
> > functions"): merged in 4.11-rc1
> > f77bc5b ("iptables: use match, target and data copy_to_user helpers"):
> > merged in 4.11-rc1
> > e47ddb2 ("ip6tables: use match, target and data copy_to_user
> > helpers"): merged in 4.11-rc1
> > ec23189 ("xtables: extend matches and targets with .usersize"): merged
> > in 4.11-rc1
> > 1e98ffe ("netfilter: x_tables: fix pointer leaks to userspace"):
> > merged in 4.16-rc1. This fixes commit ec23189 ("xtables: extend
> > matches and targets with .usersize") that was merged in 4.11-rc1.
> >
> > Fixed status
> >
> > mainline: [f32815d21d4d8287336fb9cef4d2d9e0866214c2,
> > f77bc5b23fb1af51fc0faa8a479dea8969eb5079,
> > e47ddb2c4691fd2bd8d25745ecb6848408899757,
> > ec23189049651b16dc2ffab35a4371dc1f491aca,
> > 1e98ffea5a8935ec040ab72299e349cb44b8defd]
> > stable/4.14: [f32815d21d4d8287336fb9cef4d2d9e0866214c2,
> > f77bc5b23fb1af51fc0faa8a479dea8969eb5079,
> > e47ddb2c4691fd2bd8d25745ecb6848408899757,
> > ec23189049651b16dc2ffab35a4371dc1f491aca,
> > ad10785a706e63ff155fc97860cdcc5e3bc5992d]
>
> Hmm. Fun. 1e98ffea5a8935ec040ab72299e349cb44b8defd may have a clue:
>
> This leads to kernel pointer leaks if a match/target is set
> and then read back to userspace.
>
> So that sounds like KASLR workaround? iptables are normally limited to
> priviledged users, and KASLR is just a technology to make exploitation
> hard. I don't think we care too much here.
>
I got it.
> > CVE-2018-25020: bpf: fix truncated jump targets on heavy expansions
> >
> > CVSS v3 score is not provided
> >
> > Fixed status
> >
> > The BPF subsystem in the kernel through 4.17-rc7 has overflow bug.
> >
> > mainline: [050fad7c4534c13c8eb1d9c2ba66012e014773cb]
>
> Fun. JITs are hard to get right. I guess "avoid BPF" and "certainly
> don't allow unpriviledged access to BPF" is good advice.
>
Yeah, I agree.
> Best regards,
> Pavel
> --
> DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
> HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#7079): https://lists.cip-project.org/g/cip-dev/message/7079
> Mute This Topic: https://lists.cip-project.org/mt/87601555/4520416
> Group Owner: cip-dev+owner@lists.cip-project.org
> Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129101/4520416/1465703922/xyzzy [masami.ichikawa@miraclelinux.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
Regards,
--
Masami Ichikawa
Cybertrust Japan Co., Ltd.
Email :masami.ichikawa@cybertrust.co.jp
:masami.ichikawa@miraclelinux.com
next prev parent reply other threads:[~2021-12-09 14:12 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-08 23:44 New CVE entries in this week Masami Ichikawa
2021-12-09 9:20 ` [cip-dev] " Pavel Machek
2021-12-09 14:12 ` Masami Ichikawa [this message]
-- strict thread matches above, loose matches on Subject: below --
2022-01-26 23:51 Masami Ichikawa
2022-01-27 8:21 ` [cip-dev] " nobuhiro1.iwamatsu
2022-01-28 6:18 ` Masami Ichikawa
2022-01-29 21:03 ` Pavel Machek
2022-01-31 0:00 ` Masami Ichikawa
2022-01-12 23:39 Masami Ichikawa
2022-01-13 8:07 ` [cip-dev] " Pavel Machek
2022-01-13 12:41 ` Masami Ichikawa
2021-12-29 23:29 Masami Ichikawa
2021-12-30 10:20 ` [cip-dev] " Pavel Machek
2021-12-30 23:05 ` Masami Ichikawa
2021-12-23 0:48 Masami Ichikawa
2021-12-23 17:11 ` [cip-dev] " Pavel Machek
2021-12-15 23:49 Masami Ichikawa
2021-12-16 5:26 ` [cip-dev] " nobuhiro1.iwamatsu
2021-12-16 5:58 ` Masami Ichikawa
2021-12-16 8:49 ` Pavel Machek
[not found] <16BAA9D56D09F20A.23256@lists.cip-project.org>
2021-11-25 5:16 ` Masami Ichikawa
2021-11-25 8:00 ` nobuhiro1.iwamatsu
2021-11-25 12:00 ` Masami Ichikawa
2021-11-25 9:09 ` Pavel Machek
2021-11-25 12:01 ` Masami Ichikawa
2021-11-25 2:41 Masami Ichikawa
2021-11-25 9:14 ` [cip-dev] " Pavel Machek
2021-11-10 23:52 Masami Ichikawa
2021-11-11 9:21 ` [cip-dev] " Pavel Machek
2021-11-11 12:47 ` Masami Ichikawa
2021-11-04 1:11 New CVE Entries " Masami Ichikawa
2021-11-04 9:57 ` [cip-dev] " Pavel Machek
2021-11-04 13:04 ` Masami Ichikawa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAODzB9qxwVDVCosFY6LU9iXxqBTOFcjoANgj9-cLkzoc6mam4Q@mail.gmail.com \
--to=masami.ichikawa@miraclelinux.com \
--cc=cip-dev@lists.cip-project.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.