From: Masami Ichikawa <masami.ichikawa@miraclelinux.com>
To: cip-dev <cip-dev@lists.cip-project.org>
Subject: New CVE entries this week.
Date: Thu, 6 Jan 2022 08:31:48 +0900 [thread overview]
Message-ID: <CAODzB9riQtRjSjO+_8MD10TTiZGYG8eKU1Kx+uN4NWzXYTQZEQ@mail.gmail.com> (raw)
Hi !
It's this week's CVE report.
This week reported 1 new CVE.
* New CVEs
CVE-2021-4197: cgroup: Use open-time creds and namespace for migration
perm checks
CVSS v3 score is not provided
A local attacker could escalate privileges for the containers or other
processes that uses cgroups
Patch series is available
(https://lore.kernel.org/lkml/20211209214707.805617-1-tj@kernel.org/T/)
but it hasn't been merged into the mainline yet.
Fixed status
Not fixed yet.
* Updated CVEs
CVE-2021-44733: tee: handle lookup of shm with reference count 0
This CVE was introduced by commit 967c9cc ("tee: generic TEE
subsystem") at 4.12-rc1. so 4.4 isn't affected this issue.
Fixed status
mainline: [dfd0743f1d9ea76931510ed150334d571fbab49d]
stable/4.14: [3d556a28bbfe34a80b014db49908b0f1bcb1ae80]
stable/4.19: [b4a661b4212b8fac8853ec3b68e4a909dccc88a1]
stable/5.10: [c05d8f66ec3470e5212c4d08c46d6cb5738d600d]
stable/5.15: [492eb7afe858d60408b2da09adc78540c4d16543]
stable/5.4: [940e68e57ab69248fabba5889e615305789db8a7]
CVE-2021-45100: ksmbd: disable SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1
This CVE was introduced by commit e2f3448 ("cifsd: add server-side
procedures for SMB3") which was merged at 5.15-rc1. so before 5.15
kernels are not affected.
Fixed status
mainline: [83912d6d55be10d65b5268d1871168b9ebe1ec4b]
stable/5.15: [a2c144d17623984fdafa4634ecf4ab64580d29bb]
CVE-2021-45469: f2fs: fix to do sanity check on last xattr entry in
__f2fs_setxattr()
The mainline hasn't been fixed yet.
Fixed status
stable/4.14: [88dedecc24763c2e0bc1e8eeb35f9f2cd785a7e5]
stable/4.19: [f9dfa44be0fb5e8426183a70f69a246cf5827f49]
stable/5.10: [fffb6581a23add416239dfcf7e7f3980c6b913da]
stable/5.15: [a8a9d753edd7f71e6a2edaa580d8182530b68791]
stable/5.4: [b0406b5ef4e2c4fb21d9e7d5c36a0453b4279e9b]
Currently tracking CVEs
CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in
Bluetooth Core Specifications 4.0 through 5.2
There is no fix information.
CVE-2020-26555: BR/EDR pin code pairing broken
No fix information
CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning
No fix information.
CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh
Provisioning Leads to MITM
No fix information.
CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning
No fix information.
CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning
No fix information.
Regards,
--
Masami Ichikawa
Cybertrust Japan Co., Ltd.
Email :masami.ichikawa@cybertrust.co.jp
:masami.ichikawa@miraclelinux.com
next reply other threads:[~2022-01-05 23:32 UTC|newest]
Thread overview: 93+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-05 23:31 Masami Ichikawa [this message]
-- strict thread matches above, loose matches on Subject: below --
2023-09-13 22:34 New CVE entries this week Masami Ichikawa
2023-09-06 23:22 Masami Ichikawa
2023-08-30 23:08 Masami Ichikawa
2023-08-23 22:47 Masami Ichikawa
2023-08-16 23:04 Masami Ichikawa
2023-08-10 0:04 Masami Ichikawa
2023-08-02 23:38 Masami Ichikawa
2023-07-26 23:15 Masami Ichikawa
2023-07-20 0:25 Masami Ichikawa
2023-07-12 23:24 Masami Ichikawa
2023-07-06 0:35 Masami Ichikawa
2023-06-29 0:26 Masami Ichikawa
2023-06-21 23:07 Masami Ichikawa
2023-06-14 22:43 Masami Ichikawa
2023-06-07 22:19 Masami Ichikawa
2023-05-31 23:54 Masami Ichikawa
2023-05-24 22:50 Masami Ichikawa
2023-05-17 23:10 Masami Ichikawa
2023-05-10 23:47 Masami Ichikawa
2023-05-03 22:53 Masami Ichikawa
2023-04-26 23:10 Masami Ichikawa
2023-04-19 23:49 Masami Ichikawa
2023-04-13 0:19 Masami Ichikawa
2023-04-06 0:19 Masami Ichikawa
2023-03-29 23:52 Masami Ichikawa
2023-03-22 23:10 Masami Ichikawa
2023-03-16 0:03 Masami Ichikawa
2023-03-08 23:53 Masami Ichikawa
2023-03-02 1:40 Masami Ichikawa
2023-02-22 23:33 Masami Ichikawa
2023-02-15 23:19 Masami Ichikawa
2023-02-08 23:44 Masami Ichikawa
2023-02-02 0:55 Masami Ichikawa
2023-01-25 23:59 Masami Ichikawa
2023-01-19 0:14 Masami Ichikawa
2023-03-03 14:08 ` Dan Carpenter
2023-01-12 0:21 Masami Ichikawa
2023-01-05 1:04 Masami Ichikawa
2022-12-29 0:00 Masami Ichikawa
2022-12-21 22:58 Masami Ichikawa
2023-02-01 8:09 ` Dan Carpenter
2023-02-01 13:59 ` Dan Carpenter
2022-12-15 3:25 Masami Ichikawa
2023-01-19 7:51 ` Dan Carpenter
2023-01-19 13:56 ` Masami Ichikawa
2023-01-19 15:24 ` Dan Carpenter
2022-12-07 23:25 Masami Ichikawa
2022-11-30 23:26 Masami Ichikawa
2022-11-24 1:24 Masami Ichikawa
2022-11-17 0:11 Masami Ichikawa
2022-11-09 23:02 Masami Ichikawa
2022-11-02 23:20 Masami Ichikawa
2022-10-27 0:55 Masami Ichikawa
2022-10-20 0:48 Masami Ichikawa
2022-10-12 23:43 Masami Ichikawa
2022-10-05 23:53 Masami Ichikawa
2022-09-28 23:42 Masami Ichikawa
2022-09-22 0:06 Masami Ichikawa
2022-09-14 23:53 Masami Ichikawa
2022-09-07 23:07 Masami Ichikawa
2022-09-01 0:12 Masami Ichikawa
2022-08-25 1:18 Masami Ichikawa
2022-08-17 23:23 Masami Ichikawa
2022-08-10 23:20 Masami Ichikawa
2022-08-04 0:29 Masami Ichikawa
2022-07-27 23:45 Masami Ichikawa
2022-07-21 0:01 Masami Ichikawa
2022-07-14 0:54 Masami Ichikawa
2022-07-06 23:21 Masami Ichikawa
2022-06-29 22:50 Masami Ichikawa
2022-06-22 23:47 Masami Ichikawa
2022-06-15 23:44 Masami Ichikawa
2022-06-08 23:44 Masami Ichikawa
2022-06-02 0:14 Masami Ichikawa
2022-05-25 23:12 Masami Ichikawa
2022-05-19 0:21 Masami Ichikawa
2022-05-12 0:15 Masami Ichikawa
2022-05-04 22:53 Masami Ichikawa
2022-04-27 23:03 Masami Ichikawa
2022-04-21 0:00 Masami Ichikawa
2022-04-14 0:10 Masami Ichikawa
2022-04-06 23:50 Masami Ichikawa
2022-03-30 23:22 Masami Ichikawa
2022-03-24 0:42 Masami Ichikawa
2022-03-16 23:34 Masami Ichikawa
2022-03-09 23:55 Masami Ichikawa
2022-03-02 23:50 Masami Ichikawa
2022-02-23 23:41 Masami Ichikawa
2022-02-17 0:09 Masami Ichikawa
2022-02-10 1:35 Masami Ichikawa
2022-02-03 0:28 Masami Ichikawa
2021-10-28 0:05 Masami Ichikawa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAODzB9riQtRjSjO+_8MD10TTiZGYG8eKU1Kx+uN4NWzXYTQZEQ@mail.gmail.com \
--to=masami.ichikawa@miraclelinux.com \
--cc=cip-dev@lists.cip-project.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.