New CVE entries this week.

From: Masami Ichikawa <masami.ichikawa@miraclelinux.com>
To: cip-dev <cip-dev@lists.cip-project.org>
Subject: New CVE entries this week.
Date: Thu, 6 Jan 2022 08:31:48 +0900	[thread overview]
Message-ID: <CAODzB9riQtRjSjO+_8MD10TTiZGYG8eKU1Kx+uN4NWzXYTQZEQ@mail.gmail.com> (raw)

Hi !

It's this week's CVE report.

This week reported 1 new CVE.

* New CVEs

CVE-2021-4197: cgroup: Use open-time creds and namespace for migration
perm checks

CVSS v3 score is not provided

A local attacker could escalate privileges for the containers or other
processes that uses cgroups
Patch series is available
(https://lore.kernel.org/lkml/20211209214707.805617-1-tj@kernel.org/T/)
but it hasn't been merged into the mainline yet.

Fixed status

Not fixed yet.

* Updated CVEs

CVE-2021-44733: tee: handle lookup of shm with reference count 0

This CVE was introduced by commit 967c9cc ("tee: generic TEE
subsystem") at 4.12-rc1. so 4.4 isn't affected this issue.

Fixed status

mainline: [dfd0743f1d9ea76931510ed150334d571fbab49d]
stable/4.14: [3d556a28bbfe34a80b014db49908b0f1bcb1ae80]
stable/4.19: [b4a661b4212b8fac8853ec3b68e4a909dccc88a1]
stable/5.10: [c05d8f66ec3470e5212c4d08c46d6cb5738d600d]
stable/5.15: [492eb7afe858d60408b2da09adc78540c4d16543]
stable/5.4: [940e68e57ab69248fabba5889e615305789db8a7]

CVE-2021-45100: ksmbd: disable SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1

This CVE was introduced by commit e2f3448 ("cifsd: add server-side
procedures for SMB3") which was merged at 5.15-rc1. so before 5.15
kernels are not affected.

Fixed status

mainline: [83912d6d55be10d65b5268d1871168b9ebe1ec4b]
stable/5.15: [a2c144d17623984fdafa4634ecf4ab64580d29bb]

CVE-2021-45469: f2fs: fix to do sanity check on last xattr entry in
__f2fs_setxattr()

The mainline hasn't been fixed yet.

Fixed status

stable/4.14: [88dedecc24763c2e0bc1e8eeb35f9f2cd785a7e5]
stable/4.19: [f9dfa44be0fb5e8426183a70f69a246cf5827f49]
stable/5.10: [fffb6581a23add416239dfcf7e7f3980c6b913da]
stable/5.15: [a8a9d753edd7f71e6a2edaa580d8182530b68791]
stable/5.4: [b0406b5ef4e2c4fb21d9e7d5c36a0453b4279e9b]

Currently tracking CVEs

CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in
Bluetooth Core Specifications 4.0 through 5.2

There is no fix information.

CVE-2020-26555: BR/EDR pin code pairing broken

No fix information

CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning

No fix information.

CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh
Provisioning Leads to MITM

No fix information.

CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning

No fix information.

CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning

No fix information.

Regards,
-- 
Masami Ichikawa
Cybertrust Japan Co., Ltd.

Email :masami.ichikawa@cybertrust.co.jp
          :masami.ichikawa@miraclelinux.com