Hi,


> -----Original Message-----
> From: cip-dev@lists.cip-project.org [mailto:cip-dev@lists.cip-project.org] On Behalf Of Masami Ichikawa
> Sent: Thursday, September 30, 2021 9:12 AM
> To: cip-dev <cip-dev@lists.cip-project.org>
> Subject: [cip-dev] New CVE entry this week
> 
> Hi !
> 
> It's this week's CVE report.
> 
> This week reported one new CVE.
> 
> * New CVEs
> 
> CVE-2021-20317: lib/timerqueue: Rely on rbtree semantics for next timer
> 
> This bug has been fixed in 5.4-rc1 so that before 5.4 kernels are
> affected. For 4.19, patch can be applied without any modification. For
> 4.4, it needs to modify patch to apply it.
> According to the description in
> cve.mitre.org(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20317),
> it describes "This flaw allows a local attacker with special user
> privileges to cause a denial of service" so I think this vulnerability
> severity may be low.
> 
> CVSS v3 score is not provided.
> 
> Fixed status
> 
> mainline: [511885d7061eda3eb1faf3f57dcc936ff75863f1]
> stable/5.10: [511885d7061eda3eb1faf3f57dcc936ff75863f1]
> stable/5.14: [511885d7061eda3eb1faf3f57dcc936ff75863f1]
> stable/5.4: [511885d7061eda3eb1faf3f57dcc936ff75863f1]

This commit can be applied directly to 4.14 and 4.19.
However, other LTSs need to be other commit or fixes.

I attached a patch for 4.14 and 4.19.

Best regards,
  Nobuhiro