Re: [cip-dev] New CVE entries in this week

[<nobuhiro1.iwamatsu@toshiba.co.jp>]

Hi,

> > CVE-2021-4001: bpf: Fix toctou on read-only map''s constant scalar tracking
> >
> > CVSS v3 score is not provided.
> >
> > This bug was introduced in 5.5-rc1 and fixed in 5.16-rc2.  Patch for 5.15 is in stable-rt tree. Patch for 5.4(https://lore.kernel.org/stable/163757721744154@kroah.com/) and 5.10(https://lore.kernel.org/stable/1637577215186161@kroah.com/) are failed to apply. However, this bug was introduced in 5.5-rc1 so 5.4 can be ignored?
> > Fixed status
> >
> > mainline: [353050be4c19e102178ccc05988101887c25ae53]
> >
>
> I attached a patch for 5.10.

Thanks, LGTM.
I think it would be better to add the comment of the conflict fixing.
e.g. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=1ada86999dc84b852fcc32962f4002e939f4beb7

Best regards,
  Nobuhiro

________________________________________
差出人: cip-dev@lists.cip-project.org <cip-dev@lists.cip-project.org> が Masami Ichikawa <masami.ichikawa@miraclelinux.com> の代理で送信
送信日時: 2021年11月25日 14:16
宛先: cip-dev@lists.cip-project.org
件名: Re: [cip-dev] New CVE entries in this week

Hi !

On Thu, Nov 25, 2021 at 11:42 AM Masami Ichikawa via
lists.cip-project.org
<masami.ichikawa=miraclelinux.com@lists.cip-project.org> wrote:
>
> Hi !
>
> It's this week's CVE report.
>
> This week reported two new CVEs.
>
> * New CVEs
>
> CVE-2021-33098: Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may allow an authenticated user to potentially enable denial of service via local access.
>
> CVSS v3 score is 5.5 MEDIUM.
>
> Intel released fixed version of driver kit. Not sure this CVE affects mainline's source code.
>
> Fixed status
>
> Intel released fixed version of driver kit.
>
> CVE-2021-4001: bpf: Fix toctou on read-only map''s constant scalar tracking
>
> CVSS v3 score is not provided.
>
> This bug was introduced in 5.5-rc1 and fixed in 5.16-rc2.  Patch for 5.15 is in stable-rt tree. Patch for 5.4(https://lore.kernel.org/stable/163757721744154@kroah.com/) and 5.10(https://lore.kernel.org/stable/1637577215186161@kroah.com/) are failed to apply. However, this bug was introduced in 5.5-rc1 so 5.4 can be ignored?
> Fixed status
>
> mainline: [353050be4c19e102178ccc05988101887c25ae53]
>

I attached a patch for 5.10.

> * Updated CVEs
>
> CVE-2021-3640: UAF in sco_send_frame function
>
> 5.10 and 5.15 are fixed this week.
>
> Fixed status
>
> mainline: [99c23da0eed4fd20cae8243f2b51e10e66aa0951]
> stable/5.10: [4dfba42604f08a505f1a1efc69ec5207ea6243de]
> stable/5.14: [2c2b295af72e4e30d17556375e100ae65ac0b896]
> stable/5.15: [b990c219c4c9d4993ef65ea9db73d9497e70f697]
> stable/5.4: [d416020f1a9cc5f903ae66649b2c56d9ad5256ab]
>
> CVE-2021-43975: atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait
>
> The mainline kernel was fixed in 5.16-rc2.
>
> Fixed status
>
> mainline: [b922f622592af76b57cbc566eaeccda0b31a3496]
>
> Currently tracking CVEs
>
> CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in
> Bluetooth Core Specifications 4.0 through 5.2
>
> There is no fix information.
>
> CVE-2020-26555: BR/EDR pin code pairing broken
>
> No fix information
>
> CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning
>
> No fix information.
>
> CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh
> Provisioning Leads to MITM
>
> No fix information.
>
> CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning
>
> No fix information.
>
> CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning
>
> No fix information.
>
> Regards,
>
> --
> Masami Ichikawa
> Cybertrust Japan Co., Ltd.
>
> Email :masami.ichikawa@cybertrust.co.jp
>           :masami.ichikawa@miraclelinux.com
>
>
>

Regards,

--
Masami Ichikawa
Cybertrust Japan Co., Ltd.

Email :masami.ichikawa@cybertrust.co.jp
          :masami.ichikawa@miraclelinux.com