Re: [cip-dev] New CVE entry this week

["Nobuhiro Iwamatsu" <nobuhiro1.iwamatsu@toshiba.co.jp>]

[-- Attachment #1: Type: text/plain, Size: 3365 bytes --]

Hi,

> -----Original Message-----
> From: cip-dev@lists.cip-project.org [mailto:cip-dev@lists.cip-project.org] On Behalf Of Pavel Machek
> Sent: Thursday, September 2, 2021 3:28 PM
> To: cip-dev@lists.cip-project.org
> Subject: Re: [cip-dev] New CVE entry this week
> 
> Hi!
> 
> > * CVE short summary
> 
> These summaries are not so short; I simply skip them and go to full
> list. Perhaps they don't need to be included, or could include only
> CVEs where we need to take an action?
> 
> > * CVE detail
> >
> > New CVEs
> >
> > CVE-2021-3739: btrfs: fix NULL pointer dereference when deleting
> > device by invalid id
> >
> > Fixed in btrfs tree but not fixed in mainline yet.
> > This vulnerability has been introduced since 4.20-rc1 so before 4.20
> > kernel aren't affected this vulnerability.
> >
> > Fixed status
> >
> > mainline: [e4571b8c5e9ffa1e85c0c671995bd4dcc5c75091]
> 
> This one is queued for 5.10.62, so this is getting fixed for us.
> 
> > CVE-2021-3743: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c
> >
> > The Qualcomm's IPC router protocol(qrtr) has been introduced since
> > 4.15-rc1 so before 4.15 kernels aren't affected.
> > Checked on cip-kernel-config, it looks like no CIP member enables QRTR.
> >
> > Fixed status
> >
> > mainline: [7e78c597c3ebfd0cb329aa09a838734147e4f117]
> 
> Fixes are queued for 4.19 and 5.10.62, so this is getting fixed for us.
> 
> > CVE-2021-3753: A out-of-bounds caused by the race of KDSETMODE in vt
> >
> > Commit ffb324e6f874121f7dce5bdae5e05d02baae7269 introduced race
> > condition and oob bug. The commit ffb324e6f874 have been backported to
> > 4.4 and 4.19.
> 
> Agreed, fixed in 4.19.192 and 4.4.270. Nothing for us to do there.
> 
> > Updated CVEs
> >
> > CVE-2020-3702: Specifically timed and handcrafted traffic can cause
> > internal errors in a WLAN device that lead to improper layer 2 Wi-Fi
> > encryption with a consequent possibility of information disclosure
> > over the air for a discrete set of traffic
> >
> > Vulnerability in ath9k driver. 4.4.y-cip/arm/siemens_imx6_defconfig
> > and 4.4.y-cip/arm/moxa_mxc_defconfig use ath9k.
> 
> Fixed in 4.14 but not 4.4.
> 
> > stable/4.14: [2cbb22fd4b4fb4d0822d185bf5bd6d027107bfda,
> > 20e7de09cbdb76a38f28fb71709fae347123ddb7,
> >   995586a56748c532850870523d3a9080492b3433,
> > f4d4f4473129e9ee55b8562250adc53217bad529,
> >   61b014a8f8de02bedc56f76620170437f5638588]
> 
> Diffstat looks like this:
> 
>  key.c |   11 ++++++++++-
>  1 file changed, 10 insertions(+), 1 deletion(-)
>  main.c |    5 +++++
>  1 file changed, 5 insertions(+)
>  ath.h |    1 +
>  key.c |    4 ++--
>  2 files changed, 3 insertions(+), 2 deletions(-)
>  ath.h                |    2 +-
>  ath5k/mac80211-ops.c |    2 +-
>  ath9k/htc_drv_main.c |    2 +-
>  ath9k/main.c         |    5 ++---
>  key.c                |   34 +++++++++++++++++-----------------
>  5 files changed, 22 insertions(+), 23 deletions(-)
>  hw.h   |    1
>  main.c |   87 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
>  2 files changed, 87 insertions(+), 1 deletion(-)

I checked the patch application and build at hand.
We can backport without any changes to 4.4 tree. But I don't have this device, so I can't confirm the working.


Best regards,
  Nobuhiro

[-- Attachment #2: Type: text/plain, Size: 429 bytes --]


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#6716): https://lists.cip-project.org/g/cip-dev/message/6716
Mute This Topic: https://lists.cip-project.org/mt/85318439/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/10495289/4520388/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-