On 19.11.20 03:43, nobuhiro1.iwamatsu@toshiba.co.jp wrote:
> Hi Jan,
> 
> CVE-2020-25669[0] is a CVE for SUNKBD (sun4/sun5 keyboard), which is
> enabled in siemens_i386-rt kernel.
> 
> ```
> $ git grep SUNKBD
> 4.19.y-cip-rt/x86/siemens_i386-rt.config:# CONFIG_KEYBOARD_SUNKBD is not set
> 4.19.y-cip/x86/plathome_obsvx2.config:# CONFIG_KEYBOARD_SUNKBD is not set
> 4.19.y-cip/x86/siemens_iot2000.config:# CONFIG_KEYBOARD_SUNKBD is not set
> 4.4.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_KEYBOARD_SUNKBD=m
> 4.4.y-cip/arm/siemens_am57xx-pxm3.config:# CONFIG_KEYBOARD_SUNKBD is not set
> 4.4.y-cip/arm/siemens_imx6_defconfig:# CONFIG_KEYBOARD_SUNKBD is not set
> 4.4.y-cip/x86/plathome_obsvx1.config:# CONFIG_KEYBOARD_SUNKBD is not set
> 4.4.y-cip/x86/siemens_iot2000.config:# CONFIG_KEYBOARD_SUNKBD is not set
> ```
> 
> Is this driver used? If you're not using it, I'd consider removing it from the kernel's
> config to support this CVE. Could you give me your opinion on this?
> 

Drop the config switch and ignore the issue - this was very likely an
"over-configuration" due to being derived from some distro config.

Thanks,
Jan

> 
> Best regards,
>   Nobuhiro
> 
> [0]: https://security-tracker.debian.org/tracker/CVE-2020-25669
> 

-- 
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux