cip-dev.lists.cip-project.org archive mirror
 help / color / mirror / Atom feed
From: Masami Ichikawa <masami256@gmail.com>
To: cip-dev@lists.cip-project.org
Subject: New CVE entries in this week
Date: Thu, 30 Dec 2021 08:29:27 +0900	[thread overview]
Message-ID: <CACOXgS9X11kXTPC+ukH2aommTWahwWSuAcuqXveZPpT2YiNBZw@mail.gmail.com> (raw)

Hi !

It's this week's CVE report.

This week reported six new CVEs.

* New CVEs

CVE-2021-45469: f2fs: fix to do sanity check on last xattr entry in
__f2fs_setxattr()

CVSS v3 score is not provided

OOB access bug in  __f2fs_setxattr().

Although it is fixed in stable trees, the patch isn't merged in the
mainline yet at 2021/12/30. The commit 5598b24 ("f2fs: fix to do
sanity check on last xattr entry in __f2fs_setxattr()") is in
https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=dev&id=5598b24efaf4892741c798b425d543e4bed357a1
but not in the mainline.

Fixed status

stable/4.19: [f9dfa44be0fb5e8426183a70f69a246cf5827f49]
stable/5.10: [fffb6581a23add416239dfcf7e7f3980c6b913da]

CVE-2021-4154: cgroup: verify that source is a string

CVSS v3 score is not provided

UAF bug was found in cgroup v1 code which was introduced by commit
8d2451f4994f ("cgroup1: switch to option-by-option parsing"). This
commit was merged at 5.1-rc1. This bug will cause local DoS.
The mainline and stable kernels are fixed.

Fixed status

mainline: [3b0462726e7ef281c35a7a4ae33e93ee2bc9975b]
stable/5.10: [811763e3beb6c922d168e9f509ec593e9240842e]
stable/5.4: [c17363ccd620c1a57ede00d5c777f0b8624debe6]

CVE-2021-4157: pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()

CVSS v3 score is not provided

This OOB write bug was introduced by commit d67ae82 ("pnfs/flexfiles:
Add the FlexFile Layout Driver") which was merged at 4.0-rc1. A local
attacker could do system crash or escalate privileges on the system.
The mainline and stable kernels are fixed.

Fixed status

mainline: [ed34695e15aba74f45247f1ee2cf7e09d449f925]
stable/4.14: [40286f0852d2ecfa713438199557c706dc6a8db3]
stable/4.19: [f27638a92f77d8107efbaf48a0d3bfa24da8cdad]
stable/4.4: [0c5ccd5e2a2e291774618c24c459fa397fd1b7da]
stable/4.9: [c621f3654bba1096ec913d0942e27bd032bb6090]
stable/5.10: [1fbea60ea658ab887fb899532d783732b04e53e6]
stable/5.4: [89862bd77e9cf511628eb7a97fe7f8d246192eec]

CVE-2021-45480: rds: memory leak in __rds_conn_create()

CVSS v3 score is not provided

This bug was introdued by commit aced3ce57cd3 ("RDS tcp loopback
connection can hang") which was merged at 5.13-rc4.

Fixed status

mainline: [5f9562ebe710c307adc5f666bf1a2162ee7977c0]
stable/4.19: [1ed173726c1a0082e9d77c7d5a85411e85bdd983]
stable/5.10: [74dc97dfb276542f12746d706abef63364d816bb]
stable/5.15: [68014890e4382ff9192e1357be39b7d0455665fa]
stable/5.4: [166f0adf7e7525c87595ceadb21a91e2a9519a1e]

CVE-2021-45485: ipv6: use prandom_u32() for ID generation

CVSS v3 score is not provided

CVE-2021-45485 and CVE-2021-45486 are related issue. A bug fixed
commit 62f20e0 is a complement to aa6dd21 ("inet: use bigger hash
table for IP ID generation") which is CVE-2021-45486.
The mainline and stable kernels are fixed.

Fixed status

mainline: [62f20e068ccc50d6ab66fdb72ba90da2b9418c99]
stable/4.14: [4b55d7b3106a410cdab4ea60f5e55ca0668c6a09]
stable/4.19: [f0be58ec9931907e980cf21737e51d369808eb95]
stable/4.4: [c43fa9ee9f1de295474a28903607f84209d7e611]
stable/4.9: [3fc852e59c0a48094cc0f1b2e866604986bbcd31]
stable/5.10: [8f939b79579715b195dc3ad36669707fce6853ee]
stable/5.4: [ccde03a6a0fbdc3c0ba81930e629b8b14974cce4]

CVE-2021-45486: inet: use bigger hash table for IP ID generation

CVE-2021-45485 and CVE-2021-45486 are related issue. This CVE fixes
commit 73f156a ("inetpeer: get rid of ip_id_count").  The commit
73f156a was merged at 3.16-rc1.
The mainline and stable kernels are fixed.

Fixed status

mainline: [aa6dd211e4b1dde9d5dc25d699d35f789ae7eeba]
stable/4.14: [3ba51ed2c3ac36aa947d0b250d318de6ed7cf552]
stable/4.19: [7f7e23df8509e072593200400a4b094cc44376d2]
stable/4.4: [8fb8c138b5d69128964e54e1b5ee49fc395f011c]
stable/4.9: [0889f0a3bb2de535f48424491d8f9d5954a3cde8]
stable/5.10: [a273c27d7255fc527023edeb528386d1b64bedf5]
stable/5.4: [fee81285bd09ec2080ce2cbb5063aad0e58eb272]

* Updated CVEs

no updated CVEs.

Currently tracking CVEs

CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in
Bluetooth Core Specifications 4.0 through 5.2

There is no fix information.

CVE-2020-26555: BR/EDR pin code pairing broken

No fix information

CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning

No fix information.

CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh
Provisioning Leads to MITM

No fix information.

CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning

No fix information.

CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning

No fix information.


Regards,

-- 
/**
* Masami Ichikawa
* personal: masami256@gmail.com
* fedora project: masami@fedoraproject.org
*/


             reply	other threads:[~2021-12-29 23:29 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-12-29 23:29 Masami Ichikawa [this message]
2021-12-30 10:20 ` [cip-dev] New CVE entries in this week Pavel Machek
2021-12-30 23:05   ` Masami Ichikawa
  -- strict thread matches above, loose matches on Subject: below --
2022-01-26 23:51 Masami Ichikawa
2022-01-12 23:39 Masami Ichikawa
2021-12-23  0:48 Masami Ichikawa
2021-12-15 23:49 Masami Ichikawa
2021-12-08 23:44 Masami Ichikawa
2021-12-02  0:57 Masami Ichikawa
2021-11-25  2:41 Masami Ichikawa
2021-11-18  0:05 Masami Ichikawa
2021-11-10 23:52 Masami Ichikawa
2021-11-04  1:11 New CVE Entries " Masami Ichikawa

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CACOXgS9X11kXTPC+ukH2aommTWahwWSuAcuqXveZPpT2YiNBZw@mail.gmail.com \
    --to=masami256@gmail.com \
    --cc=cip-dev@lists.cip-project.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).