[cip-dev] Cip-kernel-sec Updates for Week of 2020-12-10

[cip-dev] Cip-kernel-sec Updates for Week of 2020-12-10

[Chen-Yu Tsai (Moxa)]

[-- Attachment #1: Type: text/plain, Size: 827 bytes --]

Hi everyone,

Here is the cip-kernel-sec report for this week.

This week we have five new issues:

- CVE-2020-27786 [rawmidi UAF race condition]
  - fixed for all stable kernels
- CVE-2020-27820 [drm/nouveau UAF]
  - fix in progress; ignore for CIP
- CVE-2020-27830 [speakup crash]
  - fixed in mainline; ignore for CIP
  - backport failed for v4.14 and v5.4
- CVE-2020-28588 [collect_syscall() data leak]
  - fixed but was not tagged for stable
- CVE-2020-29534 [io_uring FD leak across execve]
  - fixed for relevant stable kernels

Regarding nouveau, it seems that the driver is enabled in hitachi_omap
defconfigs for both 4.4 and 4.19. This doesn't make sense as the configs
are for OMAP platforms which AFAIK don't have PCI for a graphics card.
We should ask if this was added by accident and remove it.


Regards
ChenYu

[-- Attachment #2: Type: text/plain, Size: 420 bytes --]


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#5949): https://lists.cip-project.org/g/cip-dev/message/5949
Mute This Topic: https://lists.cip-project.org/mt/78847618/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-