Hi everyone,

Six new issues this week from the Ubuntu tracker:

- CVE-2020-35519 [net/x25: buffer overflow] - fixed
  Looks like a few configs still have X.25 enabled:
    4.4.y-cip/x86/plathome_obsvx1.config:CONFIG_X25=m
    4.19.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_X25=m
    5.10.y-cip-rt/x86/siemens_i386-rt_defconfig:CONFIG_X25=m
  Maybe they should be revisited? cip-kernel-config also gives warnings
  for CONFIG_X25.

- CVE-2021-20219 [improper synchronization in flush_to_ldisc()] -
likely RedHat only
  Report mentions incorrect backport in RedHat kernels.

- CVE-2021-20261 [floppy: race condition data corruption] - fixed
  No member enables this except:
    4.4.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_BLK_DEV_FD=m
  which should probably be turned off.

- CVE-2021-28375 [fastrpc: allows sending kernel RPCs] - fixed
  No member enables this.

- CVE-2021-28660 [rtl8188eu: array access out-of-bounds] - fixed
  No member enables this.

- CVE-2021-3428 [integer overflow in ext4_es_cache_extent] - unclear [1]
  Requires a specially-crafted ext4 FS image, so we likely don't care.

Unfortunately Debian's Salsa service, where the Debian kernel security
issue tracker is
hosted, is currently down, so we only have one source of data this week.


Regards
ChenYu


[1] https://lore.kernel.org/stable/20210317151834.GE2541@quack2.suse.cz/