[cip-dev] Cip-kernel-sec Updates for Week of 2020-12-03

[cip-dev] Cip-kernel-sec Updates for Week of 2020-12-03

[Chen-Yu Tsai (Moxa)]

[-- Attachment #1: Type: text/plain, Size: 874 bytes --]

New issues:

- CVE-2019-20934 [fair scheduler UAF in NUMA code]
- CVE-2020-27815 [fs/jfs: array index out-of-bounds]
- CVE-2020-29368 [mm/THP: COW race condition]
- CVE-2020-29369 [mm/mmap: race condition between expand functions and munmap]
- CVE-2020-29370 [mm/slub: missing TID increment]
- CVE-2020-29371 [fs/romfs: uninitialized memory leaked to userspace]
- CVE-2020-29372 [fs/io_uring: IORING_OP_MADVISE race condition]
- CVE-2020-29373 [fs/io_uring: mount namespace escape]
- CVE-2020-29374 [mm/gup: get_user_pages() and COW ambiguity]

All are fixed in all relevant stable kernels or (CVE-2020-27815) have
fixes queued up for mainline.

Old issues now marked as fixed:

- CVE-2020-10135 [bluetooth: BR/EDR Bluetooth Impersonation Attacks (BIAS)]

Fixes found from backport request.

All in all no action is required for CIP kernels this week.


Regards
ChenYu
Moxa

[-- Attachment #2: Type: text/plain, Size: 420 bytes --]


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#5936): https://lists.cip-project.org/g/cip-dev/message/5936
Mute This Topic: https://lists.cip-project.org/mt/78681021/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-