Re: [cip-dev] Cip-kernel-sec Updates for Week of 2021-02-11 - Chen-Yu Tsai (Moxa)

From: "Chen-Yu Tsai (Moxa)" <wens@csie.org>
To: Pavel Machek <pavel@denx.de>
Cc: cip-dev@lists.cip-project.org,
	 Nobuhiro Iwamatsu <nobuhiro1.iwamatsu@toshiba.co.jp>,
	masashi.kudo@cybertrust.co.jp
Subject: Re: [cip-dev] Cip-kernel-sec Updates for Week of 2021-02-11
Date: Wed, 24 Feb 2021 23:04:22 +0800	[thread overview]
Message-ID: <CAGb2v65vuSqpSbBYab6K3jX5Lb6Lu5ywZtCLJoWepDyNNw0f9w@mail.gmail.com> (raw)
In-Reply-To: <20210211113902.GA30740@amd>

[-- Attachment #1: Type: text/plain, Size: 2324 bytes --]

Hi,

On Thu, Feb 11, 2021 at 7:39 PM Pavel Machek <pavel@denx.de> wrote:
>
> Hi!
>
> > Six new issues this week:
> > - CVE-2020-12362, CVE-2020-12363, CVE-2020-12364:
> >   CVEs from Intel Advisory affecting Intel Graphics Driver. Details
> > unknown
>
> It seems there's more for the intel graphics, but it is not mentioned
> in our repository. OTOH trailer there that these are rather old
> issues, fixed in 5.5...

Looks like CVE-2020-0544 and CVE-2020-0521 are for Windows. Debian lists
them as such [1][2]. Seems the Intel advisory directly refers to Linux
drivers by kernel version. Any other version string likely refers to
the Windows drivers.

ChenYu

[1] https://security-tracker.debian.org/tracker/CVE-2020-0521
[2] https://security-tracker.debian.org/tracker/CVE-2020-0544

> Best regards,
>                                                                 Pavel
>
> https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html
>
> CVEID: CVE-2020-0544
>
> Description: Insufficient control flow management in the kernel mode
> driver for some Intel(R) Graphics Drivers before version 15.36.39.5145
> may allow an authenticated user to potentially enable escalation of
> privilege via local access.
>
> CVSS Base Score: 8.8 High
>
> CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
>
>
>
> CVEID: CVE-2020-0521
>
> Description: Insufficient control flow management in some Intel(R)
> Graphics Drivers before version 15.45.32.5145 may allow an
> authenticated user to potentially enable escalation of privilege via
> local access.
>
> CVSS Base Score: 7.7 High
>
> CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
>
> ...
>
> Affected Products:
> Intel® Graphics Drivers for 3rd, 4th, 5th, 6th, 7th, 8th, 9th and 10th
> Generation Intel® Processors for Windows* 7, 8.1 and 10 before
> versions 15.33.51.5146, 15.36.39.5145, 15.40.46.5144, 15.45.32.5164,
> 26.20.100.8141, 27.20.100.8587 and Intel® Graphics Drivers for Linux
> before Linux kernel version 5.5.
>
> Best regards,
>                                                                 Pavel
> --
> DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
> HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany

[-- Attachment #2: Type: text/plain, Size: 428 bytes --]

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#6192): https://lists.cip-project.org/g/cip-dev/message/6192
Mute This Topic: https://lists.cip-project.org/mt/80553474/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/4520388/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-