* [cip-dev] cip-kernel-sec Updates for Week of 2020-11-12
@ 2020-11-12 5:33 Chen-Yu Tsai
0 siblings, 0 replies; only message in thread
From: Chen-Yu Tsai @ 2020-11-12 5:33 UTC (permalink / raw)
To: cip-dev; +Cc: Pavel Machek, Nobuhiro Iwamatsu
[-- Attachment #1: Type: text/plain, Size: 675 bytes --]
Hi everyone,
This week we have four new issues:
- CVE-2020-25669 [input/sunkbd UAF] - No fix yet.
We can ignore this. This is ancient hardware.
It's weird that Siemens enabled it in their v4.4 config, but not
their v4.19 one.
I believe we can remove this from their v4.4 config as well.
- CVE-2020-25704 [perf memory leak] - Fix backported to 4.19+
Based on the fixes tag, this was introduced in v4.7-rc1.
- CVE-2020-8694 [powercap non-root access] - Fixed for all stable kernels
- CVE-2020-slab-out-of-bounds-read-fbcon [fbcon out-of-bounds read] -
Fixed for all stable kernels
Fix basically removes the broken KD_FONT_OP_SET ioctl.
Regards
ChenYu
Moxa
[-- Attachment #2: Type: text/plain, Size: 420 bytes --]
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#5796): https://lists.cip-project.org/g/cip-dev/message/5796
Mute This Topic: https://lists.cip-project.org/mt/78204881/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2020-11-12 12:12 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-12 5:33 [cip-dev] cip-kernel-sec Updates for Week of 2020-11-12 Chen-Yu Tsai
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).