* [cip-dev] cip-kernel-sec Updates for Week of 2020-11-05
@ 2020-11-05 13:55 Chen-Yu Tsai
0 siblings, 0 replies; only message in thread
From: Chen-Yu Tsai @ 2020-11-05 13:55 UTC (permalink / raw)
To: cip-dev, Nobuhiro Iwamatsu; +Cc: Pavel Machek
[-- Attachment #1: Type: text/plain, Size: 647 bytes --]
New CVEs:
- CVE-2020-25668 [concurrency use-after-free in vt] - fixed for v4.19 and later
- CVE-2020-25670 [net/nfc/llcp res. leak]
- CVE-2020-25671 [net/nfc/llcp res. leak]
- CVE-2020-25672 [net/nfc/llcp res. leak]
- CVE-2020-25673 [net/nfc/llcp res. leak]
No member enables NFC so we can ignore 25670 ~ 25673.
Old CVEs now fixed:
- CVE-2020-25656 [use-after-free in vt_do_kdgkb_ioctl] - fixed for
v4.14 and later
For CVE-2020-25668, the commit log says the bug has been around for at
least 12 years,
so likely needing a backport to older kernels.
For CVE-2020-25656, we still need to identify when it was introduced.
Regards,
ChenYu
Moxa
[-- Attachment #2: Type: text/plain, Size: 420 bytes --]
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#5752): https://lists.cip-project.org/g/cip-dev/message/5752
Mute This Topic: https://lists.cip-project.org/mt/78051192/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2020-11-05 14:04 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-05 13:55 [cip-dev] cip-kernel-sec Updates for Week of 2020-11-05 Chen-Yu Tsai
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).