On Thu, Feb 11, 2021 at 4:50 PM Chen-Yu Tsai <wens@csie.org> wrote:
>
> Hi everyone,
>
> Six new issues this week:
> - CVE-2020-12362, CVE-2020-12363, CVE-2020-12364:
>   CVEs from Intel Advisory affecting Intel Graphics Driver. Details unknown
>
> - CVE-2021-20194 [bpf heap overflow] - fixed for relevant kernels
> - CVE-2021-20226 [io_uring UAF] - likely a duplicate of
> CVE-2020-29534, already fixed
> - CVE-2021-26708 [AF_VSOCK: local priv. escalation] - fixed for relevant kernels
>
> Additionally, CVE-2021-3347 is fixed for 4.4 and 4.9.
> I still need to match patches for 4.4 against 4.9, but it looks like
> the fixes are there.

Based on fixes for 4.9 reported by Debian, CVE-2021-3347 is now fixed for 4.4 by
6510e4a2d04f33e4bfd221760faab23e55d8772b..46358277b2da868763517f79aa0ac25ce78c4f68
inclusive.

Lee Jones just posted a few follow-up fixes for futexes for 4.9 [1]. I
wonder if they
would also be posted for 4.4.


Regards
ChenYu

[1] https://lore.kernel.org/stable/20210211092700.11772-1-lee.jones@linaro.org/