[cip-dev] New CVE entries this week

[市川正美 <masami.ichikawa@miraclelinux.com>]

[-- Attachment #1: Type: text/plain, Size: 2689 bytes --]

Hi !

Here is this week's CVE report.

* CVE short summary

** New CVEs

CVE-2021-21781: stable/4.19 and stable/5.10 are fixed. stable/4.4 is
not fixed yet.
CVE-2021-33909: stable/4.4, stable/4.19, and stable/5.10 are fixed.
CVE-2021-3655: stable/4.19 and stable/5.10 are fixed. stable/4.4 is
not fixed yet.
CVE-2021-37159: not fixed in mainline.

** Updated CVEs

CVE-2020-8835: stable/4.4, stable/4.19, and stable/5.10 aren't affected.

* CVE detail

New CVEs

- CVE-2021-21781: Arm SIGPAGE information disclosure vulnerability

The stable/4.4 kernel is not fixed yet. The stable/4.4 kernel's
get_signal_page() in arch/arm/kernel/signal.c seems to be vulnerabile
too.

Fixed commit

mainline: [9c698bff66ab4914bb3d71da7dc6112519bde23e]
stalbe/4.4: not fixed yet
stable/4.19: [80ef523d2cb719c3de66787e922a96b5099d2fbb]
stable/5.10: [7913ec05fc02ccd7df83280451504b0a3e543097]

- CVE-2021-33909: size_t-to-int vulnerability in Linux's filesystem layer

Fixed commit

mainline: [8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b]
stable/4.19: [6de9f0bf7cacc772a618699f9ed5c9f6fca58a1d]
stable/4.4: [3533e50cbee8ff086bfa04176ac42a01ee3db37d]
stable/5.10: [174c34d9cda1b5818419b8f5a332ced10755e52f]

- CVE-2021-3655: missing size validations on inbound SCTP packets

stable/4.4(v4.4.276) contains upstream commit
50619dbf8db77e98d821d615af4f634d08e22698
(https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v4.4.276&id=48cd035cad5b5fad0648aa8294c4223bedb166dd).

Fixed commit

mainline: [0c5dc070ff3d6246d22ddd931f23a6266249e3db,
50619dbf8db77e98d821d615af4f634d08e22698,
    b6ffe7671b24689c09faa5675dd58f93758a97ae,
ef6c8d6ccf0c1dccdda092ebe8782777cd7803c9]
stable/4.19: [c7a03ebace4f9cd40d9cd9dd5fb2af558025583c,
dd16e38e1531258d332b0fc7c247367f60c6c381]
stable/5.10: [d4dbef7046e24669278eba4455e9e8053ead6ba0,
6ef81a5c0e22233e13c748e813c54d3bf0145782]

- CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c in the
Linux kernel through 5.13.4 calls unregister_netdev without checking
for the NETREG_REGISTERED state, leading to a use-after-free and a
double free.

Original patch is not  merged.

Updated CVEs

- CVE-2020-8835: bpf verifier (kernel/bpf/verifier.c) did not properly
restrict the register bounds for 32-bit operations, leading to
out-of-bounds reads and writes in kernel memory

This CVE is introduced in v5.5-rc1; fixed in v5.7-rc1. Therefore
stable/4.4, stable/4.19, and stable/5.10 aren't affected.

From last week CVEs

CVE-2021-29256: not fixed in mainline yet
CVE-2021-31615: not fixed in mainline yet


Regards,

-- 
Masami Ichikawa
Cybertrust Japan Co., Ltd.

Email :masami.ichikawa@cybertrust.co.jp
          :masami.ichikawa@miraclelinux.com

[-- Attachment #2: Type: text/plain, Size: 429 bytes --]


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#6627): https://lists.cip-project.org/g/cip-dev/message/6627
Mute This Topic: https://lists.cip-project.org/mt/84371343/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/10495289/4520388/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-