Hi !

On Thu, Aug 12, 2021 at 2:43 PM Pavel Machek <pavel@denx.de> wrote:
>
> Hi!
>
> > * CVE detail
> >
> > New CVEs
>
> > CVE-2021-38205: net: xilinx_emaclite: Do not print real IOMEM pointer
> >
> > xemaclite_of_probe() in drivers/net/ethernet/xilinx/xilinx_emaclite.c
> > leaks kernel memory layout.
> >
> > Fixed status
> >
> > mainline: [d0d62baa7f505bd4c59cd169692ff07ec49dde37]
> > stable/5.13: [8722275b41d5127048e1422a8a1b6370b4878533]
>
> This affects our kernels (I looked at 5.10.57 and 4.4.277). On one
> hand we could ask for backport, on the other... I'm not sure it is
> serious enough to warrant any action.
>

I think this vulnerability seems to be low priority because an
attacker needs another vulnerability to abuse this vulnerability.
However, it would be nice to backport the patch too.

> Best regards,
>                                                                 Pavel
>
> --
> DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
> HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
>
> 
>

Regards,
-- 
Masami Ichikawa
Cybertrust Japan Co., Ltd.

Email :masami.ichikawa@cybertrust.co.jp
          :masami.ichikawa@miraclelinux.com