Hi ! It's this week's CVE report. This week reported 4 new CVEs. * New CVEs CVE-2021-3744: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() This bug is in the AMD Cryptographic Coprocessor (CCP) driver. This bug is related to CVE-2021-3744. In the cip-kernel-config directory, 4.4 kernel uses this driver. $ find . -type f | xargs grep -n "ccp-ops.c" ./4.4.y-cip-rt/x86/siemens_i386-rt.sources:1716:drivers/crypto/ccp/ccp-ops.c ./4.4.y-cip-rt/all.sources:3665:drivers/crypto/ccp/ccp-ops.c Fixed status Patch is available but it hasn't been merged yet. CVE-2021-3764: DoS in ccp_run_aes_gcm_cmd() function This vulnerability is a memory leak which will cause Dos attack. This bug is in the AMD Cryptographic Coprocessor (CCP) driver. This bug is related to CVE-2021-3764. Fixed status Patch is available but it hasn't been merged yet. CVE-2021-3752: UAF in bluetooth There is a use after free bug in bluetooth module. Fixed status This CVE hasn't been fixed in the mainline yet. CVE-2021-38300: bpf, mips: Validate conditional branch offsets This bug only affects bpf in mips architecture. Patch is available, but hasn't been merged yet. Fixed status: Not yet. * Updated CVEs CVE-2021-40490: A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13 kernel 5.4 has been fixed. Fixed status mainline: [a54c4613dac1500b40e4ab55199f7c51f028e848] stable/5.10: [09a379549620f122de3aa4e65df9329976e4cdf5] stable/5.13: [c764e8fa4491da66780fcb30a0d43bfd3fccd12c] stable/5.14: [f8ea208b3fbbc0546d71b47e8abaf98b0961dec1] stable/5.4: [9b3849ba667af99ee99a7853a021a7786851b9fd] CVE-2021-3635: flowtable list del corruption with kernel BUG at lib/list_debug.c:50 This vulnerability has been affected from 4.16-rc1 to 5.5-rc7. Therefore 4.4 kernel, and above 5.5 kernels aren't affected. Fixed status cip/4.19: [8260ce5aeee4d7c4a6305e469edeae1066de2800] cip/4.19-rt: [8260ce5aeee4d7c4a6305e469edeae1066de2800] mainline: [335178d5429c4cee61b58f4ac80688f556630818] stable/4.19: [8260ce5aeee4d7c4a6305e469edeae1066de2800] stable/5.4: [8f4dc50b5c12e159ac846fdc00702c547fdf2e95] Currently tracking CVEs CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 There is no fix information. CVE-2021-3640: UAF in sco_send_frame function There is no fix information. CVE-2020-26555: BR/EDR pin code pairing broken No fix information CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning No fix information. CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh Provisioning Leads to MITM No fix information. CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning No fix information. CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning No fix information. Regards, -- Masami Ichikawa Cybertrust Japan Co., Ltd. Email :masami.ichikawa@cybertrust.co.jp :masami.ichikawa@miraclelinux.com