[cip-dev] About corresponding CVE-2020-25669 from CIP kernel config side

[cip-dev] About corresponding CVE-2020-25669 from CIP kernel config side

[Nobuhiro Iwamatsu]

[-- Attachment #1: Type: text/plain, Size: 1000 bytes --]

Hi Jan,

CVE-2020-25669[0] is a CVE for SUNKBD (sun4/sun5 keyboard), which is
enabled in siemens_i386-rt kernel.

```
$ git grep SUNKBD
4.19.y-cip-rt/x86/siemens_i386-rt.config:# CONFIG_KEYBOARD_SUNKBD is not set
4.19.y-cip/x86/plathome_obsvx2.config:# CONFIG_KEYBOARD_SUNKBD is not set
4.19.y-cip/x86/siemens_iot2000.config:# CONFIG_KEYBOARD_SUNKBD is not set
4.4.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_KEYBOARD_SUNKBD=m
4.4.y-cip/arm/siemens_am57xx-pxm3.config:# CONFIG_KEYBOARD_SUNKBD is not set
4.4.y-cip/arm/siemens_imx6_defconfig:# CONFIG_KEYBOARD_SUNKBD is not set
4.4.y-cip/x86/plathome_obsvx1.config:# CONFIG_KEYBOARD_SUNKBD is not set
4.4.y-cip/x86/siemens_iot2000.config:# CONFIG_KEYBOARD_SUNKBD is not set
```

Is this driver used? If you're not using it, I'd consider removing it from the kernel's
config to support this CVE. Could you give me your opinion on this?


Best regards,
  Nobuhiro

[0]: https://security-tracker.debian.org/tracker/CVE-2020-25669

[-- Attachment #2: Type: text/plain, Size: 420 bytes --]


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#5806): https://lists.cip-project.org/g/cip-dev/message/5806
Mute This Topic: https://lists.cip-project.org/mt/78357177/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [cip-dev] About corresponding CVE-2020-25669 from CIP kernel config side

[Jan Kiszka]

[-- Attachment #1: Type: text/plain, Size: 1309 bytes --]

On 19.11.20 03:43, nobuhiro1.iwamatsu@toshiba.co.jp wrote:
> Hi Jan,
> 
> CVE-2020-25669[0] is a CVE for SUNKBD (sun4/sun5 keyboard), which is
> enabled in siemens_i386-rt kernel.
> 
> ```
> $ git grep SUNKBD
> 4.19.y-cip-rt/x86/siemens_i386-rt.config:# CONFIG_KEYBOARD_SUNKBD is not set
> 4.19.y-cip/x86/plathome_obsvx2.config:# CONFIG_KEYBOARD_SUNKBD is not set
> 4.19.y-cip/x86/siemens_iot2000.config:# CONFIG_KEYBOARD_SUNKBD is not set
> 4.4.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_KEYBOARD_SUNKBD=m
> 4.4.y-cip/arm/siemens_am57xx-pxm3.config:# CONFIG_KEYBOARD_SUNKBD is not set
> 4.4.y-cip/arm/siemens_imx6_defconfig:# CONFIG_KEYBOARD_SUNKBD is not set
> 4.4.y-cip/x86/plathome_obsvx1.config:# CONFIG_KEYBOARD_SUNKBD is not set
> 4.4.y-cip/x86/siemens_iot2000.config:# CONFIG_KEYBOARD_SUNKBD is not set
> ```
> 
> Is this driver used? If you're not using it, I'd consider removing it from the kernel's
> config to support this CVE. Could you give me your opinion on this?
> 

Drop the config switch and ignore the issue - this was very likely an
"over-configuration" due to being derived from some distro config.

Thanks,
Jan

> 
> Best regards,
>   Nobuhiro
> 
> [0]: https://security-tracker.debian.org/tracker/CVE-2020-25669
> 

-- 
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux

[-- Attachment #2: Type: text/plain, Size: 420 bytes --]


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#5810): https://lists.cip-project.org/g/cip-dev/message/5810
Mute This Topic: https://lists.cip-project.org/mt/78357177/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [cip-dev] About corresponding CVE-2020-25669 from CIP kernel config side

[Nobuhiro Iwamatsu]

[-- Attachment #1: Type: text/plain, Size: 1733 bytes --]

Hi Jan,

> -----Original Message-----
> From: cip-dev@lists.cip-project.org [mailto:cip-dev@lists.cip-project.org] On Behalf Of Jan Kiszka
> Sent: Thursday, November 19, 2020 4:42 PM
> To: iwamatsu nobuhiro(岩松 信洋 □ＳＷＣ◯ＡＣＴ) <nobuhiro1.iwamatsu@toshiba.co.jp>
> Cc: cip-dev@lists.cip-project.org; wens@csie.org; pavel@denx.de; masashi.kudo@cybertrust.co.jp
> Subject: Re: [cip-dev] About corresponding CVE-2020-25669 from CIP kernel config side
> 
> On 19.11.20 03:43, nobuhiro1.iwamatsu@toshiba.co.jp wrote:
> > Hi Jan,
> >
> > CVE-2020-25669[0] is a CVE for SUNKBD (sun4/sun5 keyboard), which is
> > enabled in siemens_i386-rt kernel.
> >
> > ```
> > $ git grep SUNKBD
> > 4.19.y-cip-rt/x86/siemens_i386-rt.config:# CONFIG_KEYBOARD_SUNKBD is not set
> > 4.19.y-cip/x86/plathome_obsvx2.config:# CONFIG_KEYBOARD_SUNKBD is not set
> > 4.19.y-cip/x86/siemens_iot2000.config:# CONFIG_KEYBOARD_SUNKBD is not set
> > 4.4.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_KEYBOARD_SUNKBD=m
> > 4.4.y-cip/arm/siemens_am57xx-pxm3.config:# CONFIG_KEYBOARD_SUNKBD is not set
> > 4.4.y-cip/arm/siemens_imx6_defconfig:# CONFIG_KEYBOARD_SUNKBD is not set
> > 4.4.y-cip/x86/plathome_obsvx1.config:# CONFIG_KEYBOARD_SUNKBD is not set
> > 4.4.y-cip/x86/siemens_iot2000.config:# CONFIG_KEYBOARD_SUNKBD is not set
> > ```
> >
> > Is this driver used? If you're not using it, I'd consider removing it from the kernel's
> > config to support this CVE. Could you give me your opinion on this?
> >
> 
> Drop the config switch and ignore the issue - this was very likely an
> "over-configuration" due to being derived from some distro config.
> 

OK, I dropped this config.

Best regards,
  Nobuhiro


[-- Attachment #2: Type: text/plain, Size: 420 bytes --]


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#5870): https://lists.cip-project.org/g/cip-dev/message/5870
Mute This Topic: https://lists.cip-project.org/mt/78357177/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-