CIP-dev Archive on lore.kernel.org
 help / color / Atom feed
* [cip-dev] [Feedback Requested] RE: Cip-kernel-sec Updates for Week of 2021-03-18
@ 2021-03-18  9:33 masashi.kudo
  2021-03-19  6:55 ` minmin
  2021-03-19  8:05 ` Jan Kiszka
  0 siblings, 2 replies; 7+ messages in thread
From: masashi.kudo @ 2021-03-18  9:33 UTC (permalink / raw)
  To: jan.kiszka, minmin, cip-dev; +Cc: pavel, nobuhiro1.iwamatsu, wens


[-- Attachment #1: Type: text/plain, Size: 2587 bytes --]

Hi, Jan-san, Minda-san,

Please find the CVE report as follows.
In the analysis of those CVEs, we found some doubts about the configs.

- CVE-2020-35519 is relating to X.25.
X.25 is enabled as follows, but we wonder whether X.25 is really used or not.
>     4.4.y-cip/x86/plathome_obsvx1.config:CONFIG_X25=m
>     4.19.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_X25=m
>     5.10.y-cip-rt/x86/siemens_i386-rt_defconfig:CONFIG_X25=m

Please confirm, and let us know whether X.25 should be disabled.

- CVE-2021-20261 is relating to floppy.
It is enabled as follows.
>     4.4.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_BLK_DEV_FD=m

Please confirm that this can be also disabled.

Best regards,
--
M. Kudo

> -----Original Message-----
> From: Chen-Yu Tsai <wens@csie.org>
> Sent: Thursday, March 18, 2021 5:48 PM
> To: cip-dev@lists.cip-project.org
> Cc: Pavel Machek <pavel@denx.de>; Nobuhiro Iwamatsu
> <nobuhiro1.iwamatsu@toshiba.co.jp>; 工藤 雅司(CTJ OSS事業推進室)
> <masashi.kudo@cybertrust.co.jp>
> Subject: Cip-kernel-sec Updates for Week of 2021-03-18
> 
> Hi everyone,
> 
> Six new issues this week from the Ubuntu tracker:
> 
> - CVE-2020-35519 [net/x25: buffer overflow] - fixed
>   Looks like a few configs still have X.25 enabled:
>     4.4.y-cip/x86/plathome_obsvx1.config:CONFIG_X25=m
>     4.19.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_X25=m
>     5.10.y-cip-rt/x86/siemens_i386-rt_defconfig:CONFIG_X25=m
>   Maybe they should be revisited? cip-kernel-config also gives warnings
>   for CONFIG_X25.
> 
> - CVE-2021-20219 [improper synchronization in flush_to_ldisc()] - likely RedHat
> only
>   Report mentions incorrect backport in RedHat kernels.
> 
> - CVE-2021-20261 [floppy: race condition data corruption] - fixed
>   No member enables this except:
>     4.4.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_BLK_DEV_FD=m
>   which should probably be turned off.
> 
> - CVE-2021-28375 [fastrpc: allows sending kernel RPCs] - fixed
>   No member enables this.
> 
> - CVE-2021-28660 [rtl8188eu: array access out-of-bounds] - fixed
>   No member enables this.
> 
> - CVE-2021-3428 [integer overflow in ext4_es_cache_extent] - unclear [1]
>   Requires a specially-crafted ext4 FS image, so we likely don't care.
> 
> Unfortunately Debian's Salsa service, where the Debian kernel security issue
> tracker is hosted, is currently down, so we only have one source of data this week.
> 
> 
> Regards
> ChenYu
> 
> 
> [1] https://lore.kernel.org/stable/20210317151834.GE2541@quack2.suse.cz/

[-- Attachment #2: Type: text/plain, Size: 428 bytes --]


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#6294): https://lists.cip-project.org/g/cip-dev/message/6294
Mute This Topic: https://lists.cip-project.org/mt/81425316/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/4520388/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [cip-dev] [Feedback Requested] RE: Cip-kernel-sec Updates for Week of 2021-03-18
  2021-03-18  9:33 [cip-dev] [Feedback Requested] RE: Cip-kernel-sec Updates for Week of 2021-03-18 masashi.kudo
@ 2021-03-19  6:55 ` minmin
  2021-03-19  7:05   ` masashi.kudo
  2021-03-19  8:05 ` Jan Kiszka
  1 sibling, 1 reply; 7+ messages in thread
From: minmin @ 2021-03-19  6:55 UTC (permalink / raw)
  To: masashi.kudo, cip-dev; +Cc: pavel, nobuhiro1.iwamatsu, wens, jan.kiszka


[-- Attachment #1: Type: text/plain, Size: 727 bytes --]

Hi, Kudo-san, CIP kernel members,

On 2021/03/18 18:33, masashi.kudo@cybertrust.co.jp wrote:
> - CVE-2020-35519 is relating to X.25.
> X.25 is enabled as follows, but we wonder whether X.25 is really used or not.
>>      4.4.y-cip/x86/plathome_obsvx1.config:CONFIG_X25=m

Oh!
This configuration, "plathome_obsvx1.config" is for the OpenBlocks IoT VX1. VX1 is the predecessor to VX2 and we do not currently support VX1. Also, VX2 has been the reference hardware for the CIP since the 4.19 kernel.

Therefore, I think "plathome_obsvx1.config" should be removed from the CIP kernel configuration.

By the way, VX1 has almost the same hardware configuration as VX2, so the kernel for VX2 will work as is.

Best Regards,
minmin





[-- Attachment #2: Type: text/plain, Size: 428 bytes --]


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#6295): https://lists.cip-project.org/g/cip-dev/message/6295
Mute This Topic: https://lists.cip-project.org/mt/81425316/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/4520388/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [cip-dev] [Feedback Requested] RE: Cip-kernel-sec Updates for Week of 2021-03-18
  2021-03-19  6:55 ` minmin
@ 2021-03-19  7:05   ` masashi.kudo
  2021-04-08  2:00     ` Nobuhiro Iwamatsu
  0 siblings, 1 reply; 7+ messages in thread
From: masashi.kudo @ 2021-03-19  7:05 UTC (permalink / raw)
  To: minmin, cip-dev; +Cc: pavel, nobuhiro1.iwamatsu, wens, jan.kiszka


[-- Attachment #1: Type: text/plain, Size: 1381 bytes --]

Hi, Mnda-san,

Thanks for your confirmation!

Iwamatsu-san,

Could you remove "plathome_obsvx1.config" itself, please?

Best regards,
--
M. Kudo

> -----Original Message-----
> From: Masato Minda <minmin@plathome.co.jp>
> Sent: Friday, March 19, 2021 3:56 PM
> To: 工藤 雅司(CTJ OSS事業推進室) <masashi.kudo@cybertrust.co.jp>;
> cip-dev@lists.cip-project.org
> Cc: pavel@denx.de; nobuhiro1.iwamatsu@toshiba.co.jp; wens@csie.org;
> jan.kiszka@siemens.com
> Subject: Re: [Feedback Requested] RE: Cip-kernel-sec Updates for Week of
> 2021-03-18
> 
> Hi, Kudo-san, CIP kernel members,
> 
> On 2021/03/18 18:33, masashi.kudo@cybertrust.co.jp wrote:
> > - CVE-2020-35519 is relating to X.25.
> > X.25 is enabled as follows, but we wonder whether X.25 is really used or not.
> >>      4.4.y-cip/x86/plathome_obsvx1.config:CONFIG_X25=m
> 
> Oh!
> This configuration, "plathome_obsvx1.config" is for the OpenBlocks IoT VX1. VX1
> is the predecessor to VX2 and we do not currently support VX1. Also, VX2 has
> been the reference hardware for the CIP since the 4.19 kernel.
> 
> Therefore, I think "plathome_obsvx1.config" should be removed from the CIP
> kernel configuration.
> 
> By the way, VX1 has almost the same hardware configuration as VX2, so the
> kernel for VX2 will work as is.
> 
> Best Regards,
> minmin
> 
> 
> 


[-- Attachment #2: Type: text/plain, Size: 428 bytes --]


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#6296): https://lists.cip-project.org/g/cip-dev/message/6296
Mute This Topic: https://lists.cip-project.org/mt/81425316/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/4520388/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [cip-dev] [Feedback Requested] RE: Cip-kernel-sec Updates for Week of 2021-03-18
  2021-03-18  9:33 [cip-dev] [Feedback Requested] RE: Cip-kernel-sec Updates for Week of 2021-03-18 masashi.kudo
  2021-03-19  6:55 ` minmin
@ 2021-03-19  8:05 ` Jan Kiszka
  2021-03-19  8:47   ` masashi.kudo
  1 sibling, 1 reply; 7+ messages in thread
From: Jan Kiszka @ 2021-03-19  8:05 UTC (permalink / raw)
  To: masashi.kudo, minmin, cip-dev; +Cc: pavel, nobuhiro1.iwamatsu, wens


[-- Attachment #1: Type: text/plain, Size: 2856 bytes --]

On 18.03.21 10:33, masashi.kudo@cybertrust.co.jp wrote:
> Hi, Jan-san, Minda-san,
> 
> Please find the CVE report as follows.
> In the analysis of those CVEs, we found some doubts about the configs.
> 
> - CVE-2020-35519 is relating to X.25.
> X.25 is enabled as follows, but we wonder whether X.25 is really used or not.
>>     4.4.y-cip/x86/plathome_obsvx1.config:CONFIG_X25=m
>>     4.19.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_X25=m
>>     5.10.y-cip-rt/x86/siemens_i386-rt_defconfig:CONFIG_X25=m
> 
> Please confirm, and let us know whether X.25 should be disabled.
> 
> - CVE-2021-20261 is relating to floppy.
> It is enabled as follows.
>>     4.4.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_BLK_DEV_FD=m
> 
> Please confirm that this can be also disabled.
> 

Yes, both features can be turned off.

Thanks,
Jan

> Best regards,
> --
> M. Kudo
> 
>> -----Original Message-----
>> From: Chen-Yu Tsai <wens@csie.org>
>> Sent: Thursday, March 18, 2021 5:48 PM
>> To: cip-dev@lists.cip-project.org
>> Cc: Pavel Machek <pavel@denx.de>; Nobuhiro Iwamatsu
>> <nobuhiro1.iwamatsu@toshiba.co.jp>; 工藤 雅司(CTJ OSS事業推進室)
>> <masashi.kudo@cybertrust.co.jp>
>> Subject: Cip-kernel-sec Updates for Week of 2021-03-18
>>
>> Hi everyone,
>>
>> Six new issues this week from the Ubuntu tracker:
>>
>> - CVE-2020-35519 [net/x25: buffer overflow] - fixed
>>   Looks like a few configs still have X.25 enabled:
>>     4.4.y-cip/x86/plathome_obsvx1.config:CONFIG_X25=m
>>     4.19.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_X25=m
>>     5.10.y-cip-rt/x86/siemens_i386-rt_defconfig:CONFIG_X25=m
>>   Maybe they should be revisited? cip-kernel-config also gives warnings
>>   for CONFIG_X25.
>>
>> - CVE-2021-20219 [improper synchronization in flush_to_ldisc()] - likely RedHat
>> only
>>   Report mentions incorrect backport in RedHat kernels.
>>
>> - CVE-2021-20261 [floppy: race condition data corruption] - fixed
>>   No member enables this except:
>>     4.4.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_BLK_DEV_FD=m
>>   which should probably be turned off.
>>
>> - CVE-2021-28375 [fastrpc: allows sending kernel RPCs] - fixed
>>   No member enables this.
>>
>> - CVE-2021-28660 [rtl8188eu: array access out-of-bounds] - fixed
>>   No member enables this.
>>
>> - CVE-2021-3428 [integer overflow in ext4_es_cache_extent] - unclear [1]
>>   Requires a specially-crafted ext4 FS image, so we likely don't care.
>>
>> Unfortunately Debian's Salsa service, where the Debian kernel security issue
>> tracker is hosted, is currently down, so we only have one source of data this week.
>>
>>
>> Regards
>> ChenYu
>>
>>
>> [1] https://lore.kernel.org/stable/20210317151834.GE2541@quack2.suse.cz/


-- 
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux

[-- Attachment #2: Type: text/plain, Size: 428 bytes --]


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#6300): https://lists.cip-project.org/g/cip-dev/message/6300
Mute This Topic: https://lists.cip-project.org/mt/81425316/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/4520388/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [cip-dev] [Feedback Requested] RE: Cip-kernel-sec Updates for Week of 2021-03-18
  2021-03-19  8:05 ` Jan Kiszka
@ 2021-03-19  8:47   ` masashi.kudo
  2021-04-08  1:55     ` Nobuhiro Iwamatsu
  0 siblings, 1 reply; 7+ messages in thread
From: masashi.kudo @ 2021-03-19  8:47 UTC (permalink / raw)
  To: jan.kiszka, minmin, cip-dev; +Cc: pavel, nobuhiro1.iwamatsu, wens


[-- Attachment #1: Type: text/plain, Size: 3895 bytes --]

Hi, Jan-san,

Thanks for your confirmation!

Iwamatsu-san,

Could you turn off both features from the following configs?

> > - CVE-2020-35519 is relating to X.25.
> >>     4.19.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_X25=m
> >>     5.10.y-cip-rt/x86/siemens_i386-rt_defconfig:CONFIG_X25=m
> > - CVE-2021-20261 is relating to floppy.
> >>     4.4.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_BLK_DEV_FD=m

Best regards,
--
M. Kudo

> -----Original Message-----
> From: Jan Kiszka <jan.kiszka@siemens.com>
> Sent: Friday, March 19, 2021 5:06 PM
> To: 工藤 雅司(CTJ OSS事業推進室) <masashi.kudo@cybertrust.co.jp>;
> minmin@plathome.co.jp; cip-dev@lists.cip-project.org
> Cc: pavel@denx.de; nobuhiro1.iwamatsu@toshiba.co.jp; wens@csie.org
> Subject: Re: [Feedback Requested] RE: Cip-kernel-sec Updates for Week of
> 2021-03-18
> 
> On 18.03.21 10:33, masashi.kudo@cybertrust.co.jp wrote:
> > Hi, Jan-san, Minda-san,
> >
> > Please find the CVE report as follows.
> > In the analysis of those CVEs, we found some doubts about the configs.
> >
> > - CVE-2020-35519 is relating to X.25.
> > X.25 is enabled as follows, but we wonder whether X.25 is really used or not.
> >>     4.4.y-cip/x86/plathome_obsvx1.config:CONFIG_X25=m
> >>     4.19.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_X25=m
> >>     5.10.y-cip-rt/x86/siemens_i386-rt_defconfig:CONFIG_X25=m
> >
> > Please confirm, and let us know whether X.25 should be disabled.
> >
> > - CVE-2021-20261 is relating to floppy.
> > It is enabled as follows.
> >>     4.4.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_BLK_DEV_FD=m
> >
> > Please confirm that this can be also disabled.
> >
> 
> Yes, both features can be turned off.
> 
> Thanks,
> Jan
> 
> > Best regards,
> > --
> > M. Kudo
> >
> >> -----Original Message-----
> >> From: Chen-Yu Tsai <wens@csie.org>
> >> Sent: Thursday, March 18, 2021 5:48 PM
> >> To: cip-dev@lists.cip-project.org
> >> Cc: Pavel Machek <pavel@denx.de>; Nobuhiro Iwamatsu
> >> <nobuhiro1.iwamatsu@toshiba.co.jp>; 工藤 雅司(CTJ OSS事業推進室)
> >> <masashi.kudo@cybertrust.co.jp>
> >> Subject: Cip-kernel-sec Updates for Week of 2021-03-18
> >>
> >> Hi everyone,
> >>
> >> Six new issues this week from the Ubuntu tracker:
> >>
> >> - CVE-2020-35519 [net/x25: buffer overflow] - fixed
> >>   Looks like a few configs still have X.25 enabled:
> >>     4.4.y-cip/x86/plathome_obsvx1.config:CONFIG_X25=m
> >>     4.19.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_X25=m
> >>     5.10.y-cip-rt/x86/siemens_i386-rt_defconfig:CONFIG_X25=m
> >>   Maybe they should be revisited? cip-kernel-config also gives warnings
> >>   for CONFIG_X25.
> >>
> >> - CVE-2021-20219 [improper synchronization in flush_to_ldisc()] -
> >> likely RedHat only
> >>   Report mentions incorrect backport in RedHat kernels.
> >>
> >> - CVE-2021-20261 [floppy: race condition data corruption] - fixed
> >>   No member enables this except:
> >>     4.4.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_BLK_DEV_FD=m
> >>   which should probably be turned off.
> >>
> >> - CVE-2021-28375 [fastrpc: allows sending kernel RPCs] - fixed
> >>   No member enables this.
> >>
> >> - CVE-2021-28660 [rtl8188eu: array access out-of-bounds] - fixed
> >>   No member enables this.
> >>
> >> - CVE-2021-3428 [integer overflow in ext4_es_cache_extent] - unclear [1]
> >>   Requires a specially-crafted ext4 FS image, so we likely don't care.
> >>
> >> Unfortunately Debian's Salsa service, where the Debian kernel
> >> security issue tracker is hosted, is currently down, so we only have one source
> of data this week.
> >>
> >>
> >> Regards
> >> ChenYu
> >>
> >>
> >> [1]
> >> https://lore.kernel.org/stable/20210317151834.GE2541@quack2.suse.cz/
> 
> 
> --
> Siemens AG, T RDA IOT
> Corporate Competence Center Embedded Linux

[-- Attachment #2: Type: text/plain, Size: 428 bytes --]


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#6301): https://lists.cip-project.org/g/cip-dev/message/6301
Mute This Topic: https://lists.cip-project.org/mt/81425316/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/4520388/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [cip-dev] [Feedback Requested] RE: Cip-kernel-sec Updates for Week of 2021-03-18
  2021-03-19  8:47   ` masashi.kudo
@ 2021-04-08  1:55     ` Nobuhiro Iwamatsu
  0 siblings, 0 replies; 7+ messages in thread
From: Nobuhiro Iwamatsu @ 2021-04-08  1:55 UTC (permalink / raw)
  To: cip-dev, jan.kiszka, minmin; +Cc: pavel, wens


[-- Attachment #1: Type: text/plain, Size: 4706 bytes --]

Hi all,

I dropped each config from config files.

Best regards,
  Nobuhiro

> -----Original Message-----
> From: cip-dev@lists.cip-project.org [mailto:cip-dev@lists.cip-project.org] On Behalf Of
> masashi.kudo@cybertrust.co.jp
> Sent: Friday, March 19, 2021 5:48 PM
> To: jan.kiszka@siemens.com; minmin@plathome.co.jp; cip-dev@lists.cip-project.org
> Cc: pavel@denx.de; iwamatsu nobuhiro(岩松 信洋 □SWC◯ACT) <nobuhiro1.iwamatsu@toshiba.co.jp>; wens@csie.org
> Subject: Re: [cip-dev] [Feedback Requested] RE: Cip-kernel-sec Updates for Week of 2021-03-18
> 
> Hi, Jan-san,
> 
> Thanks for your confirmation!
> 
> Iwamatsu-san,
> 
> Could you turn off both features from the following configs?
> 
> > > - CVE-2020-35519 is relating to X.25.
> > >>     4.19.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_X25=m
> > >>     5.10.y-cip-rt/x86/siemens_i386-rt_defconfig:CONFIG_X25=m
> > > - CVE-2021-20261 is relating to floppy.
> > >>     4.4.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_BLK_DEV_FD=m
> 
> Best regards,
> --
> M. Kudo
> 
> > -----Original Message-----
> > From: Jan Kiszka <jan.kiszka@siemens.com>
> > Sent: Friday, March 19, 2021 5:06 PM
> > To: 工藤 雅司(CTJ OSS事業推進室) <masashi.kudo@cybertrust.co.jp>;
> > minmin@plathome.co.jp; cip-dev@lists.cip-project.org
> > Cc: pavel@denx.de; nobuhiro1.iwamatsu@toshiba.co.jp; wens@csie.org
> > Subject: Re: [Feedback Requested] RE: Cip-kernel-sec Updates for Week of
> > 2021-03-18
> >
> > On 18.03.21 10:33, masashi.kudo@cybertrust.co.jp wrote:
> > > Hi, Jan-san, Minda-san,
> > >
> > > Please find the CVE report as follows.
> > > In the analysis of those CVEs, we found some doubts about the configs.
> > >
> > > - CVE-2020-35519 is relating to X.25.
> > > X.25 is enabled as follows, but we wonder whether X.25 is really used or not.
> > >>     4.4.y-cip/x86/plathome_obsvx1.config:CONFIG_X25=m
> > >>     4.19.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_X25=m
> > >>     5.10.y-cip-rt/x86/siemens_i386-rt_defconfig:CONFIG_X25=m
> > >
> > > Please confirm, and let us know whether X.25 should be disabled.
> > >
> > > - CVE-2021-20261 is relating to floppy.
> > > It is enabled as follows.
> > >>     4.4.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_BLK_DEV_FD=m
> > >
> > > Please confirm that this can be also disabled.
> > >
> >
> > Yes, both features can be turned off.
> >
> > Thanks,
> > Jan
> >
> > > Best regards,
> > > --
> > > M. Kudo
> > >
> > >> -----Original Message-----
> > >> From: Chen-Yu Tsai <wens@csie.org>
> > >> Sent: Thursday, March 18, 2021 5:48 PM
> > >> To: cip-dev@lists.cip-project.org
> > >> Cc: Pavel Machek <pavel@denx.de>; Nobuhiro Iwamatsu
> > >> <nobuhiro1.iwamatsu@toshiba.co.jp>; 工藤 雅司(CTJ OSS事業推進室)
> > >> <masashi.kudo@cybertrust.co.jp>
> > >> Subject: Cip-kernel-sec Updates for Week of 2021-03-18
> > >>
> > >> Hi everyone,
> > >>
> > >> Six new issues this week from the Ubuntu tracker:
> > >>
> > >> - CVE-2020-35519 [net/x25: buffer overflow] - fixed
> > >>   Looks like a few configs still have X.25 enabled:
> > >>     4.4.y-cip/x86/plathome_obsvx1.config:CONFIG_X25=m
> > >>     4.19.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_X25=m
> > >>     5.10.y-cip-rt/x86/siemens_i386-rt_defconfig:CONFIG_X25=m
> > >>   Maybe they should be revisited? cip-kernel-config also gives warnings
> > >>   for CONFIG_X25.
> > >>
> > >> - CVE-2021-20219 [improper synchronization in flush_to_ldisc()] -
> > >> likely RedHat only
> > >>   Report mentions incorrect backport in RedHat kernels.
> > >>
> > >> - CVE-2021-20261 [floppy: race condition data corruption] - fixed
> > >>   No member enables this except:
> > >>     4.4.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_BLK_DEV_FD=m
> > >>   which should probably be turned off.
> > >>
> > >> - CVE-2021-28375 [fastrpc: allows sending kernel RPCs] - fixed
> > >>   No member enables this.
> > >>
> > >> - CVE-2021-28660 [rtl8188eu: array access out-of-bounds] - fixed
> > >>   No member enables this.
> > >>
> > >> - CVE-2021-3428 [integer overflow in ext4_es_cache_extent] - unclear [1]
> > >>   Requires a specially-crafted ext4 FS image, so we likely don't care.
> > >>
> > >> Unfortunately Debian's Salsa service, where the Debian kernel
> > >> security issue tracker is hosted, is currently down, so we only have one source
> > of data this week.
> > >>
> > >>
> > >> Regards
> > >> ChenYu
> > >>
> > >>
> > >> [1]
> > >> https://lore.kernel.org/stable/20210317151834.GE2541@quack2.suse.cz/
> >
> >
> > --
> > Siemens AG, T RDA IOT
> > Corporate Competence Center Embedded Linux

[-- Attachment #2: Type: text/plain, Size: 428 bytes --]


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#6346): https://lists.cip-project.org/g/cip-dev/message/6346
Mute This Topic: https://lists.cip-project.org/mt/81425316/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/4520388/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [cip-dev] [Feedback Requested] RE: Cip-kernel-sec Updates for Week of 2021-03-18
  2021-03-19  7:05   ` masashi.kudo
@ 2021-04-08  2:00     ` Nobuhiro Iwamatsu
  0 siblings, 0 replies; 7+ messages in thread
From: Nobuhiro Iwamatsu @ 2021-04-08  2:00 UTC (permalink / raw)
  To: cip-dev; +Cc: minmin, pavel, wens, jan.kiszka


[-- Attachment #1: Type: text/plain, Size: 1610 bytes --]

Hi all,

On Fri, Mar 19, 2021 at 04:05:32PM +0900, masashi.kudo@cybertrust.co.jp wrote:
> Hi, Mnda-san,
> 
> Thanks for your confirmation!
> 
> Iwamatsu-san,
> 
> Could you remove "plathome_obsvx1.config" itself, please?

Sure. I removed plathome_obsvx1.config from repository.

Best regards,
  Nobuhiro

> 
> Best regards,
> --
> M. Kudo
> 
> > -----Original Message-----
> > From: Masato Minda <minmin@plathome.co.jp>
> > Sent: Friday, March 19, 2021 3:56 PM
> > To: 工藤 雅司(CTJ OSS事業推進室) <masashi.kudo@cybertrust.co.jp>;
> > cip-dev@lists.cip-project.org
> > Cc: pavel@denx.de; nobuhiro1.iwamatsu@toshiba.co.jp; wens@csie.org;
> > jan.kiszka@siemens.com
> > Subject: Re: [Feedback Requested] RE: Cip-kernel-sec Updates for Week of
> > 2021-03-18
> > 
> > Hi, Kudo-san, CIP kernel members,
> > 
> > On 2021/03/18 18:33, masashi.kudo@cybertrust.co.jp wrote:
> > > - CVE-2020-35519 is relating to X.25.
> > > X.25 is enabled as follows, but we wonder whether X.25 is really used or not.
> > >>      4.4.y-cip/x86/plathome_obsvx1.config:CONFIG_X25=m
> > 
> > Oh!
> > This configuration, "plathome_obsvx1.config" is for the OpenBlocks IoT VX1. VX1
> > is the predecessor to VX2 and we do not currently support VX1. Also, VX2 has
> > been the reference hardware for the CIP since the 4.19 kernel.
> > 
> > Therefore, I think "plathome_obsvx1.config" should be removed from the CIP
> > kernel configuration.
> > 
> > By the way, VX1 has almost the same hardware configuration as VX2, so the
> > kernel for VX2 will work as is.
> > 
> > Best Regards,
> > minmin
> > 
> > 
> > 
> 

> 
> 
> 


[-- Attachment #2: Type: text/plain, Size: 428 bytes --]


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#6347): https://lists.cip-project.org/g/cip-dev/message/6347
Mute This Topic: https://lists.cip-project.org/mt/81425316/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/4520388/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-


^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, back to index

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-18  9:33 [cip-dev] [Feedback Requested] RE: Cip-kernel-sec Updates for Week of 2021-03-18 masashi.kudo
2021-03-19  6:55 ` minmin
2021-03-19  7:05   ` masashi.kudo
2021-04-08  2:00     ` Nobuhiro Iwamatsu
2021-03-19  8:05 ` Jan Kiszka
2021-03-19  8:47   ` masashi.kudo
2021-04-08  1:55     ` Nobuhiro Iwamatsu

CIP-dev Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/cip-dev/0 cip-dev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 cip-dev cip-dev/ https://lore.kernel.org/cip-dev \
		cip-dev@lists.cip-project.org
	public-inbox-index cip-dev

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.cip-project.lists.cip-dev


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git