Hi, Pavel-san, Thanks for your diagnosis! Best regards, -- M. Kudo -----Original Message----- From: cip-dev@lists.cip-project.org On Behalf Of Pavel Machek Sent: Sunday, July 11, 2021 5:33 PM To: cip-dev@lists.cip-project.org Subject: Re: [cip-dev] New CVE entries this week Hi! > These are the new issues this week: > > * 2021/06/30 > > CVE-2020-28097 -- vgacon_scrolldelta out-of-bounds read This is sad situation but we don't need to do anything here. > CVE-2021-29256.yml -- Mali GPU Kernel Driver elevates CPU RO pages to > writable Too early to do anything here, we don't have enough information. > CVE-2021-31615 -- InjectaBLE: Injecting malicious traffic into > established Bluetooth Low Energy connections Too early to do anything here, we don't have enough information. > * 2021/07/08 > > CVE-2021-35039 -- Without CONFIG_MODULE_SIG, verification that a > kernel module is signed, for loading via init_module, does not occur > for a module.sig_enforce=1 command-line argument. > > This CVE affects v4.15 to v5.12, so v4.4 kernel doesn't affect. Stable did the work, we don't need to do anything. Good :-). Best regards, Pavel -- DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany