[cip-dev] [Feedback Requested] RE: Cip-kernel-sec Updates for Week of 2021-03-18

From: "masashi.kudo@cybertrust.co.jp" <masashi.kudo@cybertrust.co.jp>
To: <jan.kiszka@siemens.com>, <minmin@plathome.co.jp>,
	<cip-dev@lists.cip-project.org>
Cc: <pavel@denx.de>, <nobuhiro1.iwamatsu@toshiba.co.jp>, <wens@csie.org>
Subject: [cip-dev] [Feedback Requested] RE: Cip-kernel-sec Updates for Week of 2021-03-18
Date: Thu, 18 Mar 2021 18:33:02 +0900	[thread overview]
Message-ID: <TY2PR01MB4972E1E07AE85D162237E83CA0699@TY2PR01MB4972.jpnprd01.prod.outlook.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 2587 bytes --]

Hi, Jan-san, Minda-san,

Please find the CVE report as follows.
In the analysis of those CVEs, we found some doubts about the configs.

- CVE-2020-35519 is relating to X.25.
X.25 is enabled as follows, but we wonder whether X.25 is really used or not.
>     4.4.y-cip/x86/plathome_obsvx1.config:CONFIG_X25=m
>     4.19.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_X25=m
>     5.10.y-cip-rt/x86/siemens_i386-rt_defconfig:CONFIG_X25=m

Please confirm, and let us know whether X.25 should be disabled.

- CVE-2021-20261 is relating to floppy.
It is enabled as follows.
>     4.4.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_BLK_DEV_FD=m

Please confirm that this can be also disabled.

Best regards,
--
M. Kudo

> -----Original Message-----
> From: Chen-Yu Tsai <wens@csie.org>
> Sent: Thursday, March 18, 2021 5:48 PM
> To: cip-dev@lists.cip-project.org
> Cc: Pavel Machek <pavel@denx.de>; Nobuhiro Iwamatsu
> <nobuhiro1.iwamatsu@toshiba.co.jp>; 工藤　雅司（CTJ　OSS事業推進室）
> <masashi.kudo@cybertrust.co.jp>
> Subject: Cip-kernel-sec Updates for Week of 2021-03-18
> 
> Hi everyone,
> 
> Six new issues this week from the Ubuntu tracker:
> 
> - CVE-2020-35519 [net/x25: buffer overflow] - fixed
>   Looks like a few configs still have X.25 enabled:
>     4.4.y-cip/x86/plathome_obsvx1.config:CONFIG_X25=m
>     4.19.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_X25=m
>     5.10.y-cip-rt/x86/siemens_i386-rt_defconfig:CONFIG_X25=m
>   Maybe they should be revisited? cip-kernel-config also gives warnings
>   for CONFIG_X25.
> 
> - CVE-2021-20219 [improper synchronization in flush_to_ldisc()] - likely RedHat
> only
>   Report mentions incorrect backport in RedHat kernels.
> 
> - CVE-2021-20261 [floppy: race condition data corruption] - fixed
>   No member enables this except:
>     4.4.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_BLK_DEV_FD=m
>   which should probably be turned off.
> 
> - CVE-2021-28375 [fastrpc: allows sending kernel RPCs] - fixed
>   No member enables this.
> 
> - CVE-2021-28660 [rtl8188eu: array access out-of-bounds] - fixed
>   No member enables this.
> 
> - CVE-2021-3428 [integer overflow in ext4_es_cache_extent] - unclear [1]
>   Requires a specially-crafted ext4 FS image, so we likely don't care.
> 
> Unfortunately Debian's Salsa service, where the Debian kernel security issue
> tracker is hosted, is currently down, so we only have one source of data this week.
> 
> 
> Regards
> ChenYu
> 
> 
> [1] https://lore.kernel.org/stable/20210317151834.GE2541@quack2.suse.cz/

[-- Attachment #2: Type: text/plain, Size: 428 bytes --]

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#6294): https://lists.cip-project.org/g/cip-dev/message/6294
Mute This Topic: https://lists.cip-project.org/mt/81425316/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/4520388/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-