* [cip-dev] [Feedback Requested] RE: Cip-kernel-sec Updates for Week of 2021-03-18 @ 2021-03-18 9:33 masashi.kudo 2021-03-19 6:55 ` minmin 2021-03-19 8:05 ` Jan Kiszka 0 siblings, 2 replies; 7+ messages in thread From: masashi.kudo @ 2021-03-18 9:33 UTC (permalink / raw) To: jan.kiszka, minmin, cip-dev; +Cc: pavel, nobuhiro1.iwamatsu, wens [-- Attachment #1: Type: text/plain, Size: 2587 bytes --] Hi, Jan-san, Minda-san, Please find the CVE report as follows. In the analysis of those CVEs, we found some doubts about the configs. - CVE-2020-35519 is relating to X.25. X.25 is enabled as follows, but we wonder whether X.25 is really used or not. > 4.4.y-cip/x86/plathome_obsvx1.config:CONFIG_X25=m > 4.19.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_X25=m > 5.10.y-cip-rt/x86/siemens_i386-rt_defconfig:CONFIG_X25=m Please confirm, and let us know whether X.25 should be disabled. - CVE-2021-20261 is relating to floppy. It is enabled as follows. > 4.4.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_BLK_DEV_FD=m Please confirm that this can be also disabled. Best regards, -- M. Kudo > -----Original Message----- > From: Chen-Yu Tsai <wens@csie.org> > Sent: Thursday, March 18, 2021 5:48 PM > To: cip-dev@lists.cip-project.org > Cc: Pavel Machek <pavel@denx.de>; Nobuhiro Iwamatsu > <nobuhiro1.iwamatsu@toshiba.co.jp>; 工藤 雅司(CTJ OSS事業推進室) > <masashi.kudo@cybertrust.co.jp> > Subject: Cip-kernel-sec Updates for Week of 2021-03-18 > > Hi everyone, > > Six new issues this week from the Ubuntu tracker: > > - CVE-2020-35519 [net/x25: buffer overflow] - fixed > Looks like a few configs still have X.25 enabled: > 4.4.y-cip/x86/plathome_obsvx1.config:CONFIG_X25=m > 4.19.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_X25=m > 5.10.y-cip-rt/x86/siemens_i386-rt_defconfig:CONFIG_X25=m > Maybe they should be revisited? cip-kernel-config also gives warnings > for CONFIG_X25. > > - CVE-2021-20219 [improper synchronization in flush_to_ldisc()] - likely RedHat > only > Report mentions incorrect backport in RedHat kernels. > > - CVE-2021-20261 [floppy: race condition data corruption] - fixed > No member enables this except: > 4.4.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_BLK_DEV_FD=m > which should probably be turned off. > > - CVE-2021-28375 [fastrpc: allows sending kernel RPCs] - fixed > No member enables this. > > - CVE-2021-28660 [rtl8188eu: array access out-of-bounds] - fixed > No member enables this. > > - CVE-2021-3428 [integer overflow in ext4_es_cache_extent] - unclear [1] > Requires a specially-crafted ext4 FS image, so we likely don't care. > > Unfortunately Debian's Salsa service, where the Debian kernel security issue > tracker is hosted, is currently down, so we only have one source of data this week. > > > Regards > ChenYu > > > [1] https://lore.kernel.org/stable/20210317151834.GE2541@quack2.suse.cz/ [-- Attachment #2: Type: text/plain, Size: 428 bytes --] -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#6294): https://lists.cip-project.org/g/cip-dev/message/6294 Mute This Topic: https://lists.cip-project.org/mt/81425316/4520388 Group Owner: cip-dev+owner@lists.cip-project.org Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/4520388/727948398/xyzzy [cip-dev@archiver.kernel.org] -=-=-=-=-=-=-=-=-=-=-=- ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [cip-dev] [Feedback Requested] RE: Cip-kernel-sec Updates for Week of 2021-03-18 2021-03-18 9:33 [cip-dev] [Feedback Requested] RE: Cip-kernel-sec Updates for Week of 2021-03-18 masashi.kudo @ 2021-03-19 6:55 ` minmin 2021-03-19 7:05 ` masashi.kudo 2021-03-19 8:05 ` Jan Kiszka 1 sibling, 1 reply; 7+ messages in thread From: minmin @ 2021-03-19 6:55 UTC (permalink / raw) To: masashi.kudo, cip-dev; +Cc: pavel, nobuhiro1.iwamatsu, wens, jan.kiszka [-- Attachment #1: Type: text/plain, Size: 727 bytes --] Hi, Kudo-san, CIP kernel members, On 2021/03/18 18:33, masashi.kudo@cybertrust.co.jp wrote: > - CVE-2020-35519 is relating to X.25. > X.25 is enabled as follows, but we wonder whether X.25 is really used or not. >> 4.4.y-cip/x86/plathome_obsvx1.config:CONFIG_X25=m Oh! This configuration, "plathome_obsvx1.config" is for the OpenBlocks IoT VX1. VX1 is the predecessor to VX2 and we do not currently support VX1. Also, VX2 has been the reference hardware for the CIP since the 4.19 kernel. Therefore, I think "plathome_obsvx1.config" should be removed from the CIP kernel configuration. By the way, VX1 has almost the same hardware configuration as VX2, so the kernel for VX2 will work as is. Best Regards, minmin [-- Attachment #2: Type: text/plain, Size: 428 bytes --] -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#6295): https://lists.cip-project.org/g/cip-dev/message/6295 Mute This Topic: https://lists.cip-project.org/mt/81425316/4520388 Group Owner: cip-dev+owner@lists.cip-project.org Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/4520388/727948398/xyzzy [cip-dev@archiver.kernel.org] -=-=-=-=-=-=-=-=-=-=-=- ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [cip-dev] [Feedback Requested] RE: Cip-kernel-sec Updates for Week of 2021-03-18 2021-03-19 6:55 ` minmin @ 2021-03-19 7:05 ` masashi.kudo 2021-04-08 2:00 ` Nobuhiro Iwamatsu 0 siblings, 1 reply; 7+ messages in thread From: masashi.kudo @ 2021-03-19 7:05 UTC (permalink / raw) To: minmin, cip-dev; +Cc: pavel, nobuhiro1.iwamatsu, wens, jan.kiszka [-- Attachment #1: Type: text/plain, Size: 1381 bytes --] Hi, Mnda-san, Thanks for your confirmation! Iwamatsu-san, Could you remove "plathome_obsvx1.config" itself, please? Best regards, -- M. Kudo > -----Original Message----- > From: Masato Minda <minmin@plathome.co.jp> > Sent: Friday, March 19, 2021 3:56 PM > To: 工藤 雅司(CTJ OSS事業推進室) <masashi.kudo@cybertrust.co.jp>; > cip-dev@lists.cip-project.org > Cc: pavel@denx.de; nobuhiro1.iwamatsu@toshiba.co.jp; wens@csie.org; > jan.kiszka@siemens.com > Subject: Re: [Feedback Requested] RE: Cip-kernel-sec Updates for Week of > 2021-03-18 > > Hi, Kudo-san, CIP kernel members, > > On 2021/03/18 18:33, masashi.kudo@cybertrust.co.jp wrote: > > - CVE-2020-35519 is relating to X.25. > > X.25 is enabled as follows, but we wonder whether X.25 is really used or not. > >> 4.4.y-cip/x86/plathome_obsvx1.config:CONFIG_X25=m > > Oh! > This configuration, "plathome_obsvx1.config" is for the OpenBlocks IoT VX1. VX1 > is the predecessor to VX2 and we do not currently support VX1. Also, VX2 has > been the reference hardware for the CIP since the 4.19 kernel. > > Therefore, I think "plathome_obsvx1.config" should be removed from the CIP > kernel configuration. > > By the way, VX1 has almost the same hardware configuration as VX2, so the > kernel for VX2 will work as is. > > Best Regards, > minmin > > > [-- Attachment #2: Type: text/plain, Size: 428 bytes --] -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#6296): https://lists.cip-project.org/g/cip-dev/message/6296 Mute This Topic: https://lists.cip-project.org/mt/81425316/4520388 Group Owner: cip-dev+owner@lists.cip-project.org Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/4520388/727948398/xyzzy [cip-dev@archiver.kernel.org] -=-=-=-=-=-=-=-=-=-=-=- ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [cip-dev] [Feedback Requested] RE: Cip-kernel-sec Updates for Week of 2021-03-18 2021-03-19 7:05 ` masashi.kudo @ 2021-04-08 2:00 ` Nobuhiro Iwamatsu 0 siblings, 0 replies; 7+ messages in thread From: Nobuhiro Iwamatsu @ 2021-04-08 2:00 UTC (permalink / raw) To: cip-dev; +Cc: minmin, pavel, wens, jan.kiszka [-- Attachment #1: Type: text/plain, Size: 1610 bytes --] Hi all, On Fri, Mar 19, 2021 at 04:05:32PM +0900, masashi.kudo@cybertrust.co.jp wrote: > Hi, Mnda-san, > > Thanks for your confirmation! > > Iwamatsu-san, > > Could you remove "plathome_obsvx1.config" itself, please? Sure. I removed plathome_obsvx1.config from repository. Best regards, Nobuhiro > > Best regards, > -- > M. Kudo > > > -----Original Message----- > > From: Masato Minda <minmin@plathome.co.jp> > > Sent: Friday, March 19, 2021 3:56 PM > > To: 工藤 雅司(CTJ OSS事業推進室) <masashi.kudo@cybertrust.co.jp>; > > cip-dev@lists.cip-project.org > > Cc: pavel@denx.de; nobuhiro1.iwamatsu@toshiba.co.jp; wens@csie.org; > > jan.kiszka@siemens.com > > Subject: Re: [Feedback Requested] RE: Cip-kernel-sec Updates for Week of > > 2021-03-18 > > > > Hi, Kudo-san, CIP kernel members, > > > > On 2021/03/18 18:33, masashi.kudo@cybertrust.co.jp wrote: > > > - CVE-2020-35519 is relating to X.25. > > > X.25 is enabled as follows, but we wonder whether X.25 is really used or not. > > >> 4.4.y-cip/x86/plathome_obsvx1.config:CONFIG_X25=m > > > > Oh! > > This configuration, "plathome_obsvx1.config" is for the OpenBlocks IoT VX1. VX1 > > is the predecessor to VX2 and we do not currently support VX1. Also, VX2 has > > been the reference hardware for the CIP since the 4.19 kernel. > > > > Therefore, I think "plathome_obsvx1.config" should be removed from the CIP > > kernel configuration. > > > > By the way, VX1 has almost the same hardware configuration as VX2, so the > > kernel for VX2 will work as is. > > > > Best Regards, > > minmin > > > > > > > > > > [-- Attachment #2: Type: text/plain, Size: 428 bytes --] -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#6347): https://lists.cip-project.org/g/cip-dev/message/6347 Mute This Topic: https://lists.cip-project.org/mt/81425316/4520388 Group Owner: cip-dev+owner@lists.cip-project.org Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/4520388/727948398/xyzzy [cip-dev@archiver.kernel.org] -=-=-=-=-=-=-=-=-=-=-=- ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [cip-dev] [Feedback Requested] RE: Cip-kernel-sec Updates for Week of 2021-03-18 2021-03-18 9:33 [cip-dev] [Feedback Requested] RE: Cip-kernel-sec Updates for Week of 2021-03-18 masashi.kudo 2021-03-19 6:55 ` minmin @ 2021-03-19 8:05 ` Jan Kiszka 2021-03-19 8:47 ` masashi.kudo 1 sibling, 1 reply; 7+ messages in thread From: Jan Kiszka @ 2021-03-19 8:05 UTC (permalink / raw) To: masashi.kudo, minmin, cip-dev; +Cc: pavel, nobuhiro1.iwamatsu, wens [-- Attachment #1: Type: text/plain, Size: 2856 bytes --] On 18.03.21 10:33, masashi.kudo@cybertrust.co.jp wrote: > Hi, Jan-san, Minda-san, > > Please find the CVE report as follows. > In the analysis of those CVEs, we found some doubts about the configs. > > - CVE-2020-35519 is relating to X.25. > X.25 is enabled as follows, but we wonder whether X.25 is really used or not. >> 4.4.y-cip/x86/plathome_obsvx1.config:CONFIG_X25=m >> 4.19.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_X25=m >> 5.10.y-cip-rt/x86/siemens_i386-rt_defconfig:CONFIG_X25=m > > Please confirm, and let us know whether X.25 should be disabled. > > - CVE-2021-20261 is relating to floppy. > It is enabled as follows. >> 4.4.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_BLK_DEV_FD=m > > Please confirm that this can be also disabled. > Yes, both features can be turned off. Thanks, Jan > Best regards, > -- > M. Kudo > >> -----Original Message----- >> From: Chen-Yu Tsai <wens@csie.org> >> Sent: Thursday, March 18, 2021 5:48 PM >> To: cip-dev@lists.cip-project.org >> Cc: Pavel Machek <pavel@denx.de>; Nobuhiro Iwamatsu >> <nobuhiro1.iwamatsu@toshiba.co.jp>; 工藤 雅司(CTJ OSS事業推進室) >> <masashi.kudo@cybertrust.co.jp> >> Subject: Cip-kernel-sec Updates for Week of 2021-03-18 >> >> Hi everyone, >> >> Six new issues this week from the Ubuntu tracker: >> >> - CVE-2020-35519 [net/x25: buffer overflow] - fixed >> Looks like a few configs still have X.25 enabled: >> 4.4.y-cip/x86/plathome_obsvx1.config:CONFIG_X25=m >> 4.19.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_X25=m >> 5.10.y-cip-rt/x86/siemens_i386-rt_defconfig:CONFIG_X25=m >> Maybe they should be revisited? cip-kernel-config also gives warnings >> for CONFIG_X25. >> >> - CVE-2021-20219 [improper synchronization in flush_to_ldisc()] - likely RedHat >> only >> Report mentions incorrect backport in RedHat kernels. >> >> - CVE-2021-20261 [floppy: race condition data corruption] - fixed >> No member enables this except: >> 4.4.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_BLK_DEV_FD=m >> which should probably be turned off. >> >> - CVE-2021-28375 [fastrpc: allows sending kernel RPCs] - fixed >> No member enables this. >> >> - CVE-2021-28660 [rtl8188eu: array access out-of-bounds] - fixed >> No member enables this. >> >> - CVE-2021-3428 [integer overflow in ext4_es_cache_extent] - unclear [1] >> Requires a specially-crafted ext4 FS image, so we likely don't care. >> >> Unfortunately Debian's Salsa service, where the Debian kernel security issue >> tracker is hosted, is currently down, so we only have one source of data this week. >> >> >> Regards >> ChenYu >> >> >> [1] https://lore.kernel.org/stable/20210317151834.GE2541@quack2.suse.cz/ -- Siemens AG, T RDA IOT Corporate Competence Center Embedded Linux [-- Attachment #2: Type: text/plain, Size: 428 bytes --] -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#6300): https://lists.cip-project.org/g/cip-dev/message/6300 Mute This Topic: https://lists.cip-project.org/mt/81425316/4520388 Group Owner: cip-dev+owner@lists.cip-project.org Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/4520388/727948398/xyzzy [cip-dev@archiver.kernel.org] -=-=-=-=-=-=-=-=-=-=-=- ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [cip-dev] [Feedback Requested] RE: Cip-kernel-sec Updates for Week of 2021-03-18 2021-03-19 8:05 ` Jan Kiszka @ 2021-03-19 8:47 ` masashi.kudo 2021-04-08 1:55 ` Nobuhiro Iwamatsu 0 siblings, 1 reply; 7+ messages in thread From: masashi.kudo @ 2021-03-19 8:47 UTC (permalink / raw) To: jan.kiszka, minmin, cip-dev; +Cc: pavel, nobuhiro1.iwamatsu, wens [-- Attachment #1: Type: text/plain, Size: 3895 bytes --] Hi, Jan-san, Thanks for your confirmation! Iwamatsu-san, Could you turn off both features from the following configs? > > - CVE-2020-35519 is relating to X.25. > >> 4.19.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_X25=m > >> 5.10.y-cip-rt/x86/siemens_i386-rt_defconfig:CONFIG_X25=m > > - CVE-2021-20261 is relating to floppy. > >> 4.4.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_BLK_DEV_FD=m Best regards, -- M. Kudo > -----Original Message----- > From: Jan Kiszka <jan.kiszka@siemens.com> > Sent: Friday, March 19, 2021 5:06 PM > To: 工藤 雅司(CTJ OSS事業推進室) <masashi.kudo@cybertrust.co.jp>; > minmin@plathome.co.jp; cip-dev@lists.cip-project.org > Cc: pavel@denx.de; nobuhiro1.iwamatsu@toshiba.co.jp; wens@csie.org > Subject: Re: [Feedback Requested] RE: Cip-kernel-sec Updates for Week of > 2021-03-18 > > On 18.03.21 10:33, masashi.kudo@cybertrust.co.jp wrote: > > Hi, Jan-san, Minda-san, > > > > Please find the CVE report as follows. > > In the analysis of those CVEs, we found some doubts about the configs. > > > > - CVE-2020-35519 is relating to X.25. > > X.25 is enabled as follows, but we wonder whether X.25 is really used or not. > >> 4.4.y-cip/x86/plathome_obsvx1.config:CONFIG_X25=m > >> 4.19.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_X25=m > >> 5.10.y-cip-rt/x86/siemens_i386-rt_defconfig:CONFIG_X25=m > > > > Please confirm, and let us know whether X.25 should be disabled. > > > > - CVE-2021-20261 is relating to floppy. > > It is enabled as follows. > >> 4.4.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_BLK_DEV_FD=m > > > > Please confirm that this can be also disabled. > > > > Yes, both features can be turned off. > > Thanks, > Jan > > > Best regards, > > -- > > M. Kudo > > > >> -----Original Message----- > >> From: Chen-Yu Tsai <wens@csie.org> > >> Sent: Thursday, March 18, 2021 5:48 PM > >> To: cip-dev@lists.cip-project.org > >> Cc: Pavel Machek <pavel@denx.de>; Nobuhiro Iwamatsu > >> <nobuhiro1.iwamatsu@toshiba.co.jp>; 工藤 雅司(CTJ OSS事業推進室) > >> <masashi.kudo@cybertrust.co.jp> > >> Subject: Cip-kernel-sec Updates for Week of 2021-03-18 > >> > >> Hi everyone, > >> > >> Six new issues this week from the Ubuntu tracker: > >> > >> - CVE-2020-35519 [net/x25: buffer overflow] - fixed > >> Looks like a few configs still have X.25 enabled: > >> 4.4.y-cip/x86/plathome_obsvx1.config:CONFIG_X25=m > >> 4.19.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_X25=m > >> 5.10.y-cip-rt/x86/siemens_i386-rt_defconfig:CONFIG_X25=m > >> Maybe they should be revisited? cip-kernel-config also gives warnings > >> for CONFIG_X25. > >> > >> - CVE-2021-20219 [improper synchronization in flush_to_ldisc()] - > >> likely RedHat only > >> Report mentions incorrect backport in RedHat kernels. > >> > >> - CVE-2021-20261 [floppy: race condition data corruption] - fixed > >> No member enables this except: > >> 4.4.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_BLK_DEV_FD=m > >> which should probably be turned off. > >> > >> - CVE-2021-28375 [fastrpc: allows sending kernel RPCs] - fixed > >> No member enables this. > >> > >> - CVE-2021-28660 [rtl8188eu: array access out-of-bounds] - fixed > >> No member enables this. > >> > >> - CVE-2021-3428 [integer overflow in ext4_es_cache_extent] - unclear [1] > >> Requires a specially-crafted ext4 FS image, so we likely don't care. > >> > >> Unfortunately Debian's Salsa service, where the Debian kernel > >> security issue tracker is hosted, is currently down, so we only have one source > of data this week. > >> > >> > >> Regards > >> ChenYu > >> > >> > >> [1] > >> https://lore.kernel.org/stable/20210317151834.GE2541@quack2.suse.cz/ > > > -- > Siemens AG, T RDA IOT > Corporate Competence Center Embedded Linux [-- Attachment #2: Type: text/plain, Size: 428 bytes --] -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#6301): https://lists.cip-project.org/g/cip-dev/message/6301 Mute This Topic: https://lists.cip-project.org/mt/81425316/4520388 Group Owner: cip-dev+owner@lists.cip-project.org Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/4520388/727948398/xyzzy [cip-dev@archiver.kernel.org] -=-=-=-=-=-=-=-=-=-=-=- ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [cip-dev] [Feedback Requested] RE: Cip-kernel-sec Updates for Week of 2021-03-18 2021-03-19 8:47 ` masashi.kudo @ 2021-04-08 1:55 ` Nobuhiro Iwamatsu 0 siblings, 0 replies; 7+ messages in thread From: Nobuhiro Iwamatsu @ 2021-04-08 1:55 UTC (permalink / raw) To: cip-dev, jan.kiszka, minmin; +Cc: pavel, wens [-- Attachment #1: Type: text/plain, Size: 4706 bytes --] Hi all, I dropped each config from config files. Best regards, Nobuhiro > -----Original Message----- > From: cip-dev@lists.cip-project.org [mailto:cip-dev@lists.cip-project.org] On Behalf Of > masashi.kudo@cybertrust.co.jp > Sent: Friday, March 19, 2021 5:48 PM > To: jan.kiszka@siemens.com; minmin@plathome.co.jp; cip-dev@lists.cip-project.org > Cc: pavel@denx.de; iwamatsu nobuhiro(岩松 信洋 □SWC◯ACT) <nobuhiro1.iwamatsu@toshiba.co.jp>; wens@csie.org > Subject: Re: [cip-dev] [Feedback Requested] RE: Cip-kernel-sec Updates for Week of 2021-03-18 > > Hi, Jan-san, > > Thanks for your confirmation! > > Iwamatsu-san, > > Could you turn off both features from the following configs? > > > > - CVE-2020-35519 is relating to X.25. > > >> 4.19.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_X25=m > > >> 5.10.y-cip-rt/x86/siemens_i386-rt_defconfig:CONFIG_X25=m > > > - CVE-2021-20261 is relating to floppy. > > >> 4.4.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_BLK_DEV_FD=m > > Best regards, > -- > M. Kudo > > > -----Original Message----- > > From: Jan Kiszka <jan.kiszka@siemens.com> > > Sent: Friday, March 19, 2021 5:06 PM > > To: 工藤 雅司(CTJ OSS事業推進室) <masashi.kudo@cybertrust.co.jp>; > > minmin@plathome.co.jp; cip-dev@lists.cip-project.org > > Cc: pavel@denx.de; nobuhiro1.iwamatsu@toshiba.co.jp; wens@csie.org > > Subject: Re: [Feedback Requested] RE: Cip-kernel-sec Updates for Week of > > 2021-03-18 > > > > On 18.03.21 10:33, masashi.kudo@cybertrust.co.jp wrote: > > > Hi, Jan-san, Minda-san, > > > > > > Please find the CVE report as follows. > > > In the analysis of those CVEs, we found some doubts about the configs. > > > > > > - CVE-2020-35519 is relating to X.25. > > > X.25 is enabled as follows, but we wonder whether X.25 is really used or not. > > >> 4.4.y-cip/x86/plathome_obsvx1.config:CONFIG_X25=m > > >> 4.19.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_X25=m > > >> 5.10.y-cip-rt/x86/siemens_i386-rt_defconfig:CONFIG_X25=m > > > > > > Please confirm, and let us know whether X.25 should be disabled. > > > > > > - CVE-2021-20261 is relating to floppy. > > > It is enabled as follows. > > >> 4.4.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_BLK_DEV_FD=m > > > > > > Please confirm that this can be also disabled. > > > > > > > Yes, both features can be turned off. > > > > Thanks, > > Jan > > > > > Best regards, > > > -- > > > M. Kudo > > > > > >> -----Original Message----- > > >> From: Chen-Yu Tsai <wens@csie.org> > > >> Sent: Thursday, March 18, 2021 5:48 PM > > >> To: cip-dev@lists.cip-project.org > > >> Cc: Pavel Machek <pavel@denx.de>; Nobuhiro Iwamatsu > > >> <nobuhiro1.iwamatsu@toshiba.co.jp>; 工藤 雅司(CTJ OSS事業推進室) > > >> <masashi.kudo@cybertrust.co.jp> > > >> Subject: Cip-kernel-sec Updates for Week of 2021-03-18 > > >> > > >> Hi everyone, > > >> > > >> Six new issues this week from the Ubuntu tracker: > > >> > > >> - CVE-2020-35519 [net/x25: buffer overflow] - fixed > > >> Looks like a few configs still have X.25 enabled: > > >> 4.4.y-cip/x86/plathome_obsvx1.config:CONFIG_X25=m > > >> 4.19.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_X25=m > > >> 5.10.y-cip-rt/x86/siemens_i386-rt_defconfig:CONFIG_X25=m > > >> Maybe they should be revisited? cip-kernel-config also gives warnings > > >> for CONFIG_X25. > > >> > > >> - CVE-2021-20219 [improper synchronization in flush_to_ldisc()] - > > >> likely RedHat only > > >> Report mentions incorrect backport in RedHat kernels. > > >> > > >> - CVE-2021-20261 [floppy: race condition data corruption] - fixed > > >> No member enables this except: > > >> 4.4.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_BLK_DEV_FD=m > > >> which should probably be turned off. > > >> > > >> - CVE-2021-28375 [fastrpc: allows sending kernel RPCs] - fixed > > >> No member enables this. > > >> > > >> - CVE-2021-28660 [rtl8188eu: array access out-of-bounds] - fixed > > >> No member enables this. > > >> > > >> - CVE-2021-3428 [integer overflow in ext4_es_cache_extent] - unclear [1] > > >> Requires a specially-crafted ext4 FS image, so we likely don't care. > > >> > > >> Unfortunately Debian's Salsa service, where the Debian kernel > > >> security issue tracker is hosted, is currently down, so we only have one source > > of data this week. > > >> > > >> > > >> Regards > > >> ChenYu > > >> > > >> > > >> [1] > > >> https://lore.kernel.org/stable/20210317151834.GE2541@quack2.suse.cz/ > > > > > > -- > > Siemens AG, T RDA IOT > > Corporate Competence Center Embedded Linux [-- Attachment #2: Type: text/plain, Size: 428 bytes --] -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#6346): https://lists.cip-project.org/g/cip-dev/message/6346 Mute This Topic: https://lists.cip-project.org/mt/81425316/4520388 Group Owner: cip-dev+owner@lists.cip-project.org Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/4520388/727948398/xyzzy [cip-dev@archiver.kernel.org] -=-=-=-=-=-=-=-=-=-=-=- ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2021-04-08 2:00 UTC | newest] Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-03-18 9:33 [cip-dev] [Feedback Requested] RE: Cip-kernel-sec Updates for Week of 2021-03-18 masashi.kudo 2021-03-19 6:55 ` minmin 2021-03-19 7:05 ` masashi.kudo 2021-04-08 2:00 ` Nobuhiro Iwamatsu 2021-03-19 8:05 ` Jan Kiszka 2021-03-19 8:47 ` masashi.kudo 2021-04-08 1:55 ` Nobuhiro Iwamatsu
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).