Re: [cip-dev] [Feedback Requested] RE: Cip-kernel-sec Updates for Week of 2021-03-18

From: "Jan Kiszka" <jan.kiszka@siemens.com>
To: masashi.kudo@cybertrust.co.jp, minmin@plathome.co.jp,
	cip-dev@lists.cip-project.org
Cc: pavel@denx.de, nobuhiro1.iwamatsu@toshiba.co.jp, wens@csie.org
Subject: Re: [cip-dev] [Feedback Requested] RE: Cip-kernel-sec Updates for Week of 2021-03-18
Date: Fri, 19 Mar 2021 09:05:45 +0100	[thread overview]
Message-ID: <d111661c-cdda-3031-66e3-054a5cdcc943@siemens.com> (raw)
In-Reply-To: <TY2PR01MB4972E1E07AE85D162237E83CA0699@TY2PR01MB4972.jpnprd01.prod.outlook.com>

[-- Attachment #1: Type: text/plain, Size: 2856 bytes --]

On 18.03.21 10:33, masashi.kudo@cybertrust.co.jp wrote:
> Hi, Jan-san, Minda-san,
> 
> Please find the CVE report as follows.
> In the analysis of those CVEs, we found some doubts about the configs.
> 
> - CVE-2020-35519 is relating to X.25.
> X.25 is enabled as follows, but we wonder whether X.25 is really used or not.
>>     4.4.y-cip/x86/plathome_obsvx1.config:CONFIG_X25=m
>>     4.19.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_X25=m
>>     5.10.y-cip-rt/x86/siemens_i386-rt_defconfig:CONFIG_X25=m
> 
> Please confirm, and let us know whether X.25 should be disabled.
> 
> - CVE-2021-20261 is relating to floppy.
> It is enabled as follows.
>>     4.4.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_BLK_DEV_FD=m
> 
> Please confirm that this can be also disabled.
> 

Yes, both features can be turned off.

Thanks,
Jan

> Best regards,
> --
> M. Kudo
> 
>> -----Original Message-----
>> From: Chen-Yu Tsai <wens@csie.org>
>> Sent: Thursday, March 18, 2021 5:48 PM
>> To: cip-dev@lists.cip-project.org
>> Cc: Pavel Machek <pavel@denx.de>; Nobuhiro Iwamatsu
>> <nobuhiro1.iwamatsu@toshiba.co.jp>; 工藤　雅司（CTJ　OSS事業推進室）
>> <masashi.kudo@cybertrust.co.jp>
>> Subject: Cip-kernel-sec Updates for Week of 2021-03-18
>>
>> Hi everyone,
>>
>> Six new issues this week from the Ubuntu tracker:
>>
>> - CVE-2020-35519 [net/x25: buffer overflow] - fixed
>>   Looks like a few configs still have X.25 enabled:
>>     4.4.y-cip/x86/plathome_obsvx1.config:CONFIG_X25=m
>>     4.19.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_X25=m
>>     5.10.y-cip-rt/x86/siemens_i386-rt_defconfig:CONFIG_X25=m
>>   Maybe they should be revisited? cip-kernel-config also gives warnings
>>   for CONFIG_X25.
>>
>> - CVE-2021-20219 [improper synchronization in flush_to_ldisc()] - likely RedHat
>> only
>>   Report mentions incorrect backport in RedHat kernels.
>>
>> - CVE-2021-20261 [floppy: race condition data corruption] - fixed
>>   No member enables this except:
>>     4.4.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_BLK_DEV_FD=m
>>   which should probably be turned off.
>>
>> - CVE-2021-28375 [fastrpc: allows sending kernel RPCs] - fixed
>>   No member enables this.
>>
>> - CVE-2021-28660 [rtl8188eu: array access out-of-bounds] - fixed
>>   No member enables this.
>>
>> - CVE-2021-3428 [integer overflow in ext4_es_cache_extent] - unclear [1]
>>   Requires a specially-crafted ext4 FS image, so we likely don't care.
>>
>> Unfortunately Debian's Salsa service, where the Debian kernel security issue
>> tracker is hosted, is currently down, so we only have one source of data this week.
>>
>>
>> Regards
>> ChenYu
>>
>>
>> [1] https://lore.kernel.org/stable/20210317151834.GE2541@quack2.suse.cz/

-- 
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux

[-- Attachment #2: Type: text/plain, Size: 428 bytes --]

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#6300): https://lists.cip-project.org/g/cip-dev/message/6300
Mute This Topic: https://lists.cip-project.org/mt/81425316/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/4520388/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-