New kernel CVE

New kernel CVE

[Yang, Cheng C]

[-- Attachment #1: Type: text/plain, Size: 661 bytes --]

Hi Joel,

We found three CVE on our current OpenBMC kernel 5.3.11 which has been 
fixed in kernel 5.4

Two of them are about crypto and the other is for trace. Do you have any 
plan to update kernel to fix them?

https://nvd.nist.gov/vuln/detail/CVE-2019-19062

Fixed in 
https://github.com/torvalds/linux/commit/ffdde5932042600c6807d46c1550b28b0db6a3bc

https://nvd.nist.gov/vuln/detail/CVE-2019-19072

Fixed in 
https://github.com/torvalds/linux/commit/96c5c6e6a5b6db592acae039fed54b5c8844cd35

https://nvd.nist.gov/vuln/detail/CVE-2019-19050

Fixed in 
https://github.com/torvalds/linux/commit/c03b04dcdba1da39903e23cc4d072abf8f68f2dd

Thank you very much!


[-- Attachment #2: Type: text/html, Size: 36954 bytes --]

Re: New kernel CVE

[Joel Stanley]

On Fri, 6 Dec 2019 at 08:11, Yang, Cheng C <cheng.c.yang@linux.intel.com> wrote:
>
> Hi Joel,
>
>                 We found three CVE on our current OpenBMC kernel 5.3.11 which has been fixed in kernel 5.4
>
> Two of them are about crypto and the other is for trace. Do you have any plan to update kernel to fix them?

Yes, we plan to move to the 5.4 kernel. This kernel is ready to go,
with the exception of the broken dbus-sensors application, which
itself depends on PECI being enabled in the kernel and userspace
headers.

This work is being tracked here:

 https://github.com/openbmc/openbmc/issues/3634

Cheers,

Joel


>
>
>
> https://nvd.nist.gov/vuln/detail/CVE-2019-19062
>
> Fixed in https://github.com/torvalds/linux/commit/ffdde5932042600c6807d46c1550b28b0db6a3bc
>
>
>
> https://nvd.nist.gov/vuln/detail/CVE-2019-19072
>
> Fixed in https://github.com/torvalds/linux/commit/96c5c6e6a5b6db592acae039fed54b5c8844cd35
>
>
>
> https://nvd.nist.gov/vuln/detail/CVE-2019-19050
>
> Fixed in https://github.com/torvalds/linux/commit/c03b04dcdba1da39903e23cc4d072abf8f68f2dd
>
>
>
>
>
> Thank you very much!