From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Authentication-Results: lists.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=linux.intel.com (client-ip=192.55.52.120; helo=mga04.intel.com; envelope-from=cheng.c.yang@linux.intel.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.intel.com Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 47Tlfx2g0VzDqGJ for ; Fri, 6 Dec 2019 19:11:48 +1100 (AEDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 06 Dec 2019 00:11:43 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.69,283,1571727600"; d="scan'208,217";a="243554847" Received: from cyang29-mobl1.ccr.corp.intel.com (HELO [10.239.194.44]) ([10.239.194.44]) by fmsmga002.fm.intel.com with ESMTP; 06 Dec 2019 00:11:42 -0800 To: joel@jms.id.au, openbmc@lists.ozlabs.org From: "Yang, Cheng C" Subject: New kernel CVE Message-ID: <41a8f4a2-6200-b8c4-22ec-baed7ec4b1f7@linux.intel.com> Date: Fri, 6 Dec 2019 16:11:42 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="------------381B345940889710808946DB" Content-Language: en-US X-BeenThere: openbmc@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development list for OpenBMC List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Dec 2019 08:11:54 -0000 This is a multi-part message in MIME format. --------------381B345940889710808946DB Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Hi Joel, We found three CVE on our current OpenBMC kernel 5.3.11 which has been fixed in kernel 5.4 Two of them are about crypto and the other is for trace. Do you have any plan to update kernel to fix them? https://nvd.nist.gov/vuln/detail/CVE-2019-19062 Fixed in https://github.com/torvalds/linux/commit/ffdde5932042600c6807d46c1550b28b0db6a3bc https://nvd.nist.gov/vuln/detail/CVE-2019-19072 Fixed in https://github.com/torvalds/linux/commit/96c5c6e6a5b6db592acae039fed54b5c8844cd35 https://nvd.nist.gov/vuln/detail/CVE-2019-19050 Fixed in https://github.com/torvalds/linux/commit/c03b04dcdba1da39903e23cc4d072abf8f68f2dd Thank you very much! --------------381B345940889710808946DB Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit

Hi Joel,

                We found three CVE on our current OpenBMC kernel 5.3.11 which has been fixed in kernel 5.4

Two of them are about crypto and the other is for trace. Do you have any plan to update kernel to fix them?

 

https://nvd.nist.gov/vuln/detail/CVE-2019-19062

Fixed in https://github.com/torvalds/linux/commit/ffdde5932042600c6807d46c1550b28b0db6a3bc

 

https://nvd.nist.gov/vuln/detail/CVE-2019-19072

Fixed in https://github.com/torvalds/linux/commit/96c5c6e6a5b6db592acae039fed54b5c8844cd35

 

https://nvd.nist.gov/vuln/detail/CVE-2019-19050

Fixed in https://github.com/torvalds/linux/commit/c03b04dcdba1da39903e23cc4d072abf8f68f2dd

 

 

Thank you very much!

--------------381B345940889710808946DB--