[ANNOUNCE] Release v4.4.302-cip71
Nobuhiro Iwamatsu
Hi all,
CIP kernel team has released Linux kernel v4.4.302-cip71.
The linux-4.4.y-cip tree has been updated based on the 4.4-st28 that has been backported to the
applicable patch up to 4.9.328.
You can get this release via the git tree at:
v4.4.302-cip71:
repository:
https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git
branch:
linux-4.4.y-cip
commit hash:
c727b8f0ca6857a9782a1ee857a57e4f563b34fe
Fixed CVEs:
CVE-2022-33744: Xen Arm guests can cause Dom0 DoS via PV devices
CVE-2022-1462: kernel: possible race condition in drivers/tty/tty_buffers.c
CVE-2022-42703: anon_vma UAF through bogus merge of VMAs caused by
double-reuse of leaf anon_vma because of ->degree
misinterpretation
CVE-2022-36946: kernel panic when sending nf_queue verdict with 1-byte
nfta_payload attribute
CVE-2022-2588: Linux kernel cls_route UAF
CVE-2022-2318: UAF vulnerabilities in rose protocol
CVE-2022-3028: af_key: Do not call xfrm_probe_algs in parallel
CVE-2022-race-VM_PFNMAP-stale-TLB-entry: unmap_mapping_range() race with
munmap() on VM_PFNMAP mappings leads to stale TLB entry
CVE-2022-36123: x86: Clear .brk area at early boot
CVE-2022-39188: unmap_mapping_range() race with munmap() on VM_PFNMAP
mappings leads to stale TLB entry
CVE-2022-33740: Xen Linux disk/nic frontends data leaks
CVE-2022-26365: Xen Linux disk/nic frontends data leaks
CVE-2021-33656: When setting font with malicous data by ioctl cmd PIO_FONT
kernel will write memory out of bounds.
CVE-2022-36879: xfrm: xfrm_policy: fix a possible double xfrm_pols_put()
in xfrm_bundle_lookup()
CVE-2022-3629: A vulnerability was found in Linux Kernel. It has been declared
as problematic. This vulnerability affects the function
vsock_connect of the file net/vmw_vsock/af_vsock.c of the
component IPsec. The manipulation leads to memory leak. It
is recommended to apply a patch to fix this issue. VDB-211930
is the identifier assigned to this vulnerability.
CVE-2022-3635: A vulnerability, which was classified as critical, has been
found in Linux Kernel. Affected by this issue is the function
tst_timer of the file drivers/atm/idt77252.c of the component
IPsec. The manipulation leads to use after free. It is
recommended to apply a patch to fix this issue.
VDB-211934 is the identifier assigned to this vulnerability.
Best regards,
Nobuhiro
CIP kernel team has released Linux kernel v4.4.302-cip71.
The linux-4.4.y-cip tree has been updated based on the 4.4-st28 that has been backported to the
applicable patch up to 4.9.328.
You can get this release via the git tree at:
v4.4.302-cip71:
repository:
https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git
branch:
linux-4.4.y-cip
commit hash:
c727b8f0ca6857a9782a1ee857a57e4f563b34fe
Fixed CVEs:
CVE-2022-33744: Xen Arm guests can cause Dom0 DoS via PV devices
CVE-2022-1462: kernel: possible race condition in drivers/tty/tty_buffers.c
CVE-2022-42703: anon_vma UAF through bogus merge of VMAs caused by
double-reuse of leaf anon_vma because of ->degree
misinterpretation
CVE-2022-36946: kernel panic when sending nf_queue verdict with 1-byte
nfta_payload attribute
CVE-2022-2588: Linux kernel cls_route UAF
CVE-2022-2318: UAF vulnerabilities in rose protocol
CVE-2022-3028: af_key: Do not call xfrm_probe_algs in parallel
CVE-2022-race-VM_PFNMAP-stale-TLB-entry: unmap_mapping_range() race with
munmap() on VM_PFNMAP mappings leads to stale TLB entry
CVE-2022-36123: x86: Clear .brk area at early boot
CVE-2022-39188: unmap_mapping_range() race with munmap() on VM_PFNMAP
mappings leads to stale TLB entry
CVE-2022-33740: Xen Linux disk/nic frontends data leaks
CVE-2022-26365: Xen Linux disk/nic frontends data leaks
CVE-2021-33656: When setting font with malicous data by ioctl cmd PIO_FONT
kernel will write memory out of bounds.
CVE-2022-36879: xfrm: xfrm_policy: fix a possible double xfrm_pols_put()
in xfrm_bundle_lookup()
CVE-2022-3629: A vulnerability was found in Linux Kernel. It has been declared
as problematic. This vulnerability affects the function
vsock_connect of the file net/vmw_vsock/af_vsock.c of the
component IPsec. The manipulation leads to memory leak. It
is recommended to apply a patch to fix this issue. VDB-211930
is the identifier assigned to this vulnerability.
CVE-2022-3635: A vulnerability, which was classified as critical, has been
found in Linux Kernel. Affected by this issue is the function
tst_timer of the file drivers/atm/idt77252.c of the component
IPsec. The manipulation leads to use after free. It is
recommended to apply a patch to fix this issue.
VDB-211934 is the identifier assigned to this vulnerability.
Best regards,
Nobuhiro