cip-kernel-sec Updates for Week of 2020-11-05


Chen-Yu Tsai <wens213@...>
 

New CVEs:

- CVE-2020-25668 [concurrency use-after-free in vt] - fixed for v4.19 and later
- CVE-2020-25670 [net/nfc/llcp res. leak]
- CVE-2020-25671 [net/nfc/llcp res. leak]
- CVE-2020-25672 [net/nfc/llcp res. leak]
- CVE-2020-25673 [net/nfc/llcp res. leak]

No member enables NFC so we can ignore 25670 ~ 25673.

Old CVEs now fixed:

- CVE-2020-25656 [use-after-free in vt_do_kdgkb_ioctl] - fixed for
v4.14 and later

For CVE-2020-25668, the commit log says the bug has been around for at
least 12 years,
so likely needing a backport to older kernels.

For CVE-2020-25656, we still need to identify when it was introduced.

Regards,
ChenYu
Moxa

Join cip-dev@lists.cip-project.org to automatically receive all group messages.