cip-kernel-sec Updates for Week of 2020-11-12


Chen-Yu Tsai <wens213@...>
 

Hi everyone,

This week we have four new issues:

- CVE-2020-25669 [input/sunkbd UAF] - No fix yet.

We can ignore this. This is ancient hardware.

It's weird that Siemens enabled it in their v4.4 config, but not
their v4.19 one.
I believe we can remove this from their v4.4 config as well.

- CVE-2020-25704 [perf memory leak] - Fix backported to 4.19+

Based on the fixes tag, this was introduced in v4.7-rc1.

- CVE-2020-8694 [powercap non-root access] - Fixed for all stable kernels

- CVE-2020-slab-out-of-bounds-read-fbcon [fbcon out-of-bounds read] -
Fixed for all stable kernels

Fix basically removes the broken KD_FONT_OP_SET ioctl.


Regards
ChenYu
Moxa

Join cip-dev@lists.cip-project.org to automatically receive all group messages.