Re: About corresponding CVE-2020-25669 from CIP kernel config side

Home Messages Hashtags Subgroups

Note: lists.cip-project.org will be down for maintenance on Wednesday, October 5th, starting at 9AM Pacific Time (4PM Wednesday October 5, 2022 UTC), for approximately one hour.

#5810

Re: About corresponding CVE-2020-25669 from CIP kernel config side

Jan Kiszka #5810 On 19.11.20 03:43, nobuhiro1.iwamatsu@... wrote: Hi Jan, CVE-2020-25669[0] is a CVE for SUNKBD (sun4/sun5 keyboard), which is enabled in siemens_i386-rt kernel. ``` $ git grep SUNKBD 4.19.y-cip-rt/x86/siemens_i386-rt.config:# CONFIG_KEYBOARD_SUNKBD is not set 4.19.y-cip/x86/plathome_obsvx2.config:# CONFIG_KEYBOARD_SUNKBD is not set 4.19.y-cip/x86/siemens_iot2000.config:# CONFIG_KEYBOARD_SUNKBD is not set 4.4.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_KEYBOARD_SUNKBD=m 4.4.y-cip/arm/siemens_am57xx-pxm3.config:# CONFIG_KEYBOARD_SUNKBD is not set 4.4.y-cip/arm/siemens_imx6_defconfig:# CONFIG_KEYBOARD_SUNKBD is not set 4.4.y-cip/x86/plathome_obsvx1.config:# CONFIG_KEYBOARD_SUNKBD is not set 4.4.y-cip/x86/siemens_iot2000.config:# CONFIG_KEYBOARD_SUNKBD is not set ``` Is this driver used? If you're not using it, I'd consider removing it from the kernel's config to support this CVE. Could you give me your opinion on this? Drop the config switch and ignore the issue - this was very likely an "over-configuration" due to being derived from some distro config. Thanks, Jan Best regards, Nobuhiro [0]: https://security-tracker.debian.org/tracker/CVE-2020-25669 -- Siemens AG, T RDA IOT Corporate Competence Center Embedded Linux
More All Messages By This Member

View All 3 Messages In Topic

#5810

Join cip-dev@lists.cip-project.org to automatically receive all group messages.