Cip-kernel-sec Updates for Week of 2020-12-10


Chen-Yu Tsai (Moxa) <wens@...>
 

Hi everyone,

Here is the cip-kernel-sec report for this week.

This week we have five new issues:

- CVE-2020-27786 [rawmidi UAF race condition]
- fixed for all stable kernels
- CVE-2020-27820 [drm/nouveau UAF]
- fix in progress; ignore for CIP
- CVE-2020-27830 [speakup crash]
- fixed in mainline; ignore for CIP
- backport failed for v4.14 and v5.4
- CVE-2020-28588 [collect_syscall() data leak]
- fixed but was not tagged for stable
- CVE-2020-29534 [io_uring FD leak across execve]
- fixed for relevant stable kernels

Regarding nouveau, it seems that the driver is enabled in hitachi_omap
defconfigs for both 4.4 and 4.19. This doesn't make sense as the configs
are for OMAP platforms which AFAIK don't have PCI for a graphics card.
We should ask if this was added by accident and remove it.


Regards
ChenYu

Join cip-dev@lists.cip-project.org to automatically receive all group messages.