Cip-kernel-sec Updates for Week of 2021-02-04
Chen-Yu Tsai (Moxa) <wens@...>
Two new issue this week:
- CVE-2021-3347 [UAF in futex]: fixed for 4.14 and later 
- CVE-2021-3348 [nbd: UAF when adding connections while operations are
running]: fixed in all kernels
For CVE-2021-3347, based on , more patches are needed for 4.4 and 4.9.
The second batch:
has not been included yet. Lee Jones seems to be handling it .
For CVE-2020-27825 from two weeks ago, the fix has been backported to
all stable kernels.
For CVE-2020-16120, Ubuntu mentions a regression due to the backported fix .
We probably don't care either way since this requires unprivileged