Hi, Chen-Yu san,
toggle quoted message
Show quoted text
Thanks for reporting this!
From: Chen-Yu Tsai <wens@...>
Sent: Friday, February 5, 2021 11:33 AM
Cc: Pavel Machek <pavel@...>; Nobuhiro Iwamatsu
<nobuhiro1.iwamatsu@...>; 工藤 雅司（CTJ OSS事業推進室）
Subject: Re: Cip-kernel-sec Updates for Week of 2021-02-04
On Thu, Feb 4, 2021 at 1:26 PM Chen-Yu Tsai <wens@...> wrote:
Two new issue this week:
- CVE-2021-3347 [UAF in futex]: fixed for 4.14 and later 
- CVE-2021-3348 [nbd: UAF when adding connections while operations are
running]: fixed in all kernels
For CVE-2021-3347, based on , more patches are needed for 4.4 and 4.9.
The second batch:
b1947012907aFTR, a second backport series for 4.4 was also posted:
has not been included yet. Lee Jones seems to be handling it .
For CVE-2020-27825 from two weeks ago, the fix has been backported to.
all stable kernels.
For CVE-2020-16120, Ubuntu mentions a regression due to the backported fix
We probably don't care either way since this requires unprivileged
user namespace is enabled.