Re: Cip-kernel-sec Updates for Week of 2021-02-11


Chen-Yu Tsai (Moxa) <wens@...>
 

Hi,

On Thu, Feb 11, 2021 at 4:50 PM Chen-Yu Tsai <wens@csie.org> wrote:

Hi everyone,

Six new issues this week:
- CVE-2020-12362, CVE-2020-12363, CVE-2020-12364:
CVEs from Intel Advisory affecting Intel Graphics Driver. Details unknown
So the fix for these three are a firmware update. However to use the newer
firmware, a kernel patch [1] is required.

Not sure how we should mark this in our repository... ignore or fixed by
said patch?


Thanks
ChenYu

[1] https://git.kernel.org/linus/c784e5249e773689e38d2bc1749f08b986621a26

- CVE-2021-20194 [bpf heap overflow] - fixed for relevant kernels
- CVE-2021-20226 [io_uring UAF] - likely a duplicate of
CVE-2020-29534, already fixed
- CVE-2021-26708 [AF_VSOCK: local priv. escalation] - fixed for relevant kernels

Additionally, CVE-2021-3347 is fixed for 4.4 and 4.9.
I still need to match patches for 4.4 against 4.9, but it looks like
the fixes are there.


Regards
ChenYu

Join cip-dev@lists.cip-project.org to automatically receive all group messages.