Cip-kernel-sec Updates for Week of 2021-04-22

Chen-Yu Tsai (Moxa) <wens@...>

Hi everyone,

Seven new CVEs this week, though three can be ignored.

- CVE-2021-1076 [nvidia out-of-tree driver DoS] - ignore
- CVE-2021-1077 [nvidia out-of-tree driver DoS] - ignore
- CVE-2021-23133 [net/sctp: race in sctp_destroy_sock] - fixed
Needs backport to kernels before 5.4

- CVE-2021-29155 [bpf: kernel memory content leak] - fixed
Debian notes this likely only affects 5.8 and later.
I intend to mark it as such if no one objects.

- CVE-2021-3492 [shiftfs: double free] - ignore Ubuntu specific
- CVE-2021-3493 [overlayfs: privilege escalation] - fixed
- CVE-2021-3506 [f2fs: out-of-bounds access] - fix queued up for -next

Regarding CVE-2021-29650 from 4/1, it seems Pavel's backport
still didn't hit the stable mailing list. Guenter ended up
posting backports [1] for all the old LTS kernels, but there
were some other issues and he asked Greg to drop them.



Join { to automatically receive all group messages.