Hi!

May I ask some questions?

2021年5月5日(水) 13:37 Chen-Yu Tsai (Moxa) <wens@...>:

Hi everyone,

Two new CVEs this week:

- CVE-2021-31829 [bpf: stack pointer protection from speculative
arithmetic] - fixed
Fixes just landed in mainline as part of the merge window. Fixes not
tagged for stable.

I'm looking into CVE-2021-31829. The issues/CVE-2021-31829.yml in
cip-kernel-sec repository describes this bug was introduced by commit
2c78ee898d8f10ae6fb2fa23a3fbaec96b1b7366.
The bug fix commit b9b34ddbe2076ade359cd5ce7537d5ed019e9807[1] has
Fixes tag which said "Fixes: 979d63d50c0c ("bpf: prevent out of bounds
speculation on pointer arithmetic")"
so, CVE-2021-31829.yml's introduced-by section may be
979d63d50c0c0f7bc537bf821e056cc9fe5abd38 ?

Also, one of a patch that fix CVE-2021-29155 has Fixes tag, that said
"Fixes: 2c78ee898d8f ("bpf: Implement CAP_BPF")[2]"
so, issues/CVE-2021-29155.yml's introduced-by section may be
2c78ee898d8f10ae6fb2fa23a3fbaec96b1b7366 ?

1:https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/patch/?id=b9b34ddbe2076ade359cd5ce7537d5ed019e9807
2:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/kernel/bpf/verifier.c?id=9601148392520e2e134936e76788fc2a6371e7be

- CVE-2021-31916 [md: dm_ioctl: out-of-bounds array access] - fixed
Likely needs backport to 4.9 and earlier.

Additionally, one old CVE is now fixed:

- CVE-2020-26541


Regards
ChenYu

Regards,
--
Masami Ichikawa
Cybertrust Japan Co., Ltd.

Email :masami.ichikawa@...
:masami.ichikawa@...