Re: Cip-kernel-sec Updates for Week of 2021-05-05

Masami Ichikawa


May I ask some questions?

2021年5月5日(水) 13:37 Chen-Yu Tsai (Moxa) <wens@...>:

Hi everyone,

Two new CVEs this week:

- CVE-2021-31829 [bpf: stack pointer protection from speculative
arithmetic] - fixed
Fixes just landed in mainline as part of the merge window. Fixes not
tagged for stable.
I'm looking into CVE-2021-31829. The issues/CVE-2021-31829.yml in
cip-kernel-sec repository describes this bug was introduced by commit
The bug fix commit b9b34ddbe2076ade359cd5ce7537d5ed019e9807[1] has
Fixes tag which said "Fixes: 979d63d50c0c ("bpf: prevent out of bounds
speculation on pointer arithmetic")"
so, CVE-2021-31829.yml's introduced-by section may be
979d63d50c0c0f7bc537bf821e056cc9fe5abd38 ?

Also, one of a patch that fix CVE-2021-29155 has Fixes tag, that said
"Fixes: 2c78ee898d8f ("bpf: Implement CAP_BPF")[2]"
so, issues/CVE-2021-29155.yml's introduced-by section may be
2c78ee898d8f10ae6fb2fa23a3fbaec96b1b7366 ?


- CVE-2021-31916 [md: dm_ioctl: out-of-bounds array access] - fixed
Likely needs backport to 4.9 and earlier.

Additionally, one old CVE is now fixed:

- CVE-2020-26541


Masami Ichikawa
Cybertrust Japan Co., Ltd.

Email :masami.ichikawa@...

Join to automatically receive all group messages.