Re: Cip-kernel-sec Updates for Week of 2021-05-05
Masami Ichikawa
Hi!
May I ask some questions? 2021年5月5日(水) 13:37 Chen-Yu Tsai (Moxa) <wens@csie.org>: I'm looking into CVE-2021-31829. The issues/CVE-2021-31829.yml in cip-kernel-sec repository describes this bug was introduced by commit 2c78ee898d8f10ae6fb2fa23a3fbaec96b1b7366. The bug fix commit b9b34ddbe2076ade359cd5ce7537d5ed019e9807[1] has Fixes tag which said "Fixes: 979d63d50c0c ("bpf: prevent out of bounds speculation on pointer arithmetic")" so, CVE-2021-31829.yml's introduced-by section may be 979d63d50c0c0f7bc537bf821e056cc9fe5abd38 ? Also, one of a patch that fix CVE-2021-29155 has Fixes tag, that said "Fixes: 2c78ee898d8f ("bpf: Implement CAP_BPF")[2]" so, issues/CVE-2021-29155.yml's introduced-by section may be 2c78ee898d8f10ae6fb2fa23a3fbaec96b1b7366 ? 1:https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/patch/?id=b9b34ddbe2076ade359cd5ce7537d5ed019e9807 2:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/kernel/bpf/verifier.c?id=9601148392520e2e134936e76788fc2a6371e7be - CVE-2021-31916 [md: dm_ioctl: out-of-bounds array access] - fixedRegards, -- Masami Ichikawa Cybertrust Japan Co., Ltd. Email :masami.ichikawa@cybertrust.co.jp :masami.ichikawa@miraclelinux.com
|
|