New CVE entries this week


Pavel Machek
 

Hi!

In last import, CVE-2020-36385 and CVE-2020-36386 was confused. That's
fixed now. And we have following new issues:

* 2021-06-13

CVE-2021-0129 -- Passkey Entry protocol of the Bluetooth Core is
vulnerable to an impersonation, fixed 4.9+

CVE-2021-0512 -- HID arrays, fixed 4.9+

CVE-2021-28691 -- Xen, fixed 5.10+

CVE-2021-3573 -- Bluetooth UAF, fixed 4.9+

* 2021-06-18

CVE-2021-32078 -- ARM: footbridge:, hopefully noone uses this

CVE-2021-34693 -- can: bcm: fix infoleak in struct bcm_msg_head

CVE-2020-36386 -- An issue was discovered in the Linux kernel before
5.8.1. net/bluetooth/hci_event.c has a slab out-of-bounds read in
hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf.

Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany

Join cip-dev@lists.cip-project.org to automatically receive all group messages.