Re: New CVE entries this week


masashi.kudo@cybertrust.co.jp <masashi.kudo@...>
 

Hi, Pavel-san,

Thanks for your diagnosis!

Best regards,
--
M. Kudo

-----Original Message-----
From: cip-dev@lists.cip-project.org <cip-dev@lists.cip-project.org> On Behalf Of Pavel Machek
Sent: Sunday, July 11, 2021 5:33 PM
To: cip-dev@lists.cip-project.org
Subject: Re: [cip-dev] New CVE entries this week

Hi!

These are the new issues this week:

* 2021/06/30

CVE-2020-28097 -- vgacon_scrolldelta out-of-bounds read
This is sad situation but we don't need to do anything here.

CVE-2021-29256.yml -- Mali GPU Kernel Driver elevates CPU RO pages to
writable
Too early to do anything here, we don't have enough information.

CVE-2021-31615 -- InjectaBLE: Injecting malicious traffic into
established Bluetooth Low Energy connections
Too early to do anything here, we don't have enough information.

* 2021/07/08

CVE-2021-35039 -- Without CONFIG_MODULE_SIG, verification that a
kernel module is signed, for loading via init_module, does not occur
for a module.sig_enforce=1 command-line argument.

This CVE affects v4.15 to v5.12, so v4.4 kernel doesn't affect.
Stable did the work, we don't need to do anything. Good :-).

Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany

Join cip-dev@lists.cip-project.org to automatically receive all group messages.