Hi !

It's this week's CVE report.

CVE Summary

There is one new CVE.

CVE-2021-22555: Affects all CIP kernels

There is two updated CVEs

CVE-2021-34693: CIP kernel 4.19, 4.19-rt, 4.4 are fixed
CVE-2021-35039: CIP kernel 4.19 and 4.4 are fixed

From last week CVEs

CVE-2020-28097: CIP kernels are fixed
CVE-2021-29256: it seems not fixed in mainline yet
CVE-2021-31615: it seems not fixed in mainline yet
CVE-2021-35039: CIP kernel 4.4 and 4.4-rt aren't affected. 4.19 is fixed

* New CVEs detail

- 2021/07/12

CVE-2021-22555 -- Heap Out-Of-Bounds Write in xt_compat_target_from_user

The compat IPT_SO_SET_REPLACE/IP6T_SO_SET_REPLACE setsockopt
implementation in the netfilter subsystem in the Linux kernel allows
local users to gain privileges or cause a denial of service (heap
memory corruption) via user namespace.

This vulnerability affects from v2.6.19-rc1 to v5.11.

Fixed status.
cip/4.19: [12ec80252edefff00809d473a47e5f89c7485499]
cip/4.19-rt: [12ec80252edefff00809d473a47e5f89c7485499]
cip/4.4: [b0d98b2193a38ef93c92e5e1953d134d0f426531]
cip/4.4-rt: not fixed yet
cip/5.10: not fixed yet

* Updated CVEs detail

CVE-2021-34693 -- can: bcm: fix infoleak in struct bcm_msg_head

Fixed status

cip/4.19: [8899857d7e450805e6410de5004126491f197146]
cip/4.19-rt: not fixed yet
cip/4.4: [f638caa211e7a121a5596986d29ebbdaf9156398]
cip/4.4-rt: not fixed yet
cip/5.10: not fixed yet

CVE-2021-35039 -- module: limit enabling module.sig_enforce

Fixed status

cip/4.19: [ff660863628fb144badcb3395cde7821c82c13a6]
cip/4.19-rt: not fixed yet
cip/4.4: not affected
cip/4.4-rt: not affected
cip/5.10: not fixed yet

* From last week CVE report

CVE-2020-28097 -- vgacon_scrolldelta out-of-bounds read

This vulnerability affects before v5.9-rc6, so v5.10 kernel doesn't affect.

Fixed status

cip/4.19: [f5fa64c8daf7b97280865c73903edc0a3eea819e]
cip/4.19-rt: [f5fa64c8daf7b97280865c73903edc0a3eea819e]
cip/4.4: [5f76b4c6ac297ce836abe17f495123f45bfc4fb3]
cip/4.4-rt: [5f76b4c6ac297ce836abe17f495123f45bfc4fb3]
cip/5.10: not affected

Since CONFIG_VGACON_SOFT_SCROLLBACK option has been removed by this
CVE fix, we can remove this option from these configs in
cip-kernel-config repo.

- 4.19.y-cip/x86/cip_qemu_defconfig
- 4.19.y-cip/x86/plathome_obsvx2.config
- 4.19.y-cip-rt/x86/siemens_i386-rt.config
- 4.4.y-cip/x86/cip_qemu_defconfig


CVE-2021-29256.yml -- Mali GPU Kernel Driver elevates CPU RO pages to writable

According to the
https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver
, it said "This issue is fixed in Bifrost and Valhall GPU Kernel
Driver r30p0. It will be fixed in future Midgard release. Users are
recommended to upgrade if they are impacted by this issue." so it
seems that CVE hasn't been fixed yet.

CVE-2021-31615 -- InjectaBLE: Injecting malicious traffic into
established Bluetooth Low Energy connections

According to the
https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver
, it said "This issue is fixed in Bifrost and Valhall GPU Kernel
Driver r30p0. It will be fixed in future Midgard release. Users are
recommended to upgrade if they are impacted by this issue." so it
seems that CVE hasn't been fixed yet.

CVE-2021-35039 -- Without CONFIG_MODULE_SIG, verification that a
kernel module is signed, for loading via init_module, does not occur
for a module.sig_enforce=1 command-line argument.

Fixed status

cip/4.19: [ff660863628fb144badcb3395cde7821c82c13a6]
cip/linux-4.4: not affected
cip/linux-4.4-rt: not affected
cip/5.10: not fixed yet

Regards,

--
Masami Ichikawa
Cybertrust Japan Co., Ltd.

Email :masami.ichikawa@...
:masami.ichikawa@...