On Thu, Jul 29, 2021 at 4:47 PM Pavel Machek <pavel@...> wrote:
** Traking CVEsThis is basically missing memset. Does not look evil to backport.
CVE-2021-21781: v4.4 is not fixed as of 2021/07/29
CVE-2021-3655: v4.4 is not fixed as of 2021/07/29This may need more careful look. There are 4 patches fixing this in
mainline, but only two in
5.10. c7da1d1ed43a6c2bece0d287e2415adf2868697e should be easy to
backport to 4.4.
Okay. I'll take another look.
CVE-2021-31829: Linux kernel protection of stack pointer againstStrange, this talks about CVE-2021-22543 in the changelog.
speculative pointer arithmetic can be bypassed to leak content of
ok, I'll check again.
CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in
Bluetooth Core Specifications 4.0 through 5.2
Not fiexd in mainline yet
CVE-2021-3655: missing size validations on inbound SCTP packetsI guess this should be listed in stable/4.4: ... then?
According to cip-kernel-sec's scripts v4.4 is not fixed as of 2021/07/29
One of a patch 50619dbf8db77e98d821d615af4f634d08e22698 is included.
Yes, it is. I'll add it.
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Cybertrust Japan Co., Ltd.