Re: New CVE entries this week


Masami Ichikawa
 

Hi !

On Thu, Aug 12, 2021 at 2:43 PM Pavel Machek <pavel@...> wrote:

Hi!

* CVE detail

New CVEs
CVE-2021-38205: net: xilinx_emaclite: Do not print real IOMEM pointer

xemaclite_of_probe() in drivers/net/ethernet/xilinx/xilinx_emaclite.c
leaks kernel memory layout.

Fixed status

mainline: [d0d62baa7f505bd4c59cd169692ff07ec49dde37]
stable/5.13: [8722275b41d5127048e1422a8a1b6370b4878533]
This affects our kernels (I looked at 5.10.57 and 4.4.277). On one
hand we could ask for backport, on the other... I'm not sure it is
serious enough to warrant any action.
I think this vulnerability seems to be low priority because an
attacker needs another vulnerability to abuse this vulnerability.
However, it would be nice to backport the patch too.

Best regards,
Pavel

--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany


Regards,
--
Masami Ichikawa
Cybertrust Japan Co., Ltd.

Email :masami.ichikawa@...
:masami.ichikawa@...

Join cip-dev@lists.cip-project.org to automatically receive all group messages.