New CVE entries this week


Masami Ichikawa
 

Hi !

It's this week's CVE report.

* CVE short summary

** New CVEs

CVE-2021-3653: mainline, 5.10, 5.13, 5.4 are fixed.

CVE-2021-3656: mainline, 5.10, 5.13, 5.4 are fixed. 4.4 is not affected.

** Updated CVEs

CVE-2021-33624: mainline, 4.19, 5.10, 5,12, 5.4 are fixed. 4.4 is not
affected by this vulnerability.

CVE-2021-38198: mainline, 4.19, 5.10, 5.4 are fixed. 4.4 affects this
vulnerability.

CVE-2021-38205: mainline and stable kernels are fixed.

** Tracking CVEs

CVE-2021-31615: there is no fixed information as of 2021/08/12

CVE-2021-3640: there is no fixed information as of 2021/08/12


* CVE detail

New CVEs

CVE-2021-3653: KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl

CVE-2021-3653 and CVE-2021-3656 are vulnerable when nested kvm is enabled.

Patch for 4.19 is backported by
https://lore.kernel.org/stable/20210816140240.11399-2-pbonzini@redhat.com/
but not applyed yet.

Fixed status

mainline: [0f923e07124df069ba68d8bb12324398f4b6b709]
stable/5.10: [c0883f693187c646c0972d73e525523f9486c2e3]
stable/5.13: [a0949ee63cf95408870a564ccad163018b1a9e6b]
stable/5.4: [7c1c96ffb658fbfe66c5ebed6bcb5909837bc267]

CVE-2021-3656: KVM: nSVM: always intercept VMLOAD/VMSAVE when nested

This vulnerability has been introduced since 4.13-rc1 so that 4.4
kernel is not affected.
CVE-2021-3653 and CVE-2021-3656 are vulnerable when nested kvm is enabled.

Patch for 4.19 is backported by
https://lore.kernel.org/stable/20210816140240.11399-9-pbonzini@redhat.com/
but not applyed yet.

Fixed status

mainline: [c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc]
stable/5.10: [3dc5666baf2a135f250e4101d41d5959ac2c2e1f]
stable/5.13: [639a033fd765ed473dfee27028df5ccbe1038a2e]
stable/5.4: [a17f2f2c89494c0974529579f3552ecbd1bc2d52]

Updated CVEs

CVE-2021-33624: Linux kernel BPF protection against speculative
execution attacks can be bypassed to read arbitrary kernel memory

The main patch 9183671af6dbf60a1219371d4ed73e23f43b49db fixes commit
b2157399cc9898260d6031c5bfe45fe137c1fbe7 which has been merged since
4.15-rc8 so 4.4 aren't affected this vulnerability.

Fixed status

mainline: [d203b0fd863a2261e5d00b97f3d060c4c2a6db71,
fe9a5ca7e370e613a9a75a13008a3845ea759d6e,
9183671af6dbf60a1219371d4ed73e23f43b49db,
973377ffe8148180b2651825b92ae91988141b05]
stable/4.19: [0abc8c9754c953f5cd0ac7488c668ca8d53ffc90,
c510c1845f7b54214b4117272e0d87dff8732af6,
9df311b2e743642c5427ecf563c5050ceb355d1d,
c15b387769446c37a892f958b169744dabf7ff23]
stable/5.10: [e9d271731d21647f8f9e9a261582cf47b868589a,
8c82c52d1de931532200b447df8b4fc92129cfd9,
5fc6ed1831ca5a30fb0ceefd5e33c7c689e7627b]
stable/5.12: [408a4956acde24413f3c684912b1d3e404bed8e2,
68a1936e1812653b68c5b68e698d88fb35018835,
4a99047ed51c98a09a537fe2c12420d815dfe296,
e5e2010ac3e27efa1e6e830b250f491da82d51b4]
stable/5.4: [283d742988f6b304f32110f39e189a00d4e52b92,
d2f790327f83b457db357e7c66f942bc00d43462,
fd568de5806f8859190e6305a1792ba8cb20de61,
a0f66ddf05c2050e1b7f53256bd9c25c2bb3022b]

CVE-2021-38198: KVM: X86: MMU: Use the correct inherited permissions
to get shadow page

This vulnerability has been introduced since 2.6.20-rc4 so 4.4 affects
this CVE but patch didn't apply to 4.4
(https://lore.kernel.org/stable/162358450944186@kroah.com/). 4.19 also
failed to apply this patch but backport patch has been merged
recently(https://lore.kernel.org/stable/20210812174140.2370680-1-ovidiu.panait@windriver.com/).


Fixed status

mainline: [b1bd5cba3306691c771d558e94baa73e8b0b96b7]
stable/4.19: [4c07e70141eebd3db64297515a427deea4822957]
stable/5.10: [6b6ff4d1f349cb35a7c7d2057819af1b14f80437]
stable/5.4: [d28adaabbbf4a6949d0f6f71daca6744979174e2]

CVE-2021-38205: net: xilinx_emaclite: Do not print real IOMEM pointer

We talked about this CVE at previous weekly CVE report. Thank your for
Pavel to backport the patch.

Fixed status

mainline: [d0d62baa7f505bd4c59cd169692ff07ec49dde37]
stable/4.14: [1994eacac7af52da86e4b0cb6ae61621bef7393f]
stable/4.19: [9322401477a6d1f9de8f18e5d6eb43a68e0b113a]
stable/4.4: [3d4ba14fc5ffbe5712055af09a5c0cbab93c0f44]
stable/4.9: [ffdc1e312e2074875147c1df90764a9bae56f11f]
stable/5.10: [25cff25ec60690247db8138cd1af8b867df2c489]
stable/5.13: [8722275b41d5127048e1422a8a1b6370b4878533]
stable/5.4: [38b8485b72cbe4521fd2e0b8770e3d78f9b89e60]

Currently tracking CVEs

CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in
Bluetooth Core Specifications 4.0 through 5.2

There is no fixed information as of 2021/08/19.

CVE-2021-3640: UAF in sco_send_frame function

There is no fixed information as of 2021/08/19.

Regards,


--
Masami Ichikawa
Cybertrust Japan Co., Ltd.

Email :masami.ichikawa@cybertrust.co.jp
:masami.ichikawa@miraclelinux.com

Join cip-dev@lists.cip-project.org to automatically receive all group messages.