Re: New CVE entries this week

Pavel Machek


New CVEs

CVE-2020-3702: Specifically timed and handcrafted traffic can cause
internal errors in a WLAN device that lead to improper layer 2 Wi-Fi
encryption with a consequent possibility of information disclosure
over the air for a discrete set of traffic

This CVE affects ath9k driver.

Fixed status

mainline: [56c5485c9e444c2e85e11694b6c44f1338fc20fd,
At least some of the relevant fixes are queued for
5.10.61/4.19. Likely this will resolve itself.

CVE-2021-3600: eBPF 32-bit source register truncation on div/mod

The vulnerability has been introduced since 4.15-rc9. 4.4 is not
affected. 4.19 is not fixed yet as of 2021/08/26.

mainline: [e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90]
stable/5.10: [1d16cc210fabd0a7ebf52d3025f81c2bde054a90]
stable/5.4: [78e2f71b89b22222583f74803d14f3d90cdf9d12]
I took a look into this. Apparently 4.14 and 4.19 is affected. ( )

Due to BPF 32-bit subregister requirements (see bpf_design_QA.rst)
top 32 bits should be always zero when the 32 bit registers are in
use. So it could be possible to use BPF_JMP instead of BPF_JMP32.

Best regards,
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany

Join { to automatically receive all group messages.