Re: New CVE entry this week

Pavel Machek


CVE-2021-3759: memcg: charge semaphores and sem_undo objects

This causes DoS attack. Patch was merged into mainline this week.

for 4.19, it needs modify or apply following patches to apply commit
I don't think we need to care about this one. Embedded systems don't
usually run untrusted code...

CVE-2021-40490: A race condition was discovered in
ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem
in the Linux kernel through 5.13.13.
This is already queued to 4.4 and 4.19; we can simply wait.

CVE-2021-38198: KVM: X86: MMU: Use the correct inherited permissions
to get shadow page

4.14 has been fixed this week.

mainline: [b1bd5cba3306691c771d558e94baa73e8b0b96b7]
stable/4.14: [cea9e8ee3b8059bd2b36d68f1f428d165e5d13ce]
KVM. Tricky code and not exactly focus on CIP code. But perhaps
someone fixes it for us :-).

Best regards,
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany

Join to automatically receive all group messages.