Re: New CVE entry this week


Nobuhiro Iwamatsu
 

Hi all,

-----Original Message-----
From: cip-dev@lists.cip-project.org [mailto:cip-dev@lists.cip-project.org] On Behalf Of Masami Ichikawa
Sent: Thursday, September 16, 2021 9:44 AM
To: cip-dev <cip-dev@lists.cip-project.org>
Subject: [cip-dev] New CVE entry this week

Hi !

It's this week's CVE report.

This week reported 4 new CVEs.

* New CVEs

CVE-2021-3744: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()

This bug is in the AMD Cryptographic Coprocessor (CCP) driver. This
bug is related to CVE-2021-3744.

In the cip-kernel-config directory, 4.4 kernel uses this driver.

$ find . -type f | xargs grep -n "ccp-ops.c"
./4.4.y-cip-rt/x86/siemens_i386-rt.sources:1716:drivers/crypto/ccp/ccp-ops.c
./4.4.y-cip-rt/all.sources:3665:drivers/crypto/ccp/ccp-ops.c

Fixed status

Patch is available but it hasn't been merged yet.

CVE-2021-3764: DoS in ccp_run_aes_gcm_cmd() function

This vulnerability is a memory leak which will cause Dos attack.
This bug is in the AMD Cryptographic Coprocessor (CCP) driver. This
bug is related to CVE-2021-3764.

Fixed status

Patch is available but it hasn't been merged yet.

CVE-2021-3752: UAF in bluetooth

There is a use after free bug in bluetooth module.

Fixed status

This CVE hasn't been fixed in the mainline yet.

CVE-2021-38300: bpf, mips: Validate conditional branch offsets

This bug only affects bpf in mips architecture. Patch is available,
but hasn't been merged yet.

Fixed status:

Not yet.

* Updated CVEs

CVE-2021-40490: A race condition was discovered in
ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem
in the Linux kernel through 5.13.13

kernel 5.4 has been fixed.

Fixed status

mainline: [a54c4613dac1500b40e4ab55199f7c51f028e848]
stable/5.10: [09a379549620f122de3aa4e65df9329976e4cdf5]
stable/5.13: [c764e8fa4491da66780fcb30a0d43bfd3fccd12c]
stable/5.14: [f8ea208b3fbbc0546d71b47e8abaf98b0961dec1]
stable/5.4: [9b3849ba667af99ee99a7853a021a7786851b9fd]
Note: This is included in the -rc release of other trees.
4.4.y-rc: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/commit/?h=linux-4.4.y&id=bfba6dcbeba21e153f80b203cdf95e19fbf6b094
4.19.y-rc: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/commit/?h=linux-4.19.y&id=05738f962071285a60b92d30fd4bbc5375d67df7


CVE-2021-3635: flowtable list del corruption with kernel BUG at
lib/list_debug.c:50

This vulnerability has been affected from 4.16-rc1 to 5.5-rc7.
Therefore 4.4 kernel, and above 5.5 kernels aren't affected.

Fixed status

cip/4.19: [8260ce5aeee4d7c4a6305e469edeae1066de2800]
cip/4.19-rt: [8260ce5aeee4d7c4a6305e469edeae1066de2800]
mainline: [335178d5429c4cee61b58f4ac80688f556630818]
stable/4.19: [8260ce5aeee4d7c4a6305e469edeae1066de2800]
stable/5.4: [8f4dc50b5c12e159ac846fdc00702c547fdf2e95]

Currently tracking CVEs

CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in
Bluetooth Core Specifications 4.0 through 5.2

There is no fix information.

CVE-2021-3640: UAF in sco_send_frame function

There is no fix information.

CVE-2020-26555: BR/EDR pin code pairing broken

No fix information

CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning

No fix information.

CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh
Provisioning Leads to MITM

No fix information.

CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning

No fix information.

CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning

No fix information.

Best regards,
Nobuhiro

Join cip-dev@lists.cip-project.org to automatically receive all group messages.