New CVE entry this week
Masami Ichikawa
Hi !
It's this week's CVE report. This week reported one new CVE. * New CVEs CVE-2021-20317: lib/timerqueue: Rely on rbtree semantics for next timer This bug has been fixed in 5.4-rc1 so that before 5.4 kernels are affected. For 4.19, patch can be applied without any modification. For 4.4, it needs to modify patch to apply it. According to the description in cve.mitre.org(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20317), it describes "This flaw allows a local attacker with special user privileges to cause a denial of service" so I think this vulnerability severity may be low. CVSS v3 score is not provided. Fixed status mainline: [511885d7061eda3eb1faf3f57dcc936ff75863f1] stable/5.10: [511885d7061eda3eb1faf3f57dcc936ff75863f1] stable/5.14: [511885d7061eda3eb1faf3f57dcc936ff75863f1] stable/5.4: [511885d7061eda3eb1faf3f57dcc936ff75863f1] * Updated CVEs No updated CVEs this week. Currently tracking CVEs CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 There is no fix information. CVE-2021-3640: UAF in sco_send_frame function There is no fix information. CVE-2020-26555: BR/EDR pin code pairing broken No fix information CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning No fix information. CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh Provisioning Leads to MITM No fix information. CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning No fix information. CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning No fix information. Regards, -- Masami Ichikawa Cybertrust Japan Co., Ltd. Email :masami.ichikawa@... :masami.ichikawa@...
|
|