On Thu, Nov 4, 2021 at 6:57 PM Pavel Machek <pavel@...> wrote:
CVE-2021-34981: Bluetooth CMTP Module Double Free Privilege EscalationThis seems to be fixed in stable/4.4, too, as
This CVE is fixed in 5.14-rc1.
61a811e8f5229264b822361f8b23d7638fd8c914. And cip-kernel-sec says so,
Thanks. I accidentally removed stable/4.4 from the above list.
CVE-2021-34981.yml contains stable/4.4 too.
CVE-2021-43267: tipc: fix size validations for the MSG_CRYPTO typeAFAICT the vulnerability was introduced by 1ef6f7c9390f in
This vulnerability was introduced since 5.1-rc1 so before 5.10 kernels
aren't affected by this issue.
The mainline and stable kernels have been fixed.
5.9-rc3. But that does not change anything for us.
* Updated CVEsAFAICT it is more of "if attacker can send packets with spoofed IP
CVE-2021-3772: Invalid chunks may be used to remotely remove existing
This bug is in SCTP stack that attacker may be able to send packet
with spoofed IP address if attacker knows IP address and port number
addresses, he can...". Many of our configs use SCTP.
NVD hasn't given CVSS v3 Scores yet. However Red Hat and SUSE both
give it a score of 5.9. So it looks like it's not too serious issue.
Of course, it'd be nice to have patches.https://access.redhat.com/security/cve/CVE-2021-3772https://www.suse.com/security/cve/CVE-2021-3772.html
CVE-2021-42327: drm/amdgpu: fix out of bounds writeThis looks quite easy to fix, OTOH CIP configs do not use amdgpu and
The parse_write_buffer_into_params() was introduced since 5.9 so
before 5.9 kernels aren't affected by this vulnerability.
This CVE was fixed by 5afa7898ab7a ("drm/amdgpu: fix out of bounds
write"), however next commit 3f4e54bd312d ("drm/amdgpu: Fix even more
out of bound writes from debugfs") said that amdgpu_dm_debugfs.c
contains same issues so it'd be nice to apply 3f4e54bd312d
("drm/amdgpu: Fix even more out of bound writes from debugfs") too.
it is not too serious in the fist place.
CVE-2021-20322: new DNS Cache Poisoning Attack based on ICMP fragmentIt would not be bad to understand the problem in the first place. Yes,
needed packets replies
Update stable/5.4 and stable/4.19 fixed revisions.
It seems like stable/4.4 and stable/4.9 need backport following patches.
- 4785305c05b2 ("ipv6: use siphash in rt6_exception_hash()")
- a00df2caffed ("ipv6: make exception cache less predictible")
- 6457378fe796 ("ipv4: use siphash instead of Jenkins in
I guess different hashes have different qualities, but...
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Cybertrust Japan Co., Ltd.