Re: New CVE entries in this week

Home Messages Hashtags Subgroups

#7009

Re: New CVE entries in this week

Masami Ichikawa #7009 Hi ! On Thu, Nov 25, 2021 at 11:42 AM Masami Ichikawa via lists.cip-project.org <masami.ichikawa=miraclelinux.com@...> wrote: Hi ! It's this week's CVE report. This week reported two new CVEs. * New CVEs CVE-2021-33098: Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may allow an authenticated user to potentially enable denial of service via local access. CVSS v3 score is 5.5 MEDIUM. Intel released fixed version of driver kit. Not sure this CVE affects mainline's source code. Fixed status Intel released fixed version of driver kit. CVE-2021-4001: bpf: Fix toctou on read-only map''s constant scalar tracking CVSS v3 score is not provided. This bug was introduced in 5.5-rc1 and fixed in 5.16-rc2. Patch for 5.15 is in stable-rt tree. Patch for 5.4(https://lore.kernel.org/stable/163757721744154@kroah.com/) and 5.10(https://lore.kernel.org/stable/1637577215186161@kroah.com/) are failed to apply. However, this bug was introduced in 5.5-rc1 so 5.4 can be ignored? Fixed status mainline: [353050be4c19e102178ccc05988101887c25ae53] I attached a patch for 5.10. * Updated CVEs CVE-2021-3640: UAF in sco_send_frame function 5.10 and 5.15 are fixed this week. Fixed status mainline: [99c23da0eed4fd20cae8243f2b51e10e66aa0951] stable/5.10: [4dfba42604f08a505f1a1efc69ec5207ea6243de] stable/5.14: [2c2b295af72e4e30d17556375e100ae65ac0b896] stable/5.15: [b990c219c4c9d4993ef65ea9db73d9497e70f697] stable/5.4: [d416020f1a9cc5f903ae66649b2c56d9ad5256ab] CVE-2021-43975: atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait The mainline kernel was fixed in 5.16-rc2. Fixed status mainline: [b922f622592af76b57cbc566eaeccda0b31a3496] Currently tracking CVEs CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 There is no fix information. CVE-2020-26555: BR/EDR pin code pairing broken No fix information CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning No fix information. CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh Provisioning Leads to MITM No fix information. CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning No fix information. CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning No fix information. Regards, -- Masami Ichikawa Cybertrust Japan Co., Ltd. Email :masami.ichikawa@... :masami.ichikawa@... Regards, -- Masami Ichikawa Cybertrust Japan Co., Ltd. Email :masami.ichikawa@... :masami.ichikawa@... 0001-bpf-Fix-toctou-on-read-only-map-s-constant-scalar-tr.patch
More All Messages By This Member

View All 7 Messages In Topic

#7009

Join {cip-dev@lists.cip-project.org to automatically receive all group messages.

Home Hashtags Subgroups Terms