Re: New CVE entries in this week

Home Messages Hashtags Subgroups

Pavel Machek #7014 Hi! * Updated CVEs CVE-2021-3640: UAF in sco_send_frame function 5.10 and 5.15 are fixed this week. Fixed status mainline: [99c23da0eed4fd20cae8243f2b51e10e66aa0951] stable/5.10: [4dfba42604f08a505f1a1efc69ec5207ea6243de] stable/5.14: [2c2b295af72e4e30d17556375e100ae65ac0b896] stable/5.15: [b990c219c4c9d4993ef65ea9db73d9497e70f697] stable/5.4: [d416020f1a9cc5f903ae66649b2c56d9ad5256ab] Interesting. commit 99c23da0eed4fd20cae8243f2b51e10e66aa0951 Author: Takashi Iwai <tiwai@...> Says: This should be the last piece for fixing CVE-2021-3640 after a few already queued fixes. Which means more than 99c23da0eed is needed to fix this one, unfortunately it does not give us good way to identify what commits are needed. CVE-2021-43975: atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait The mainline kernel was fixed in 5.16-rc2. Fixed status mainline: [b922f622592af76b57cbc566eaeccda0b31a3496] This is protection of kernel against malicious hardware. I believe we can ignore this. Best regards, Pavel -- DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany signature.asc signature.asc
More All Messages By This Member

Join cip-dev@lists.cip-project.org to automatically receive all group messages.