Re: New CVE entries in this week

Home Messages Hashtags Subgroups
#7083
Re: New CVE entries in this week

Masami Ichikawa
Hi !

On Thu, Dec 9, 2021 at 6:21 PM Pavel Machek <pavel@...> wrote:

Hi!

* New CVEs

CVE-2021-39636: "no details"

CVSS v3 score is not provided

There is no vulnerability details yet. However, there is five patches
are addressed so the bug is in the netfilter module.

f32815d ("xtables: add xt_match, xt_target and data copy_to_user
functions"): merged in 4.11-rc1
f77bc5b ("iptables: use match, target and data copy_to_user helpers"):
merged in 4.11-rc1
e47ddb2 ("ip6tables: use match, target and data copy_to_user
helpers"): merged in 4.11-rc1
ec23189 ("xtables: extend matches and targets with .usersize"): merged
in 4.11-rc1
1e98ffe ("netfilter: x_tables: fix pointer leaks to userspace"):
merged in 4.16-rc1. This fixes commit ec23189 ("xtables: extend
matches and targets with .usersize") that was merged in 4.11-rc1.

Fixed status

mainline: [f32815d21d4d8287336fb9cef4d2d9e0866214c2,
f77bc5b23fb1af51fc0faa8a479dea8969eb5079,
  e47ddb2c4691fd2bd8d25745ecb6848408899757,
ec23189049651b16dc2ffab35a4371dc1f491aca,
  1e98ffea5a8935ec040ab72299e349cb44b8defd]
stable/4.14: [f32815d21d4d8287336fb9cef4d2d9e0866214c2,
f77bc5b23fb1af51fc0faa8a479dea8969eb5079,
  e47ddb2c4691fd2bd8d25745ecb6848408899757,
ec23189049651b16dc2ffab35a4371dc1f491aca,
  ad10785a706e63ff155fc97860cdcc5e3bc5992d]Hmm. Fun. 1e98ffea5a8935ec040ab72299e349cb44b8defd may have a clue:

    This leads to kernel pointer leaks if a match/target is set
    and then read back to userspace.

So that sounds like KASLR workaround? iptables are normally limited to
priviledged users, and KASLR is just a technology to make exploitation
hard. I don't think we care too much here.
I got it.

CVE-2018-25020: bpf: fix truncated jump targets on heavy expansions

CVSS v3 score is not provided

Fixed status

The BPF subsystem in the kernel through 4.17-rc7 has overflow bug.

mainline: [050fad7c4534c13c8eb1d9c2ba66012e014773cb]Fun. JITs are hard to get right. I guess "avoid BPF" and "certainly
don't allow unpriviledged access to BPF" is good advice.
Yeah, I agree.

Best regards,
                                                                Pavel
--
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany


Regards,


-- 
Masami Ichikawa
Cybertrust Japan Co., Ltd.

Email :masami.ichikawa@...
          :masami.ichikawa@...
View All 3 Messages In Topic
#7083
Join {cip-dev@lists.cip-project.org to automatically receive all group messages.
Home Hashtags Subgroups Terms