Re: New CVE entries in this week


Masami Ichikawa
 

Hi !

On Thu, Jan 13, 2022 at 5:07 PM Pavel Machek <pavel@...> wrote:

Hi!

* New CVEs

CVE-2021-39633: ip_gre: add validation for csum_start

CVSS v3 score is not provided

An information leak bug was found in gre_handle_offloads() which is in
net/ipv4/ip_gre.c.
This fix uses skb_checksum_start() to check data but this function was
introduced at 4.6-rc1 commit 08b64fc ("net: Store checksum result for
offloaded GSO checksums") so applying this patch requires commit
08b64fc too.

Fixed status

mainline: [1d011c4803c72f3907eccfc1ec63caefb852fcbf]
stable/4.9: [41d5dfa408130433cc5f037ad89bed854bf936f7]
So this needs more investigation and possibly 4.4 port? 08b64fc looks
quite small/simple.
I checked it.
It required following patches to apply commit 1d011c4 ("ip_gre: add
validation for csum_start")

1. 7644345 ("net: Move GSO csum into SKB_GSO_CB")
2. 08b64fc ("net: Store checksum result for offloaded GSO checksums")

Commit 1d011c4 required commit 08b64fc and 08b64fc required commit
7644345. Both commit 7644345 and 08b64fc are able to apply to
stable/4.4.y tree without any modification. Commit 1d011c4 needed an
easy fix.

CVE-2021-39634: epoll: do not insert into poll queues until all sanity
checks are done

CVSS v3 score is not provided

A local attacker could gain his privilege by abusing this bug. All
stable kernels and the mainline kernels have already been fixed.

Fixed status
...and 4.19 and older is fixed, and 5.10 already contains
f8d4f44df056c5b504b0d49683fb7279218fd207, so nothing to do here. Good.

CVE-2021-4204: eBPF Improper Input Validation Vulnerability

CVSS v3 score is not provided

A local attacker can escalate privileges via this bug.
This bug is affecting the 5.8 or later kernel. The commit 457f4436
("bpf: Implement BPF ring buffer and verifier support for it")
introduced this issue.

To mitigate this issue, set kernel.unprivileged_bpf_disabled to 1.

Fixed status

Not fixed yet.
Apparently Ubuntu has a fix for this. But I guess we can wait till it
hits mainline.

Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany


Regards,
--
Masami Ichikawa
Cybertrust Japan Co., Ltd.

Email :masami.ichikawa@...
:masami.ichikawa@...

Join cip-dev@lists.cip-project.org to automatically receive all group messages.