Re: New CVE in this week

Pavel Machek


CVE-2022-0185: vfs: fs_context: fix up param length parsing in
mainline: [722d94847de29310e8aa03fcbdb41fc92c521756]
This one is queued up for 5.10.93. We likely don't need to do anything

CVE-2021-4095: 'KVM: NULL pointer dereference in kvm_dirty_ring_get()
in virt/kvm/dirty_ring.c'

This issue was fixed in the mainline this week. It introduced at
commit 629b534 ("KVM: x86/xen: update wallclock region") which was
merged in 5.12-rc1-dontuse.
As it does not affect "our" kernels, we don't need to do anything. Good.

CVE-2021-4197: cgroup: Use open-time creds and namespace for migration
perm checks

Commit 1756d79 ("cgroup: Use open-time credentials for process
migraton perm checks") failed to apply to 4.4, 4.9, 4.14, 4.19,
5.4,and 5.10. This commit fixes 187fe84 ("cgroup: require write perm
on common ancestor when moving processes on the default hierarchy")
which was merged in 4.2-rc1.
This one looks relatively simple.

Commit 0d2b595 ("cgroup: Allocate cgroup_file_ctx for
kernfs_open_file->priv") failed to apply to 4.14, 4.19, 5.4, and 5.10.

Commit e574576 ("cgroup: Use open-time cgroup namespace for process
migration perm checks") was failed to apply to 4.14, 4.19, 5.4, and
5.10. This commit fixes 5136f63 ("cgroup: implement "nsdelegate" mount
option") which was merged in 4.13-rc1.
Unfortunatley these two are more complicated.

Best regards,

DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany

Join to automatically receive all group messages.