Re: New CVE entries in this week


Nobuhiro Iwamatsu
 

Hi,

-----Original Message-----
From: cip-dev@... <cip-dev@...> On
Behalf Of Masami Ichikawa
Sent: Thursday, January 27, 2022 8:51 AM
To: cip-dev <cip-dev@...>
Subject: [cip-dev] New CVE entries in this week

Hi !

It's this week's CVE report.

This week reported 4 new CVEs.

* New CVEs

CVE-2022-0322: sctp: account stream padding length for reconf chunk

CVSS v3 score is not provided

This issue was introduced by commit cc16f00 ("sctp: add support for
generating stream reconf ssn reset request chunk") at 4.11-rc1 so 4.9 and 4.4
aren't affected by this issue. All kernels have been fixed.

Fixed status

mainline: [a2d859e3fc97e79d907761550dbc03ff1b36479c]
stable/4.14: [41f0bcc7d9eac315259d4e9fb441552f60e8ec9e]
stable/4.19: [c57fdeff69b152185fafabd37e6bfecfce51efda]
stable/5.10: [d84a69ac410f6228873d05d35120f6bdddab7fc3]
stable/5.4: [d88774539539dcbf825a25e61234f110513f5963]

CVE-2022-0264: bpf: Fix kernel address leakage in atomic fetch

CVSS v3 score is not provided

A local user who has certain privileges is able to gather kernel internal memory
addresses.
This issue was introduced by commit 38086bf ("bpf: Propagate stack bounds
to registers in atomics w/ BPF_FETCH") that was merged in 5.12-rc1-dontuse.
Fixed in 5.17-rc1. so before 5.12 kernels aren't affected this issue.

Fixed status

mainline: [7d3baf0afa3aa9102d6a521a8e4c41888bb79882]
stable/5.15: [423628125a484538111c2c6d9bb1588eb086053b]

CVE-2022-0330: drm/i915: Flush TLBs before releasing backing store

CVSS v3 score is not provided

Vulnerability in the i915 driver. Without an active IOMMU malicious userspace
can gain access (from the code executing on the GPU) to random memory
pages.

Fixed status

mainline: [7938d61591d33394a21bdd7797a245b65428f44c]

CVE-2021-22600: net/packet: rx_owner_map depends on pg_vec

CVSS v3 score: NIST: not provided
CVSS v3 score: CNA: 6.6 medium

A double free bug in packet_set_ring() in net/packet/af_packet.c can be
exploited by a local user through crafted syscalls to escalate privileges or deny
service.
This issue was introduced by commit 61fad68 ("net/packet: tpacket_rcv:
avoid a producer race condition"). This commit was merged in 5.6.
However, it was backported to 5.4, 4.19, and 4.14 so that these kernels are also
affected but 4.4 and 4.9 are not backported.
Because commit 61fad68 was not backported to 4.4 and 4.9.
I think we need to make sure this is also needed for 4.4.


Fixed status

mainline: [ec6af094ea28f0f2dda1a6a33b14cd57e36a9755]
stable/4.14: [a829ff7c8ec494eca028824628a964cde543dc76]
stable/4.19: [18c73170de6719491f79b04c727ea8314c246b03]
stable/5.10: [7da349f07e457cad135df0920a3f670e423fb5e9]
stable/5.15: [feb116a0ecc5625d6532c616d9a10ef4ef81514b]
stable/5.4: [027a13973dadb64ef4f19db56c9b619ee82c3375]
Best regards,
Nobuhiro

Join cip-dev@lists.cip-project.org to automatically receive all group messages.