Date   

Re: [isar-cip-core][PATCH 0/2] kas update and menu support

Jan Kiszka
 

On 26.10.21 10:21, Gylstorff Quirin wrote:
Hi,

On 10/22/21 7:40 PM, Jan Kiszka wrote:
With kas 2.6 being released, this now allows to adopt the new "menu"
feature and make the various image flavors and options more accessible.

Quirin, please have a look if I modeled the dependencies for secure boot
and SWUpdate correctly, exposed reasonable combinations and didn't
forget something useful.
I check it and all option are there.
Thanks for checking, Quirin.

It looks like we still have some issues around the security image. For
which Debian releases is this supported, Venkata?

Jan

Quirin


@all: Please play a bit with the options and check if you find anything
that does not work (crowd-sourced randconfig...).

Thanks,
Jan

Jan Kiszka (2):
   Update to kas 2.6
   Add kconfig menu

  .gitlab-ci.yml                       |   2 +-
  Kconfig                              | 146 +++++++++++++++++++++++++++
  README.md                            |  39 ++++---
  kas/opt/ebg-secure-boot-base.yml     |   2 +-
  kas/opt/ebg-secure-boot-snakeoil.yml |   2 +-
  kas/opt/ebg-snakeoil-swu.yml         |   4 +-
  kas/opt/ebg-swu.yml                  |   4 +-
  7 files changed, 177 insertions(+), 22 deletions(-)
  create mode 100644 Kconfig




--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux


New CVE entries this week

Masami Ichikawa
 

Hi !

It's this week's CVE report.

This week reported 3 new CVEs. These CVEs are already fixed.

* New CVEs

CVE-2021-3896: isdn: cpai: check ctr->cnr to avoid array index out of bound

According to the cip-kernel-config, no CIP member enables CONFIG_ISDN
so CIP member won't affect this vulnerability.

CVSS v3 score is not provided.

Fixed in 5.15-rc6. All stable kernels are fixed.

Fixed status

mainline: [1f3e2e97c003f80c4b087092b225c8787ff91e4d]
stable/4.14: [9b6b2db77bc3121fe435f1d4b56e34de443bec75]
stable/4.19: [7d91adc0ccb060ce564103315189466eb822cc6a]
stable/4.4: [e8b8de17e164c9f1b7777f1c6f99d05539000036]
stable/4.9: [24219a977bfe3d658687e45615c70998acdbac5a]
stable/5.10: [7f221ccbee4ec662e2292d490a43ce6c314c4594]
stable/5.14: [cc20226e218a2375d50dd9ac14fb4121b43375ff]
stable/5.4: [285e9210b1fab96a11c0be3ed5cea9dd48b6ac54]

CVE-2021-3760: nfc: nci: fix the UAF of rf_conn_info object

CVSS v3 score is not provided.

Fixed in 5.15-rc6. All stable kernels are fixed.

Fixed status

mainline: [1b1499a817c90fd1ce9453a2c98d2a01cca0e775]
stable/4.14: [a2efe3df65359add2164740a5777c26e64dd594b]
stable/4.19: [1ac0d736c8ae9b59ab44e4e80ad73c8fba5c6132]
stable/4.4: [1d5e0107bfdbef6cc140fb5d7a1a817a40948528]
stable/4.9: [8a44904ce83ebcb1281b04c8d37ad7f8ab537a3d]
stable/5.10: [77c0ef979e32b8bc22f36a013bab77cd37e31530]
stable/5.14: [6197eb050cfab2c124cd592594a1d73883d7f9e8]
stable/5.4: [1f75f8883b4fe9fe1856d71f055120315e758188]

CVE-XXXX-XXXXX: KVM: PPC: Book3S HV: Make idle_kvm_start_guest()
return 0 if it went to guest

CVE number hasn't been assigned yet.

This vulnerability has been introduced since 5.2-rc1 so before 5.2
kernels aren't affected this issue. also it's only affected powerpc
architecture.

Fixed status

mainline: [cdeb5d7d890e14f3b70e8087e745c4a6a7d9f337]
stable/5.10: [197ec50b2df12dbfb17929eda643b16117b6f0ca]
stable/5.14: [5a8c22e7fb66260c9182ee3a3085c2046503c54b]
stable/5.4: [d0148cfaf89ce2af0d76e39943e200365e7fc99a]

* Updated CVEs

CVE-2021-20321: ovl: fix missing negative dentry check in ovl_rename()

stable/4.4 has been fixed this week. All stable kernels are fixed.

Fixed status

mainline: [a295aef603e109a47af355477326bd41151765b6]
stable/4.14: [1caaa820915d802328bc72e4de0d5b1629eab5da]
stable/4.19: [9d4969d8b5073d02059bae3f1b8d9a20cf023c55]
stable/4.4: [a4f281ffc1d128d7ea693cbc3a796e56e919fd7c]
stable/4.9: [286f94453fb34f7bd6b696861c89f9a13f498721]
stable/5.10: [9763ffd4da217adfcbdcd519e9f434dfa3952fc3]
stable/5.14: [71b8b36187af58f9e67b25021f5debbc04a18a5d]
stable/5.4: [fab338f33c25c4816ca0b2d83a04a0097c2c4aaf]

Currently tracking CVEs

CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in
Bluetooth Core Specifications 4.0 through 5.2

There is no fix information.

CVE-2021-3640: UAF in sco_send_frame function

Fixed in bluetooth-next tree.

https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/net/bluetooth/sco.c?id=99c23da0eed4fd20cae8243f2b51e10e66aa0951

CVE-2020-26555: BR/EDR pin code pairing broken

No fix information

CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning

No fix information.

CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh
Provisioning Leads to MITM

No fix information.

CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning

No fix information.

CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning

No fix information.


Regards,

--
Masami Ichikawa
Cybertrust Japan Co., Ltd.

Email :masami.ichikawa@cybertrust.co.jp
:masami.ichikawa@miraclelinux.com


Re: [isar-cip-core][PATCH 0/2] kas update and menu support

Quirin Gylstorff
 

Hi,

On 10/22/21 7:40 PM, Jan Kiszka wrote:
With kas 2.6 being released, this now allows to adopt the new "menu"
feature and make the various image flavors and options more accessible.
Quirin, please have a look if I modeled the dependencies for secure boot
and SWUpdate correctly, exposed reasonable combinations and didn't
forget something useful.
I check it and all option are there.

Quirin

@all: Please play a bit with the options and check if you find anything
that does not work (crowd-sourced randconfig...).
Thanks,
Jan
Jan Kiszka (2):
Update to kas 2.6
Add kconfig menu
.gitlab-ci.yml | 2 +-
Kconfig | 146 +++++++++++++++++++++++++++
README.md | 39 ++++---
kas/opt/ebg-secure-boot-base.yml | 2 +-
kas/opt/ebg-secure-boot-snakeoil.yml | 2 +-
kas/opt/ebg-snakeoil-swu.yml | 4 +-
kas/opt/ebg-swu.yml | 4 +-
7 files changed, 177 insertions(+), 22 deletions(-)
create mode 100644 Kconfig


cip/linux-4.19.y-cip build: 125 builds: 1 failed, 124 passed, 2 errors, 31 warnings (v4.19.213-cip60) #kernelci

kernelci.org bot <bot@...>
 

cip/linux-4.19.y-cip build: 125 builds: 1 failed, 124 passed, 2 errors, 31 warnings (v4.19.213-cip60)

Full Build Summary: https://kernelci.org/build/cip/branch/linux-4.19.y-cip/kernel/v4.19.213-cip60/

Tree: cip
Branch: linux-4.19.y-cip
Git Describe: v4.19.213-cip60
Git Commit: 7f69205acfea12da63e10ba3dcad0898b5fd88e5
Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git
Built: 3 unique architectures

Build Failure Detected:

arm:
rpc_defconfig: (gcc-10) FAIL

Errors and Warnings Detected:

arm64:
cip://4.19.y-cip/arm64/qemu_arm64_defconfig (gcc-10): 3 warnings
defconfig (gcc-10): 3 warnings
defconfig+crypto (gcc-10): 3 warnings
defconfig+ima (gcc-10): 3 warnings

arm:
omap1_defconfig (gcc-10): 1 warning
rpc_defconfig (gcc-10): 2 errors

x86_64:
cip://4.19.y-cip/x86/cip_qemu_defconfig (gcc-10): 3 warnings
x86_64_defconfig (gcc-10): 3 warnings
x86_64_defconfig+crypto (gcc-10): 3 warnings
x86_64_defconfig+ima (gcc-10): 3 warnings
x86_64_defconfig+x86-chromebook (gcc-10): 3 warnings
x86_64_defconfig+x86_kvm_guest (gcc-10): 3 warnings

Errors summary:

1 arm-linux-gnueabihf-gcc: error: unrecognized -march target: armv3
1 arm-linux-gnueabihf-gcc: error: missing argument to ‘-march=’

Warnings summary:

12 aarch64-linux-gnu-ld: warning: -z norelro ignored
6 ld: warning: creating DT_TEXTREL in a PIE
6 ld: arch/x86/boot/compressed/head_64.o: warning: relocation in read-only section `.head.text'
6 arch/x86/entry/entry_64.S:1738: Warning: no instruction mnemonic suffix given and no register operands; using default for `sysret'
1 drivers/gpio/gpio-omap.c:1233:34: warning: array ‘omap_gpio_match’ assumed to have one element

================================================================================

Detailed per-defconfig build reports:

--------------------------------------------------------------------------------
acs5k_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
acs5k_tiny_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
am200epdkit_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
aspeed_g4_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
aspeed_g5_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
assabet_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
at91_dt_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
axm55xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
badge4_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
bcm2835_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
cerfcube_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
cip://4.19.y-cip/arm/qemu_arm_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
cip://4.19.y-cip/arm64/qemu_arm64_defconfig (arm64, gcc-10) — PASS, 0 errors, 3 warnings, 0 section mismatches

Warnings:
aarch64-linux-gnu-ld: warning: -z norelro ignored
aarch64-linux-gnu-ld: warning: -z norelro ignored
aarch64-linux-gnu-ld: warning: -z norelro ignored

--------------------------------------------------------------------------------
cip://4.19.y-cip/x86/cip_qemu_defconfig (x86_64, gcc-10) — PASS, 0 errors, 3 warnings, 0 section mismatches

Warnings:
arch/x86/entry/entry_64.S:1738: Warning: no instruction mnemonic suffix given and no register operands; using default for `sysret'
ld: arch/x86/boot/compressed/head_64.o: warning: relocation in read-only section `.head.text'
ld: warning: creating DT_TEXTREL in a PIE

--------------------------------------------------------------------------------
cm_x2xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
cm_x300_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
colibri_pxa270_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
colibri_pxa300_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
collie_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
corgi_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
davinci_all_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
defconfig (arm64, gcc-10) — PASS, 0 errors, 3 warnings, 0 section mismatches

Warnings:
aarch64-linux-gnu-ld: warning: -z norelro ignored
aarch64-linux-gnu-ld: warning: -z norelro ignored
aarch64-linux-gnu-ld: warning: -z norelro ignored

--------------------------------------------------------------------------------
defconfig+crypto (arm64, gcc-10) — PASS, 0 errors, 3 warnings, 0 section mismatches

Warnings:
aarch64-linux-gnu-ld: warning: -z norelro ignored
aarch64-linux-gnu-ld: warning: -z norelro ignored
aarch64-linux-gnu-ld: warning: -z norelro ignored

--------------------------------------------------------------------------------
defconfig+ima (arm64, gcc-10) — PASS, 0 errors, 3 warnings, 0 section mismatches

Warnings:
aarch64-linux-gnu-ld: warning: -z norelro ignored
aarch64-linux-gnu-ld: warning: -z norelro ignored
aarch64-linux-gnu-ld: warning: -z norelro ignored

--------------------------------------------------------------------------------
dove_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
ebsa110_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
efm32_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
em_x270_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
ep93xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
eseries_pxa_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
exynos_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
ezx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
footbridge_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
gemini_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
h3600_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
h5000_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
hackkit_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
hisi_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
imote2_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
imx_v4_v5_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
imx_v6_v7_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
integrator_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
iop13xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
iop32x_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
iop33x_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
ixp4xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
jornada720_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
keystone_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
ks8695_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
lart_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
lpc18xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
lpc32xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
lpd270_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
lubbock_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
magician_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
mainstone_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
mini2440_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
mmp2_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
moxart_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
mps2_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
multi_v4t_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
multi_v5_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
multi_v7_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
multi_v7_defconfig+crypto (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
multi_v7_defconfig+ima (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
mvebu_v5_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
mvebu_v7_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
mxs_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
neponset_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
netwinder_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
netx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
nhk8815_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
nuc910_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
nuc950_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
nuc960_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
omap1_defconfig (arm, gcc-10) — PASS, 0 errors, 1 warning, 0 section mismatches

Warnings:
drivers/gpio/gpio-omap.c:1233:34: warning: array ‘omap_gpio_match’ assumed to have one element

--------------------------------------------------------------------------------
omap2plus_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
orion5x_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
oxnas_v6_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
palmz72_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
pcm027_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
pleb_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
prima2_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
pxa168_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
pxa255-idp_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
pxa3xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
pxa910_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
pxa_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
qcom_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
raumfeld_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
realview_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
rpc_defconfig (arm, gcc-10) — FAIL, 2 errors, 0 warnings, 0 section mismatches

Errors:
arm-linux-gnueabihf-gcc: error: unrecognized -march target: armv3
arm-linux-gnueabihf-gcc: error: missing argument to ‘-march=’

--------------------------------------------------------------------------------
s3c2410_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
s3c6400_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
s5pv210_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
sama5_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
shannon_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
shmobile_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
simpad_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
socfpga_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
spear13xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
spear3xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
spear6xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
spitz_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
stm32_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
sunxi_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
tango4_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
tct_hammer_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
tegra_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
trizeps4_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
u300_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
u8500_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
versatile_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
vexpress_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
vf610m4_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
viper_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
vt8500_v6_v7_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
x86_64_defconfig (x86_64, gcc-10) — PASS, 0 errors, 3 warnings, 0 section mismatches

Warnings:
arch/x86/entry/entry_64.S:1738: Warning: no instruction mnemonic suffix given and no register operands; using default for `sysret'
ld: arch/x86/boot/compressed/head_64.o: warning: relocation in read-only section `.head.text'
ld: warning: creating DT_TEXTREL in a PIE

--------------------------------------------------------------------------------
x86_64_defconfig+crypto (x86_64, gcc-10) — PASS, 0 errors, 3 warnings, 0 section mismatches

Warnings:
arch/x86/entry/entry_64.S:1738: Warning: no instruction mnemonic suffix given and no register operands; using default for `sysret'
ld: arch/x86/boot/compressed/head_64.o: warning: relocation in read-only section `.head.text'
ld: warning: creating DT_TEXTREL in a PIE

--------------------------------------------------------------------------------
x86_64_defconfig+ima (x86_64, gcc-10) — PASS, 0 errors, 3 warnings, 0 section mismatches

Warnings:
arch/x86/entry/entry_64.S:1738: Warning: no instruction mnemonic suffix given and no register operands; using default for `sysret'
ld: arch/x86/boot/compressed/head_64.o: warning: relocation in read-only section `.head.text'
ld: warning: creating DT_TEXTREL in a PIE

--------------------------------------------------------------------------------
x86_64_defconfig+x86-chromebook (x86_64, gcc-10) — PASS, 0 errors, 3 warnings, 0 section mismatches

Warnings:
arch/x86/entry/entry_64.S:1738: Warning: no instruction mnemonic suffix given and no register operands; using default for `sysret'
ld: arch/x86/boot/compressed/head_64.o: warning: relocation in read-only section `.head.text'
ld: warning: creating DT_TEXTREL in a PIE

--------------------------------------------------------------------------------
x86_64_defconfig+x86_kvm_guest (x86_64, gcc-10) — PASS, 0 errors, 3 warnings, 0 section mismatches

Warnings:
arch/x86/entry/entry_64.S:1738: Warning: no instruction mnemonic suffix given and no register operands; using default for `sysret'
ld: arch/x86/boot/compressed/head_64.o: warning: relocation in read-only section `.head.text'
ld: warning: creating DT_TEXTREL in a PIE

--------------------------------------------------------------------------------
xcep_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
zeus_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
zx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

---
For more info write to <info@kernelci.org>


[ANNOUNCE] Release v4.19.213-cip60

Nobuhiro Iwamatsu
 

Hi all,

CIP kernel team has released Linux kernel v4.19.213-cip60.
The linux-4.19.y-cip tree has been updated base version from v4.19.209
to v4.19.213, and there are no additional patches for this release.

The information for this release is as follows.
v4.19.213-cip60:
repository:
https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git
branch:
linux-4.19.y-cip
commit hash:
7f69205acfea12da63e10ba3dcad0898b5fd88e5
Fixed CVEs:
CVE-2021-20317: lib/timerqueue: Rely on rbtree semantics for next timer
CVE-2021-20321: ovl: fix missing negative dentry check in ovl_rename()
CVE-2021-41864: bpf: Fix integer overflow in prealloc_elems_and_freelist()
CVE-2021-38300: bpf, mips: Validate conditional branch offsets
added commits:
CIP: Bump version suffix to -cip60 after merge from stable

Best regards,
Nobuhiro


[isar-cip-core][PATCH 2/2] Add kconfig menu

Jan Kiszka
 

From: Jan Kiszka <jan.kiszka@siemens.com>

Use the new kas menu plugin to present available image options to the
user. This also allows to model their dependencies, specifically as not
all options are supported on all boards.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
Kconfig | 146 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
README.md | 37 ++++++++------
2 files changed, 169 insertions(+), 14 deletions(-)
create mode 100644 Kconfig

diff --git a/Kconfig b/Kconfig
new file mode 100644
index 0000000..72c75bf
--- /dev/null
+++ b/Kconfig
@@ -0,0 +1,146 @@
+mainmenu "Isar core layer of the Civil Infrastructure Platform project"
+
+config KAS_INCLUDE_MAIN
+ string
+ default "kas-cip.yml"
+
+config KAS_BUILD_SYSTEM
+ string
+ default "isar"
+
+choice
+ prompt "Target board"
+ default TARGET_QEMU_AMD64
+
+config TARGET_QEMU_AMD64
+ bool "QEMU AMD64 (x86-64)"
+
+config TARGET_SIMATIC_IPC227E
+ bool "Siemens SIMATIC IPC227E"
+
+config TARGET_QEMU_ARM64
+ bool "QEMU ARM64 (aarch64)"
+
+config TARGET_HIHOPE_RZG2M
+ bool "HopeRun HiHope-RZ/G2M"
+
+config TARGET_QEMU_ARM
+ bool "QEMU ARM (armhf)"
+
+config TARGET_BBB
+ bool "BeagleBone Black"
+
+config TARGET_IWG20D
+ bool "iWave Systems RainboW-G20D-Qseven"
+
+endchoice
+
+config KAS_INCLUDE_BOARD
+ string
+ default "kas/board/qemu-amd64.yml" if TARGET_QEMU_AMD64
+ default "kas/board/simatic-ipc227e.yml" if TARGET_SIMATIC_IPC227E
+ default "kas/board/qemu-arm64.yml" if TARGET_QEMU_ARM64
+ default "kas/board/hihope-rzg2m.yml" if TARGET_HIHOPE_RZG2M
+ default "kas/board/qemu-arm.yml" if TARGET_QEMU_ARM
+ default "kas/board/bbb.yml" if TARGET_BBB
+ default "kas/board/iwg20m.yml" if TARGET_IWG20D
+
+comment "Kernel options"
+
+choice
+ prompt "CIP kernel version"
+ default KERNEL_4_19
+
+config KERNEL_4_4
+ bool "Kernel 4.4.x-cip"
+
+config KERNEL_4_19
+ bool "Kernel 4.19.x-cip"
+
+endchoice
+
+config KAS_INCLUDE_KERNEL
+ string
+ default "kas/opt/4.4.yml"
+ depends on KERNEL_4_4
+
+config KERNEL_RT
+ bool "Real-time CIP kernel"
+
+config KAS_INCLUDE_KERNEL_RT
+ string
+ default "kas/opt/rt.yml"
+ depends on KERNEL_RT
+
+comment "Debian distribution options"
+
+choice
+ prompt "Debian Release"
+ default DEBIAN_BUSTER
+
+config DEBIAN_STRETCH
+ bool "stretch (9)"
+
+config DEBIAN_BUSTER
+ bool "buster (10)"
+
+config DEBIAN_BULLSEYE
+ bool "bullseye (11)"
+
+endchoice
+
+config KAS_INCLUDE_DEBIAN
+ string
+ default "kas/opt/stretch.yml" if DEBIAN_STRETCH
+ default "kas/opt/bullseye.yml" if DEBIAN_BULLSEYE
+
+comment "Image features"
+
+choice
+ prompt "Image formats"
+ default IMAGE_FLASH
+
+config IMAGE_FLASH
+ bool "Flashable image"
+
+config IMAGE_ARTIFACTS
+ bool "Separate artifacts for NFS boot"
+
+endchoice
+
+config KAS_INCLUDE_IMAGE_FORMAT
+ string
+ default "kas/opt/targz.yml" if IMAGE_ARTIFACTS && (TARGET_QEMU_AMD64 || TARGET_QEMU_ARM64 || TARGET_QEMU_ARM)
+ default "kas/opt/wic-targz.yml" if IMAGE_ARTIFACTS && !(TARGET_QEMU_AMD64 || TARGET_QEMU_ARM64 || TARGET_QEMU_ARM)
+
+config IMAGE_SECURITY
+ bool "Security extensions"
+
+config KAS_INCLUDE_SECURITY
+ string
+ default "kas/opt/security.yml" if IMAGE_SECURITY
+
+config IMAGE_TESTING
+ bool "Test extensions"
+
+config KAS_INCLUDE_TESTING
+ string
+ default "kas/opt/test.yml" if IMAGE_TESTING
+
+if IMAGE_FLASH
+
+config IMAGE_SWUPDATE
+ bool "SWUpdate support for root partition"
+ depends on TARGET_QEMU_AMD64 || TARGET_SIMATIC_IPC227E
+
+config IMAGE_SECURE_BOOT
+ bool "Secure boot support"
+ depends on TARGET_QEMU_AMD64
+
+config KAS_INCLUDE_SWUPDATE_SECBOOT
+ string
+ default "kas/opt/ebg-swu.yml" if IMAGE_SWUPDATE && !IMAGE_SECURE_BOOT
+ default "kas/opt/ebg-secure-boot-snakeoil.yml" if !IMAGE_SWUPDATE && IMAGE_SECURE_BOOT
+ default "kas/opt/ebg-snakeoil-swu.yml" if IMAGE_SWUPDATE && IMAGE_SECURE_BOOT
+
+endif
diff --git a/README.md b/README.md
index 537a615..d245111 100644
--- a/README.md
+++ b/README.md
@@ -18,16 +18,30 @@ Install `kas-container` from the [kas project](https://github.com/siemens/kas):
Furthermore, install docker and make sure you have required permissions to
start containers.

-To build, e.g., the QEMU AMD64 target inside Docker, invoke kas-container like
-this:
+Open up the image configuration menu and select the desired target and its
+options:

- ./kas-container build kas-cip.yml:kas/board/qemu-amd64.yml
+ ./kas-container menu

-This image can be run using `start-qemu.sh x86`.
+You can direct start the build from the menu.

-The BeagleBone Black target is selected by `... kas-cip.yml:kas/board/bbb.yml`. In
-order to build the image with the PREEMPT-RT kernel, append `:kas/opt/rt.yml` to
-the above. Append `:kas/opt/4.4.yml` to use the kernel version 4.4 instead of 4.19.
+If you prefer selecting the configuration via the command line, this builds
+the BeagleBone Black target image with real-time kernel, e.g.:
+
+ ./kas-container build kas-cip.yml:kas/board/bbb.yml:kas/opt/rt.yml
+
+
+## Running Target Images
+
+When having built a virtual QEMU target image, this can be started directly.
+Run, e.g.,
+
+ ./start-qemu.sh x86
+
+when having built a QEMU AMD64 image. A security image for QEMU can be started
+like this:
+
+ TARGET_IMAGE=cip-core-image-security ./start-qemu.sh x86

Physical targets will generate ready-to-boot images under
`build/tmp/deploy/images/`. To flash, e.g., the BeagleBone Black image to an SD
@@ -36,14 +50,9 @@ card, run
dd if=build/tmp/deploy/images/bbb/cip-core-image-cip-core-buster-bbb.wic.img \
of=/dev/<medium-device> bs=1M status=progress

-## Building Security target images
-Building images for QEMU x86-64bit machine
-
- ./kas-container build kas-cip.yml:kas/board/qemu-amd64.yml:kas/opt/security.yml
-
-Run the generated securiy images on QEMU (x86-64bit)
+or via bmap-tools

- TARGET_IMAGE=cip-core-image-security ./start-qemu.sh amd64
+ bmaptool copy build/tmp/deploy/images/bbb/cip-core-image-cip-core-buster-bbb.wic.img /dev/<medium-device>


## Community Resources
--
2.31.1


[isar-cip-core][PATCH 1/2] Update to kas 2.6

Jan Kiszka
 

From: Jan Kiszka <jan.kiszka@siemens.com>

Include paths are now repo-relative, adjust this.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
.gitlab-ci.yml | 2 +-
README.md | 2 +-
kas/opt/ebg-secure-boot-base.yml | 2 +-
kas/opt/ebg-secure-boot-snakeoil.yml | 2 +-
kas/opt/ebg-snakeoil-swu.yml | 4 ++--
kas/opt/ebg-swu.yml | 4 ++--
6 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 40bf7f5..b23090b 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,4 +1,4 @@
-image: ghcr.io/siemens/kas/kas-isar:2.5
+image: ghcr.io/siemens/kas/kas-isar:2.6

variables:
GIT_STRATEGY: clone
diff --git a/README.md b/README.md
index 32812a2..537a615 100644
--- a/README.md
+++ b/README.md
@@ -12,7 +12,7 @@ from scratch.

Install `kas-container` from the [kas project](https://github.com/siemens/kas):

- wget https://raw.githubusercontent.com/siemens/kas/2.5/kas-container
+ wget https://raw.githubusercontent.com/siemens/kas/2.6/kas-container
chmod a+x kas-container

Furthermore, install docker and make sure you have required permissions to
diff --git a/kas/opt/ebg-secure-boot-base.yml b/kas/opt/ebg-secure-boot-base.yml
index 8182bd8..8f769b6 100644
--- a/kas/opt/ebg-secure-boot-base.yml
+++ b/kas/opt/ebg-secure-boot-base.yml
@@ -12,7 +12,7 @@
header:
version: 10
includes:
- - efibootguard.yml
+ - kas/opt/efibootguard.yml

local_conf_header:
initramfs: |
diff --git a/kas/opt/ebg-secure-boot-snakeoil.yml b/kas/opt/ebg-secure-boot-snakeoil.yml
index c0ed1a2..2f45bde 100644
--- a/kas/opt/ebg-secure-boot-snakeoil.yml
+++ b/kas/opt/ebg-secure-boot-snakeoil.yml
@@ -12,7 +12,7 @@
header:
version: 10
includes:
- - ebg-secure-boot-base.yml
+ - kas/opt/ebg-secure-boot-base.yml


local_conf_header:
diff --git a/kas/opt/ebg-snakeoil-swu.yml b/kas/opt/ebg-snakeoil-swu.yml
index d613532..2f15c0e 100644
--- a/kas/opt/ebg-snakeoil-swu.yml
+++ b/kas/opt/ebg-snakeoil-swu.yml
@@ -12,5 +12,5 @@
header:
version: 10
includes:
- - ebg-secure-boot-snakeoil.yml
- - swupdate.yml
+ - kas/opt/ebg-secure-boot-snakeoil.yml
+ - kas/opt/swupdate.yml
diff --git a/kas/opt/ebg-swu.yml b/kas/opt/ebg-swu.yml
index 8c56182..e708d0a 100644
--- a/kas/opt/ebg-swu.yml
+++ b/kas/opt/ebg-swu.yml
@@ -12,5 +12,5 @@
header:
version: 10
includes:
- - efibootguard.yml
- - swupdate.yml
+ - kas/opt/efibootguard.yml
+ - kas/opt/swupdate.yml
--
2.31.1


[isar-cip-core][PATCH 0/2] kas update and menu support

Jan Kiszka
 

With kas 2.6 being released, this now allows to adopt the new "menu"
feature and make the various image flavors and options more accessible.

Quirin, please have a look if I modeled the dependencies for secure boot
and SWUpdate correctly, exposed reasonable combinations and didn't
forget something useful.

@all: Please play a bit with the options and check if you find anything
that does not work (crowd-sourced randconfig...).

Thanks,
Jan

Jan Kiszka (2):
Update to kas 2.6
Add kconfig menu

.gitlab-ci.yml | 2 +-
Kconfig | 146 +++++++++++++++++++++++++++
README.md | 39 ++++---
kas/opt/ebg-secure-boot-base.yml | 2 +-
kas/opt/ebg-secure-boot-snakeoil.yml | 2 +-
kas/opt/ebg-snakeoil-swu.yml | 4 +-
kas/opt/ebg-swu.yml | 4 +-
7 files changed, 177 insertions(+), 22 deletions(-)
create mode 100644 Kconfig

--
2.31.1


Re: New CVE entry this week

Masami Ichikawa
 

Hi !

On Thu, Oct 21, 2021 at 5:42 PM Nobuhiro Iwamatsu
<nobuhiro1.iwamatsu@toshiba.co.jp> wrote:

Hi,

-----Original Message-----
From: cip-dev@lists.cip-project.org [mailto:cip-dev@lists.cip-project.org] On Behalf Of Masami Ichikawa
Sent: Thursday, October 21, 2021 10:21 AM
To: cip-dev <cip-dev@lists.cip-project.org>
Subject: [cip-dev] New CVE entry this week

Hi !

It's this week's CVE report.

This week reported 7 new CVEs.

* New CVEs

CVE-2021-20320: kernel: s390 eBPF JIT miscompilation issues fixes.

This bug is in BPF subsystem and s390 architecture specific. Patches
haven't been backported to 4.4 kernel. However, according to the
cip-kernel-config, it looks like no one uses s390, so can it ignore it
until someone backport patches?

CVSS v3 score is not provided.

Fixed status

mainline: [db7bee653859ef7179be933e7d1384644f795f26,
6e61dc9da0b7a0d91d57c2e20b5ea4fd2d4e7e53,
1511df6f5e9ef32826f20db2ee81f8527154dc14]
stable/4.19: [ddf58efd05b5d16d86ea4638675e8bd397320930]
stable/4.9: [c22cf38428cb910f1996839c917e9238d2e44d4b,
8a09222a512bf7b32e55bb89a033e08522798299]
stable/5.10: [d92d3a9c2b6541f29f800fc2bd44620578b8f8a6,
4320c222c2ffe778a8aff5b8bc4ac33af6d54eba,
ab7cf225016159bc2c3590be6fa12965565d903b]
stable/5.14: [7a31ec4d215a800b504de74b248795f8be666f8e,
6a8787093b04057d855822094d63d04a2506444a,
a7593244dc31ad0eea70319f6110975f9c738dca]

CVE-2021-20321: kernel: In Overlayfs missing a check for a negative
dentry before calling vfs_rename()

CVSS v3 score is not provided.

A local attacker can escalate their privileges up to root via
overlayfs vulnerability.
Patch for 4.4 is applied
failed(https://lore.kernel.org/stable/163378772914820@kroah.com/). It
needs to modify the patch. I attached a patch, if it looks good, I'll
send it to the stable mailing list.
Thanks, I checked your patch. LGTM.
Thanks !

Best regards,
Nobuhiro



Regards,

--
Masami Ichikawa
Cybertrust Japan Co., Ltd.

Email :masami.ichikawa@cybertrust.co.jp
:masami.ichikawa@miraclelinux.com


Re: New CVE entry this week

Nobuhiro Iwamatsu
 

Hi,

-----Original Message-----
From: cip-dev@lists.cip-project.org [mailto:cip-dev@lists.cip-project.org] On Behalf Of Masami Ichikawa
Sent: Thursday, October 21, 2021 10:21 AM
To: cip-dev <cip-dev@lists.cip-project.org>
Subject: [cip-dev] New CVE entry this week

Hi !

It's this week's CVE report.

This week reported 7 new CVEs.

* New CVEs

CVE-2021-20320: kernel: s390 eBPF JIT miscompilation issues fixes.

This bug is in BPF subsystem and s390 architecture specific. Patches
haven't been backported to 4.4 kernel. However, according to the
cip-kernel-config, it looks like no one uses s390, so can it ignore it
until someone backport patches?

CVSS v3 score is not provided.

Fixed status

mainline: [db7bee653859ef7179be933e7d1384644f795f26,
6e61dc9da0b7a0d91d57c2e20b5ea4fd2d4e7e53,
1511df6f5e9ef32826f20db2ee81f8527154dc14]
stable/4.19: [ddf58efd05b5d16d86ea4638675e8bd397320930]
stable/4.9: [c22cf38428cb910f1996839c917e9238d2e44d4b,
8a09222a512bf7b32e55bb89a033e08522798299]
stable/5.10: [d92d3a9c2b6541f29f800fc2bd44620578b8f8a6,
4320c222c2ffe778a8aff5b8bc4ac33af6d54eba,
ab7cf225016159bc2c3590be6fa12965565d903b]
stable/5.14: [7a31ec4d215a800b504de74b248795f8be666f8e,
6a8787093b04057d855822094d63d04a2506444a,
a7593244dc31ad0eea70319f6110975f9c738dca]

CVE-2021-20321: kernel: In Overlayfs missing a check for a negative
dentry before calling vfs_rename()

CVSS v3 score is not provided.

A local attacker can escalate their privileges up to root via
overlayfs vulnerability.
Patch for 4.4 is applied
failed(https://lore.kernel.org/stable/163378772914820@kroah.com/). It
needs to modify the patch. I attached a patch, if it looks good, I'll
send it to the stable mailing list.
Thanks, I checked your patch. LGTM.

Best regards,
Nobuhiro


CIP IRC weekly meeting today on libera.chat

Jan Kiszka
 

Hi all,

Kindly be reminded to attend the weekly meeting through IRC to discuss
technical topics with CIP kernel today.

Please note that we moved from Freenode to libera.chat. Our channel is
the following:

irc:irc.libera.chat:6667/cip

Furthermore note that the IRC meeting is now scheduled to UTC (GMT) 13:00:

https://www.timeanddate.com/worldclock/meetingdetails.html?year=2021&month=10&day=21&hour=13&min=0&sec=0&p1=224&p2=179&p3=136&p4=37&p5=241&p6=248

USWest USEast UK DE TW JP
06:00 09:00 14:00 15:00 21:00 22:00

Last meeting minutes:

https://irclogs.baserock.org/meetings/cip/2021/10/cip.2021-10-14-13.01.log.html

* Action item
1. Combine root filesystem with kselftest binary - iwamatsu & alicef
2. Look into S3 artifact upload issues - patersonc
* Kernel maintenance updates
* Kernel testing
* AOB

Jan

--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux


New CVE entry this week

Masami Ichikawa
 

Hi !

It's this week's CVE report.

This week reported 7 new CVEs.

* New CVEs

CVE-2021-20320: kernel: s390 eBPF JIT miscompilation issues fixes.

This bug is in BPF subsystem and s390 architecture specific. Patches
haven't been backported to 4.4 kernel. However, according to the
cip-kernel-config, it looks like no one uses s390, so can it ignore it
until someone backport patches?

CVSS v3 score is not provided.

Fixed status

mainline: [db7bee653859ef7179be933e7d1384644f795f26,
6e61dc9da0b7a0d91d57c2e20b5ea4fd2d4e7e53,
1511df6f5e9ef32826f20db2ee81f8527154dc14]
stable/4.19: [ddf58efd05b5d16d86ea4638675e8bd397320930]
stable/4.9: [c22cf38428cb910f1996839c917e9238d2e44d4b,
8a09222a512bf7b32e55bb89a033e08522798299]
stable/5.10: [d92d3a9c2b6541f29f800fc2bd44620578b8f8a6,
4320c222c2ffe778a8aff5b8bc4ac33af6d54eba,
ab7cf225016159bc2c3590be6fa12965565d903b]
stable/5.14: [7a31ec4d215a800b504de74b248795f8be666f8e,
6a8787093b04057d855822094d63d04a2506444a,
a7593244dc31ad0eea70319f6110975f9c738dca]

CVE-2021-20321: kernel: In Overlayfs missing a check for a negative
dentry before calling vfs_rename()

CVSS v3 score is not provided.

A local attacker can escalate their privileges up to root via
overlayfs vulnerability.
Patch for 4.4 is applied
failed(https://lore.kernel.org/stable/163378772914820@kroah.com/). It
needs to modify the patch. I attached a patch, if it looks good, I'll
send it to the stable mailing list.

Fixed status

mainline: [a295aef603e109a47af355477326bd41151765b6]
stable/4.14: [1caaa820915d802328bc72e4de0d5b1629eab5da]
stable/4.19: [9d4969d8b5073d02059bae3f1b8d9a20cf023c55]
stable/4.9: [286f94453fb34f7bd6b696861c89f9a13f498721]
stable/5.10: [9763ffd4da217adfcbdcd519e9f434dfa3952fc3]
stable/5.14: [71b8b36187af58f9e67b25021f5debbc04a18a5d]
stable/5.4: [fab338f33c25c4816ca0b2d83a04a0097c2c4aaf]

CVE-2021-3847: low-privileged user privileges escalation

CVSS v3 score is not provided.

A Local attacker can escalate their privileges up to root by overlay
fs's vulnerability
(https://www.openwall.com/lists/oss-security/2021/10/14/3).

Fixed status

Not fixed yet.

CVE-2021-42252: soc: aspeed: lpc-ctrl: Fix boundary check for mmap

CVSS v3 score is not provided.

This bug has been introduced since 4.12-rc1. so all stable kernels are fixed.

Fixed status

mainline: [b49a0e69a7b1a68c8d3f64097d06dabb770fec96]
stable/4.14: [b1b55e4073d3da6119ecc41636a2994b67a2be37]
stable/4.19: [9c8891b638319ddba9cfa330247922cd960c95b0]
stable/5.10: [3fdf2feb6cbe76c6867224ed8527b356e805352c]
stable/5.14: [865f5ba9fdfc3ac6acabcac9630056ce99db600d]
stable/5.4: [2712f29c44f18db826c7e093915a727b6f3a20e4]

CVE-2021-20322: new DNS Cache Poisoning Attack based on ICMP fragment
needed packets replies

CVSS v3 score is not provided.

A flaw in the processing of the received ICMP errors (ICMP fragment
needed and ICMP redirect) in the Linux kernel functionality was found
that allows to quickly scan open UDP ports. This flaw allows an
off-path remote user to effectively bypassing source port UDP
randomization.
This flaw is similar to the previous CVE-2020-25705 (both DNS
poisoning attack based on ICMP replies for open ports scanning, but
other type of ICMP packets).

Commit 4785305c ("ipv6: use siphash in rt6_exception_hash()") fixes
35732d01 ("ipv6: introduce a hash table to store dst cache") which was
merged in 4.15-rc1.
stable/4.4 doesn't contain upstream commit 35732d01. stable/4.19
contains upstream commit 35732d01.

Commit 6457378f ("ipv4: use siphash instead of Jenkins in
fnhe_hashfun()") fixes d546c621 ("ipv4: harden fnhe_hashfun()") which
was merged in 3.18-rc1
stable/4.4 and stable/4.19 contain upstream commit d546c621.

Commit a00df2ca ("ipv6: make exception cache less predictible") fixes
35732d01 ("ipv6: introduce a hash table to store dst cache") which was
merged in 4.15-rc1.
stable/4.4 doesn't contain upstream commit 35732d01. stable/4.19
contains upstream commit 35732d01.

Commit 67d6d681 ("ipv4: make exception cache less predictible") fixes
4895c771 ("ipv4: Add FIB nexthop exceptions.") which was merged in
3.6-rc1.
stable/4.19 applied this patch at commit 3e6bd2b5. stable/4.4 applied
this patch at commit bed8941f.

Fixed status

mainline: [4785305c05b25a242e5314cc821f54ade4c18810,
6457378fe796815c973f631a1904e147d6ee33b1,
a00df2caffed3883c341d5685f830434312e4a43,
67d6d681e15b578c1725bad8ad079e05d1c48a8e]
stable/4.19: [3e6bd2b583f18da9856fc9741ffa200a74a52cba]
stable/4.4: [bed8941fbdb72a61f6348c4deb0db69c4de87aca]
stable/4.9: [f10ce783bcc4d8ea454563a7d56ae781640e7dcb]
stable/5.10: [8692f0bb29927d13a871b198adff1d336a8d2d00,
5867e20e1808acd0c832ddea2587e5ee49813874,
dced8347a727528b388f04820f48166f1e651af6,
beefd5f0c63a31a83bc5a99e6888af884745684b]
stable/5.14: [4785305c05b25a242e5314cc821f54ade4c18810,
6457378fe796815c973f631a1904e147d6ee33b1,
55938482a1461a35087c6f3051f8447662889ea8,
4589a12dcf80af31137ef202be1ff4a321707a73]

CVE-2021-42739: A buffer overflow bug is found in the firewire subsystem

CVSS v3 score is not provided.

Patches have been sent to Linux Media mailing list but it hasn't been
merged in linux-media tree nor mainline yet. According to the
cip-kernel-config repo, no CIP member uses firewire driver.

Fixed status

Not fixed yet.

CVE-2021-34866: Linux Kernel eBPF Type Confusion Privilege Escalation
Vulnerability

CVSS v3 score is not provided.

A type confusion bug is found in eBPF subsystem which can leads a
local attacker escalates their privileges via this bug.
This bug was introduced in commit 457f44363a88 ("bpf: Implement BPF
ring buffer and verifier support for it") that has been merged since
5.8-rc1. so before 5.8 kernels aren't affected by this CVE.

Fixed status

mainline: [5b029a32cfe4600f5e10e36b41778506b90fd4de]
stable/5.10: [9dd6f6d89693d8f09af53d2488afad22a8a44a57]

* Updated CVEs

CVE-2020-29374: gup: document and work around "COW can break either way" issue

This bug has been fixed since 5.8-rc1. 4.4 and 4.9 have been fixed this week.
All stable kernels are fixed.

Fixed status

mainline: [17839856fd588f4ab6b789f482ed3ffd7c403e1f]
stable/4.14: [407faed92b4a4e2ad900d61ea3831dd597640f29]
stable/4.19: [5e24029791e809d641e9ea46a1f99806484e53fc]
stable/4.4: [58facc9c7ae307be5ecffc1697552550fedb55bd]
stable/4.9: [9bbd42e79720122334226afad9ddcac1c3e6d373]
stable/5.4: [1027dc04f557328eb7b7b7eea48698377a959157]

CVE-2021-41864: bpf: Fix integer overflow in prealloc_elems_and_freelist()

4.9 and 4.19 have been fixed this week. This bug was introduced in
4.6-rc1 therefore 4.4 doesn't affect.
All stable kernels are fixed.

Fixed status

mainline: [30e29a9a2bc6a4888335a6ede968b75cd329657a]
stable/4.14: [f34bcd10c4832d491049905d25ea3f46a410c426]
stable/4.19: [078cdd572408176a3900a6eb5a403db0da22f8e0]
stable/4.9: [4fd6663eb01bc3c73143cd27fefd7b8351bc6aa6]
stable/5.10: [064faa8e8a9b50f5010c5aa5740e06d477677a89]
stable/5.14: [3a1ac1e368bedae2777d9a7cfdc65df4859f7e71]
stable/5.4: [b14f28126c51533bb329379f65de5b0dd689b13a]


Currently tracking CVEs

CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in
Bluetooth Core Specifications 4.0 through 5.2

There is no fix information.

CVE-2021-3640: UAF in sco_send_frame function

Fixed in bluetooth-next tree.

https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/net/bluetooth/sco.c?id=99c23da0eed4fd20cae8243f2b51e10e66aa0951

CVE-2020-26555: BR/EDR pin code pairing broken

No fix information

CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning

No fix information.

CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh
Provisioning Leads to MITM

No fix information.

CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning

No fix information.

CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning

No fix information.


Regards,
--
Masami Ichikawa
Cybertrust Japan Co., Ltd.

Email :masami.ichikawa@cybertrust.co.jp
:masami.ichikawa@miraclelinux.com


Re: [isar-cip-dev] [PATCH] Update efibootguard to latest release 0.9

Jan Kiszka
 

On 18.10.21 13:19, Srinuvasan A wrote:
From: Srinuvasan A <srinuvasan_a@mentor.com>

Uprevision the latest revision and tag.

Signed-off-by: Srinuvasan A <srinuvasan_a@mentor.com>
---
...fibootguard_0.8-git+isar.bb => efibootguard_0.9-git+isar.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename recipes-bsp/efibootguard/{efibootguard_0.8-git+isar.bb => efibootguard_0.9-git+isar.bb} (95%)

diff --git a/recipes-bsp/efibootguard/efibootguard_0.8-git+isar.bb b/recipes-bsp/efibootguard/efibootguard_0.9-git+isar.bb
similarity index 95%
rename from recipes-bsp/efibootguard/efibootguard_0.8-git+isar.bb
rename to recipes-bsp/efibootguard/efibootguard_0.9-git+isar.bb
index ebd848d..2817e5b 100644
--- a/recipes-bsp/efibootguard/efibootguard_0.8-git+isar.bb
+++ b/recipes-bsp/efibootguard/efibootguard_0.9-git+isar.bb
@@ -22,7 +22,7 @@ SRC_URI = "git://github.com/siemens/efibootguard.git;branch=master;protocol=http

S = "${WORKDIR}/git"

-SRCREV = "ac1685aea75fb3e3d16c0c0e4f8261a2edb63536"
+SRCREV = "c01324d0da202727eb0744c0f67a78f9c9b65c46"

PROVIDES = "${PN}"
PROVIDES += "${PN}-dev"
Thanks, applied.

Jan

--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux


Re: [isar-cip-dev] [PATCH] Update efibootguard to latest release 0.9

Srinuvasan A
 

Hi All,

                 Please merge this into cip-core to pull latest changes of efibootguard.

Thanks,
Srinuvasan.A


[isar-cip-dev] [PATCH] Update efibootguard to latest release 0.9

Srinuvasan A
 

From: Srinuvasan A <srinuvasan_a@mentor.com>

Uprevision the latest revision and tag.

Signed-off-by: Srinuvasan A <srinuvasan_a@mentor.com>
---
...fibootguard_0.8-git+isar.bb => efibootguard_0.9-git+isar.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename recipes-bsp/efibootguard/{efibootguard_0.8-git+isar.bb => efibootguard_0.9-git+isar.bb} (95%)

diff --git a/recipes-bsp/efibootguard/efibootguard_0.8-git+isar.bb b/recipes-bsp/efibootguard/efibootguard_0.9-git+isar.bb
similarity index 95%
rename from recipes-bsp/efibootguard/efibootguard_0.8-git+isar.bb
rename to recipes-bsp/efibootguard/efibootguard_0.9-git+isar.bb
index ebd848d..2817e5b 100644
--- a/recipes-bsp/efibootguard/efibootguard_0.8-git+isar.bb
+++ b/recipes-bsp/efibootguard/efibootguard_0.9-git+isar.bb
@@ -22,7 +22,7 @@ SRC_URI = "git://github.com/siemens/efibootguard.git;branch=master;protocol=http

S = "${WORKDIR}/git"

-SRCREV = "ac1685aea75fb3e3d16c0c0e4f8261a2edb63536"
+SRCREV = "c01324d0da202727eb0744c0f67a78f9c9b65c46"

PROVIDES = "${PN}"
PROVIDES += "${PN}-dev"
--
2.25.1


Re: Duplicate messages in archive

Neal Caidin
 

This should be fixed now. Please let me know if otherwise.

Thanks!

Neal

Neal Caidin
Program Manager, Program Management & Operations
The Linux Foundation
+1 (919) 238-9104 (w/h)
+1 (919) 949-1861 (m)




On Mon, Oct 4, 2021 at 8:13 AM Jan Kiszka <jan.kiszka@...> wrote:
Hi all,

did anyone already examined or reported that all messages to cip-dev now
seem to get archived twice on lore.kernel.org? See e.g.
https://lore.kernel.org/cip-dev/TYAPR01MB6252C6286EDCA87D7DB8B10892AE9@.../T/#t

They also appear twice via nntp, that's how I noticed, but are likely
not sent twice to subscribers.

Jan

--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux




Re: [isar-cip-dev] [PATCH] Update efibootguard to latest one

Quirin Gylstorff
 

On 10/14/21 11:27 AM, Srinuvasan A via lists.cip-project.org wrote:
From: Srinuvasan A <srinuvasan_a@mentor.com>
Update efibootguard to latest one.
Signed-off-by: Srinuvasan A <srinuvasan_a@mentor.com>
---
recipes-bsp/efibootguard/efibootguard_0.8-git+isar.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/recipes-bsp/efibootguard/efibootguard_0.8-git+isar.bb b/recipes-bsp/efibootguard/efibootguard_0.8-git+isar.bb
index ebd848d..4e7b9b2 100644
--- a/recipes-bsp/efibootguard/efibootguard_0.8-git+isar.bb
+++ b/recipes-bsp/efibootguard/efibootguard_0.8-git+isar.bb
@@ -22,7 +22,7 @@ SRC_URI = "git://github.com/siemens/efibootguard.git;branch=master;protocol=http
S = "${WORKDIR}/git"
-SRCREV = "ac1685aea75fb3e3d16c0c0e4f8261a2edb63536"
+SRCREV = "66d78b8d96e80caaf20007f08b5ca720de628d49"

Why do you need to update to a non released version of efibootguard?

Until now we used only tag version in this recipe.

Quirin
PROVIDES = "${PN}"
PROVIDES += "${PN}-dev"


Re: New CVE entry this week

Pavel Machek
 

Hi!

* New CVEs

CVE-2021-0935: bug is in ipv6 and l2tp code.

This CVE addresses two commits, one in the ipv6 stack and the other in l2tp.
There is two introduced commits one is 85cb73f ("net: ipv6: reset
daddr and dport in sk if connect() fails") was merged in 4.12 and the
other commit 3557baa ("[L2TP]: PPP over L2TP driver core") was merged
in 2.6.23-rc1.

Fixed commits have been merged since 4.16-rc7 so 4.16 or later kernels
don't affect this vulnerability.

Commit 2f987a76("net: ipv6: keep sk status consistent after datagram
connect failure") fixes 85cb73f and commit b954f940("l2tp: fix races
with ipv4-mapped ipv6 addresses") fixes commit 3557baa.

To apply patches to 4.4, it needs to fix conflicts.

CVSS v3 score is not provided.

Fixed status

mainline: [2f987a76a97773beafbc615b9c4d8fe79129a7f4,
b954f94023dcc61388c8384f0f14eb8e42c863c5]
stable/4.4: not fixed yet
Others are fixed, but this one may be worth watching. Fortunately it
is not remote attack, AFAICT.

Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany


CIP IRC weekly meeting today on libera.chat

Jan Kiszka
 

Hi all,

Kindly be reminded to attend the weekly meeting through IRC to discuss
technical topics with CIP kernel today.

Please note that we moved from Freenode to libera.chat. Our channel is
the following:

irc:irc.libera.chat:6667/cip

Furthermore note that the IRC meeting is now scheduled to UTC (GMT) 13:00:

https://www.timeanddate.com/worldclock/meetingdetails.html?year=2021&month=10&day=14&hour=13&min=0&sec=0&p1=224&p2=179&p3=136&p4=37&p5=241&p6=248

USWest USEast UK DE TW JP
06:00 09:00 14:00 15:00 21:00 22:00

Last meeting minutes:

https://irclogs.baserock.org/meetings/cip/2021/10/cip.2021-10-07-13.01.log.html

* Action item
1. Combine root filesystem with kselftest binary - iwamatsu & alicef
2. Document new LAVA domains in wiki - patersonc
3. Look into S3 artifact upload issues - patersonc
* Kernel maintenance updates
* Kernel testing
* AOB

Jan

--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux


New CVE entry this week

Masami Ichikawa
 

Hi !

It's this week's CVE report.

This week reported 4 new CVEs.

* New CVEs

CVE-2021-0935: bug is in ipv6 and l2tp code.

This CVE addresses two commits, one in the ipv6 stack and the other in l2tp.
There is two introduced commits one is 85cb73f ("net: ipv6: reset
daddr and dport in sk if connect() fails") was merged in 4.12 and the
other commit 3557baa ("[L2TP]: PPP over L2TP driver core") was merged
in 2.6.23-rc1.

Fixed commits have been merged since 4.16-rc7 so 4.16 or later kernels
don't affect this vulnerability.

Commit 2f987a76("net: ipv6: keep sk status consistent after datagram
connect failure") fixes 85cb73f and commit b954f940("l2tp: fix races
with ipv4-mapped ipv6 addresses") fixes commit 3557baa.

To apply patches to 4.4, it needs to fix conflicts.

CVSS v3 score is not provided.

Fixed status

mainline: [2f987a76a97773beafbc615b9c4d8fe79129a7f4,
b954f94023dcc61388c8384f0f14eb8e42c863c5]
stable/4.14: [a8f02befc87d6f1a882c9b14a31bcfa1fbd3d430,
b0850604cc5dac60754cc2fcdf7d2ca97a68a4dc]
stable/4.19: [2f987a76a97773beafbc615b9c4d8fe79129a7f4,
b954f94023dcc61388c8384f0f14eb8e42c863c5]
stable/4.4: not fixed yet
stable/4.9: [c49f30b2979bfc8701620e598558f29a48e07234,
535ef684ec6079bccc2037c76bc607d29dca05dc]
stable/5.10: [2f987a76a97773beafbc615b9c4d8fe79129a7f4,
b954f94023dcc61388c8384f0f14eb8e42c863c5]
stable/5.4: [2f987a76a97773beafbc615b9c4d8fe79129a7f4,
b954f94023dcc61388c8384f0f14eb8e42c863c5]

CVE-2021-0937: netfilter: x_tables: fix compat match/target pad
out-of-bound write

This vulnerability was introduced since 4.6.19-rc1 and fixed in
5.12-rc8. All stable kernels are already fixed.

CVSS v3 score is not provided.

Fixed status

mainline: [b29c457a6511435960115c0f548c4360d5f4801d]
stable/4.14: [522a0191944e3db9c30ade5fa6b6ec0d7c42f40d]
stable/4.19: [12ec80252edefff00809d473a47e5f89c7485499]
stable/4.4: [b0d98b2193a38ef93c92e5e1953d134d0f426531]
stable/4.9: [0c58c9f9c5c5326320bbe0429a0f45fc1b92024b]
stable/5.10: [1f3b9000cb44318b0de40a0f495a5a708cd9be6e]
stable/5.4: [cc59b872f2e1995b8cc819b9445c1198bfe83b2d]


CVE-2021-0938: compiler.h: fix barrier_data() on clang

This bug was introduced in 4.19-rc1 and fixed in 5.10-rc4. so all
stable kernels are fixed.
If kernel was built from clang, this bug will be affected.

CVSS v3 score is not provided.

Fixed status

mainline: [3347acc6fcd4ee71ad18a9ff9d9dac176b517329]
stable/4.14: not affect
stable/4.19: [b207caff4176e3a6ba273243da2db2e595e4aad2]
stable/4.4: not affect
stable/4.9: not affect
stable/5.10: not affect
stable/5.4: [c2c5dc84ac51da90cadcb12554c69bdd5ac7aeeb]

CVE-2021-0941: bpf: Remove MTU check in __bpf_skb_max_len

CVSS v3 score is not provided.

This bug is fixed in v5.12-rc1-dontuse. The kernel 4.4 doesn't contain
__bpf_skb_max_len() so 4.4 may not affect this vulnerability. The
__bpf_skb_max_len() was introduced since 4.13-rc1 commit
2be7e212("bpf: add bpf_skb_adjust_room helper
").

Fixed status.

mainline: [6306c1189e77a513bf02720450bb43bd4ba5d8ae]
stable/4.14: [64cf6c3156a5cbd9c29f54370b801b336d2f7894]
stable/4.19: [8c1a77ae15ce70a72f26f4bb83c50f769011220c]
stable/4.4: not affect
stable/4.9: [1636af9e8a8840f5696ad2c01130832411986af4]
stable/5.10: [fd38d4e6757b6b99f60314f67f44a286f0ab7fc0]
stable/5.4: [42c83e3bca434d9f63c58f9cbf2881e635679fee]

* Updated CVEs

CVE-2021-3744: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
CVE-2021-3764: DoS in ccp_run_aes_gcm_cmd() function

CVE-2021-3744 and CVE-2021-3764 are fixed by commit 505d9dcb("crypto:
ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
"). Both vulnerabilities were in ccp_run_aes_gcm_cmd() which has been
introduced since 4.12-rc1. Therefore before 4.12 kernels aren't
affected this vulnerability.

Fixed status

mainline: [505d9dcb0f7ddf9d075e729523a33d38642ae680]
stable/4.14: [3707e37b3fcef4d5e9a81b9c2c48ba7248051c2a]
stable/4.19: [710be7c42d2f724869e5b18b21998ceddaffc4a9]
stable/4.4: not affect
stable/4.9: not affect
stable/5.10: [17ccc64e4fa5d3673528474bfeda814d95dc600a]
stable/5.14: [e450c422aa233e9f80515f2ee9164e33f158a472]
stable/5.4: [24f3d2609114f1e1f6b487b511ce5fa36f21e0ae]

CVE-2021-41864: bpf: Fix integer overflow in prealloc_elems_and_freelist()

This bug was introduced in 4.6-rc1 so that 4.4 isn't affected this bug.
4.19, 5.10, 5.14, and 5.4 have been fixed this week.
Patch to 4.14 can be applied by git am without any modification. Patch
to 4.9 can be applied by 3-way merge.

Fixed status

mainline: [30e29a9a2bc6a4888335a6ede968b75cd329657a]
stable/4.14: not fixed yet
stable/4.19: [078cdd572408176a3900a6eb5a403db0da22f8e0]
stable/4.4: not affect
stable/4.14: not fixed yet
stable/5.10: [064faa8e8a9b50f5010c5aa5740e06d477677a89]
stable/5.14: [3a1ac1e368bedae2777d9a7cfdc65df4859f7e71]
stable/5.4: [b14f28126c51533bb329379f65de5b0dd689b13a]

Currently tracking CVEs

CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in
Bluetooth Core Specifications 4.0 through 5.2

There is no fix information.

CVE-2021-3640: UAF in sco_send_frame function

Fixed in bluetooth-next tree.

https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/net/bluetooth/sco.c?id=99c23da0eed4fd20cae8243f2b51e10e66aa0951

CVE-2020-26555: BR/EDR pin code pairing broken

No fix information

CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning

No fix information.

CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh
Provisioning Leads to MITM

No fix information.

CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning

No fix information.

CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning

No fix information.


Regards,
--
Masami Ichikawa
Cybertrust Japan Co., Ltd.

Email :masami.ichikawa@cybertrust.co.jp
:masami.ichikawa@miraclelinux.com

221 - 240 of 7061