Date   

CIP IRC weekly meeting today on libera.chat

Jan Kiszka
 

Hi all,

Kindly be reminded to attend the weekly meeting through IRC to discuss
technical topics with CIP kernel today.

Please note that we moved from Freenode to libera.chat. Our channel is
the following:

irc:irc.libera.chat:6667/cip

Furthermore note that the IRC meeting is now scheduled to UTC (GMT) 13:00:

https://www.timeanddate.com/worldclock/meetingdetails.html?year=2021&month=9&day=9&hour=13&min=0&sec=0&p1=224&p2=179&p3=136&p4=37&p5=241&p6=248

USWest USEast UK DE TW JP
06:00 09:00 14:00 15:00 21:00 22:00

Last meeting minutes:

https://irclogs.baserock.org/meetings/cip/2021/09/cip.2021-09-02-13.00.log.html

* Action item
1. Combine root filesystem with kselftest binary - iwamatsu & alicef

* Kernel maintenance updates
* Kernel testing
* AOB

Jan

--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux


Re: New CVE entry this week

Pavel Machek
 

Hi!

CVE-2021-3759: memcg: charge semaphores and sem_undo objects

This causes DoS attack. Patch was merged into mainline this week.

for 4.19, it needs modify or apply following patches to apply commit
18319498fdd4.
I don't think we need to care about this one. Embedded systems don't
usually run untrusted code...

CVE-2021-40490: A race condition was discovered in
ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem
in the Linux kernel through 5.13.13.
This is already queued to 4.4 and 4.19; we can simply wait.

CVE-2021-38198: KVM: X86: MMU: Use the correct inherited permissions
to get shadow page

4.14 has been fixed this week.

mainline: [b1bd5cba3306691c771d558e94baa73e8b0b96b7]
stable/4.14: [cea9e8ee3b8059bd2b36d68f1f428d165e5d13ce]
KVM. Tricky code and not exactly focus on CIP code. But perhaps
someone fixes it for us :-).

Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany


New CVE entry this week

Masami Ichikawa
 

Hi !

It's this week's CVE report.

This week reported 3 new CVEs. These CVEs have been fixed in mainline
and some stable kernels.

* New CVEs

CVE-2021-3715: kernel: use-after-free in route4_change() in
net/sched/cls_route.c

This vulnerability was introduced in 3.18-rc1 and fixed in 5.6.
Therefore 5.6 or later kernels aren't affect this vulnerability.

Fixed status

cip/4.19: [ea3d6652c240978736a91b9e85fde9fee9359be4]
cip/4.19-rt: [ea3d6652c240978736a91b9e85fde9fee9359be4]
cip/4.4: [7518af6464b47a0d775173570c3d25f699da2a5e]
cip/4.4-rt: [7518af6464b47a0d775173570c3d25f699da2a5e]
mainline: [ef299cc3fa1a9e1288665a9fdc8bff55629fd359]
stable/4.14: [f0c92f59cf528bc1b872f2ca91b01e128a2af3e6]
stable/4.19: [ea3d6652c240978736a91b9e85fde9fee9359be4]
stable/4.4: [7518af6464b47a0d775173570c3d25f699da2a5e]
stable/4.9: [97a8e7afaee8fc4f08662cf8e4f495b87874aa91]
stable/5.4: [ff28c6195814bdbd4038b08d39e40f8d65d2025e]

CVE-2021-3759: memcg: charge semaphores and sem_undo objects

This causes DoS attack. Patch was merged into mainline this week.

for 4.19, it needs modify or apply following patches to apply commit
18319498fdd4.

4a2ae92993be24ba727faa733e99d7980d389ec0: ipc/sem.c: replace
kvmalloc/memset with kvzalloc and use struct_size
bc8136a543aa839a848b49af5e101ac6de5f6b27: ipc: use kmalloc for
msg_queue and shmid_kernel
fc37a3b8b4388e73e8e3525556d9f1feeb232bb9: ipc sem: use kvmalloc for
sem_undo allocation

for 4.4, need to modify the patch.

Fixed status

mainline: [18319498fdd4cdf8c1c2c48cd432863b1f915d6f]

CVE-2021-40490: A race condition was discovered in
ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem
in the Linux kernel through 5.13.13.

Commit a54c4613dac1 fixes f19d5870cbf72d4cb2a8e1f749dff97af99b071e
which has been merged into 3.8-rc1.

Fixed status

mainline: [a54c4613dac1500b40e4ab55199f7c51f028e848]
stable/5.10: [09a379549620f122de3aa4e65df9329976e4cdf5]
stable/5.13: [c764e8fa4491da66780fcb30a0d43bfd3fccd12c]
stable/5.14: [f8ea208b3fbbc0546d71b47e8abaf98b0961dec1]

* Updated CVEs

CVE-2021-3542: media: firewire: firedtv-avc: fix a buffer overflow in
avc_ca_pmt()

Patch has been sent to linux-media list
(https://lore.kernel.org/linux-media/20210816072721.GA10534@kili/).
btw, no cip member enables DVB_FIREDTV.

Fixed status

Not fixed in mainline yet.

CVE-2021-3640: UAF in sco_send_frame function

According to the SUSE
bugzilla(https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=99c23da0eed4fd20cae8243f2b51e10e66aa0951
), patch has been merged into bluetooth-next tree as of 2021/09/03.

Fixed status

Not fixed in mainline yet.


CVE-2021-3739: btrfs: fix NULL pointer dereference when deleting
device by invalid id

This vulnerability is not affected before 4.20-rc1.

Fixed status

mainline: [e4571b8c5e9ffa1e85c0c671995bd4dcc5c75091]
stable/5.10: [c43add24dffdbac269d5610465ced70cfc1bad9e]
stable/5.13: [301aabe0239f227818622096be7e180fcdbedf80]
stable/5.14: [734dabfb6918d399024063c9db9093a83f804ce5]
stable/5.4: [d7f7eca72ecc08f0bb6897fda2290293fca63068]


CVE-2021-3753: vt_kdsetmode: extend console locking

A out-of-bounds caused by the race of KDSETMODE in VT.

Fixed status

mainline: [2287a51ba822384834dafc1c798453375d1107c7]
stable/4.14: [3f488313d96fc6512a4a0fe3ed56cce92cbeec94]
stable/4.19: [0776c1a20babb4ad0b7ce7f2f4e0806a97663187]
stable/4.4: [01da584f08cbb1e04f22796cc49b10d570cd5ec1]
stable/4.9: [755a2f40dda2d6b2e3b8624cb052e68947ee4d1f]
stable/5.10: [60d69cb4e60de0067e5d8aecacd86dfe92a5384a]
stable/5.13: [a5dfcf3d8ecc549f8dc324ab6caf9dd14de87986]
stable/5.14: [acf3c7b4fae092e7f5c170bc8a0fe2ead9b2a320]
stable/5.4: [f4418015201bdca0cd4e28b363d88096206e4ad0]


CVE-2021-3743: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c

The Qualcomm's IPC router protocol(qrtr) has been introduced since
4.15-rc1 so before 4.15 kernels aren't affected.

Fixed status

mainline: [7e78c597c3ebfd0cb329aa09a838734147e4f117]
stable/4.19: [ce7d8be2eaa4cab3032e256d154d1c33843d2367]
stable/5.10: [ad41706c771a038e9a334fa55216abd69b32bfdf]
stable/5.13: [d6060df9b53ab8098c954aac9acbacef6915e42a]
stable/5.4: [a6b049aeefa880a8bd7b1ae3a8804bda1e8b077e]

CVE-2021-38198: KVM: X86: MMU: Use the correct inherited permissions
to get shadow page

4.14 has been fixed this week.

mainline: [b1bd5cba3306691c771d558e94baa73e8b0b96b7]
stable/4.14: [cea9e8ee3b8059bd2b36d68f1f428d165e5d13ce]
stable/4.19: [4c07e70141eebd3db64297515a427deea4822957]
stable/5.10: [6b6ff4d1f349cb35a7c7d2057819af1b14f80437]
stable/5.4: [d28adaabbbf4a6949d0f6f71daca6744979174e2]

CVE-2021-3444: bpf: Fix truncation handling for mod32 dst reg wrt zero

The vulnerability has been introduced since 4.15-rc9. 4.4 is not affected.
4.19 has been fixed in this week.

Fixed status

mainline: [9b00f1b78809309163dda2d044d9e94a3c0248a3]
stable/4.19: [39f74b7c81cca139c05757d9c8f9d1e35fbbf56b]
stable/5.10: [3320bae8c115863b6f17993c2b7970f7f419da57]
stable/5.11: [55c262ea5d0f754648cd25aa73de081adaab07d9]
stable/5.4: [185c2266c1df80bec001c987d64cae2d9cd13816]

CVE-2021-3600: eBPF 32-bit source register truncation on div/mod

The vulnerability has been introduced since 4.15-rc9. 4.4 is not affected.
4.19 has been fixed in this week.We have been tracking this
vulnerability since Aug to watch 4.19 to be fixed, and now it is
finally fixed.

Fixed status

mainline: [e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90]
stable/4.19: [1d16cc210fabd0a7ebf52d3025f81c2bde054a90]
stable/5.10: [1d16cc210fabd0a7ebf52d3025f81c2bde054a90]
stable/5.4: [78e2f71b89b22222583f74803d14f3d90cdf9d12]

CVE-2021-3655: missing size validations on inbound SCTP packets

cip/4.4, cip/4.19, cip/4.4-rt, cip/4.19-rt, stable/4.14, and
stable/5.4 have been fixed this week.

Fixed status

mainline: [0c5dc070ff3d6246d22ddd931f23a6266249e3db,
50619dbf8db77e98d821d615af4f634d08e22698,
b6ffe7671b24689c09faa5675dd58f93758a97ae,
ef6c8d6ccf0c1dccdda092ebe8782777cd7803c9]
stable/4.19: [c7a03ebace4f9cd40d9cd9dd5fb2af558025583c,
dd16e38e1531258d332b0fc7c247367f60c6c381]
cip/4.19: [c7a03ebace4f9cd40d9cd9dd5fb2af558025583c,
dd16e38e1531258d332b0fc7c247367f60c6c381]
cip/4.19-rt: [c7a03ebace4f9cd40d9cd9dd5fb2af558025583c,
dd16e38e1531258d332b0fc7c247367f60c6c381]
stable/4.4: [48cd035cad5b5fad0648aa8294c4223bedb166dd]
cip/4.4: [48cd035cad5b5fad0648aa8294c4223bedb166dd]
cip/4.4-rt: [48cd035cad5b5fad0648aa8294c4223bedb166dd]
stable/4.9: [c7da1d1ed43a6c2bece0d287e2415adf2868697e]
stable/5.10: [d4dbef7046e24669278eba4455e9e8053ead6ba0,
6ef81a5c0e22233e13c748e813c54d3bf0145782]
stable/4.14: [f01bfaea62d14938ff2fbeaf67f0afec2ec64ab9,
d890768c1ed6688ca5cd54ee37a69d90ea8c422f]
stable/5.4: [03a5e454614dc095a70d88c85ac45ba799c79971,
a01745edc1c95ff53e261c493f15bb43b1338003]

Currently tracking CVEs

CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in
Bluetooth Core Specifications 4.0 through 5.2

There is no fix information.

CVE-2021-3640: UAF in sco_send_frame function

There is no fix information.

CVE-2020-26555: BR/EDR pin code pairing broken

There is no fix information

CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning

No fix information.

CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh
Provisioning Leads to MITM

No fix information.

CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning

No fix information.

CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning

No fix information.

Other topics.

About cve.mitre.org

CVE Website Transitioning to New Web Address – “CVE.ORG”
https://cve.mitre.org/news/archives/2021/news.html#September022021_CVE_Website_Transitioning_to_New_Web_Address_-_CVE.ORG

Regards,

--
Masami Ichikawa
Cybertrust Japan Co., Ltd.

Email :masami.ichikawa@cybertrust.co.jp
:masami.ichikawa@miraclelinux.com


FW: KernelCI Hackfest #2 - Sept 6-10 2021

Chris Paterson
 

FYI

Link to original message without annoying safelinks: https://lore.kernel.org/lkml/259a2ea9-63da-b5df-3496-676c2b76700b@collabora.com/

Kind regards, Chris

-----Original Message-----
From: kernelci@groups.io <kernelci@groups.io> On Behalf Of Guillaume Tucker via groups.io
Sent: 02 September 2021 21:23
To: kernelci@groups.io
Cc: kernelci-members <kernelci-members@groups.io>; automated-testing@lists.yoctoproject.org; Collabora Kernel ML <kernel@collabora.com>; linux-kernel@vger.kernel.org; Jesse Barnes <jsbarnes@google.com>; Summer Wang <wangsummer@google.com>; linux-kselftest@vger.kernel.org; workflows@vger.kernel.org; kunit-dev@googlegroups.com; clang-built-linux <clang-built-linux@googlegroups.com>
Subject: Re: KernelCI Hackfest #2 - Sept 6-10 2021

On 02/08/2021 10:00, Guillaume Tucker wrote:
The first KernelCI hackfest[1] early June was successful in getting
a number of kernel developers to work alongside the core KernelCI
team. Test coverage was increased in particular with kselftest,
LTP, KUnit and a new test suite for libcamera. We're now improving
documentation and tooling to make it easier for anyone to get
started. Find out more about KernelCI on https://jpn01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fkernelci.org%2F&;data=04%7C01%7Cchris.paterson2%40renesas.com%7C40b772cad9334f95da9b08d96e4f817e%7C53d82571da1947e49cb4625a166a4a2a%7C0%7C0%7C637662110028350236%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=iIHFXGomNuCK3P0HrOhisyVXHrdtecW8wKCxl5pR20M%3D&amp;reserved=0.

The second hackfest is scheduled for the 6th-10th September. It
should be a good opportunity to start discussing and working on
upstream kernel testing topics ahead of the Linux Plumbers
Conference[2].
Please find below some extra information for the KernelCI
Hackfest which is taking place next week. We're expecting at
least some contributors from the Civil Infrastructure Platform
project, the Google Chrome OS kernel team, Collabora kernel
developers and a few more from the wider Linux kernel community.

If you need any direct support, please reply to this email or ask
on kernelci.slack.com or IRC #kernelci (libera.chat).


Here's the project board where anyone can already add some ideas:

https://jpn01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Forgs%2Fkernelci%2Fprojects%2F5&;data=04%7C01%7Cchris.paterson2%40renesas.com%7C40b772cad9334f95da9b08d96e4f817e%7C53d82571da1947e49cb4625a166a4a2a%7C0%7C0%7C637662110028350236%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=caRm3FAsB7Dbgr9eQrFvPIOG0NIVJgg%2BUOh5Jxh%2F5Dg%3D&amp;reserved=0
In order to add an issue to the workboard, please first create
one in a KernelCI GitHub repository such as kernelci-core:

https://jpn01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fkernelci%2Fkernelci-core%2Fissues&;data=04%7C01%7Cchris.paterson2%40renesas.com%7C40b772cad9334f95da9b08d96e4f817e%7C53d82571da1947e49cb4625a166a4a2a%7C0%7C0%7C637662110028350236%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=tbQmPdA4sJrRLpDSp3ExMS9ZiEVYgk%2BoPdylxe7zCNU%3D&amp;reserved=0

Each contributor to the hackfest should be added to the
KernelCI "hackers" team, which has permission to edit the
workboard. If you aren't part of this team yet, please ask and
you'll be invited.

Note: Having a GitHub account is not mandatory for taking part in
the hackfest. It's mainly there to facilitate coordination, even
though it is required in order to contribute to the KernelCI
GitHub repositories. Contributions as part of the hackfest may
also be in the kernel tree such as improvements to kselftest,
KUnit or bug fixes, or other test suites such as LTP etc.


The hackfest features:

* Daily open hours online using Big Blue Button to discuss things
and get support from the KernelCI team

* KernelCI team members available across most time zones to provide
quick feedback

* A curated list of topics and a project board to help set
objectives and coordinate efforts between all contributors
Please see the table below with the proposed daily open hours to
accommodate most time zones:

Region Zone Time 1 Time 2
East Asia GMT+10 17:00-19:00 03:00-05:00
Europe GMT+2 09:00-11:00 19:00-21:00
UTC 07:00-09:00 17:00-19:00
West America GMT-7 00:00-02:00 10:00-12:00


They will be held as a Big Blue Button virtual conference with
the same URL as the last hackfest. It's not being shared
publicly to avoid any potential abuse, so please ask if you don't
have it already.

On Monday, the focus should be put on getting started and
reviewing the backlog on the hackfest workboard to distribute
things among people or help new contributors find topics suitable
for them. Open hours are otherwise opportunities to get more
direct support from the KernelCI team or discuss any topic.

See you there!

Best wishes,
Guillaume

[1] https://jpn01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffoundation.kernelci.org%2Fblog%2F2021%2F06%2F24%2Fthe-first-ever-kernelci-hackfest%2F&;data=04%7C01%7Cchris.paterson2%40renesas.com%7C40b772cad9334f95da9b08d96e4f817e%7C53d82571da1947e49cb4625a166a4a2a%7C0%7C0%7C637662110028350236%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=OVrrOfoO%2B2nR9RKQpw30D54Dq%2F1Ucyof9fC9sPwbcLI%3D&amp;reserved=0
[2] https://jpn01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linuxplumbersconf.org%2Fevent%2F11%2Fpage%2F104-accepted-microconferences%23cont-test&;data=04%7C01%7Cchris.paterson2%40renesas.com%7C40b772cad9334f95da9b08d96e4f817e%7C53d82571da1947e49cb4625a166a4a2a%7C0%7C0%7C637662110028350236%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=%2F3TpKlnnvfOnK6laB1pwXsJHL6lycG4wMg03Ar%2BIYJ0%3D&amp;reserved=0


Re: New CVE entry this week

Masami Ichikawa
 

Hi !

On Thu, Sep 2, 2021 at 3:28 PM Pavel Machek <pavel@denx.de> wrote:

Hi!

* CVE short summary
These summaries are not so short; I simply skip them and go to full
list. Perhaps they don't need to be included, or could include only
CVEs where we need to take an action?
Thank you for the comment.
This weekly report mail contains full list which are new CVEs, updated
CVEs, and currently tracking CVEs, so summary can be removed or make
it simple I think.
I'll write a new summary style that includes CVEs which we need to take care of.

* CVE detail

New CVEs

CVE-2021-3739: btrfs: fix NULL pointer dereference when deleting
device by invalid id

Fixed in btrfs tree but not fixed in mainline yet.
This vulnerability has been introduced since 4.20-rc1 so before 4.20
kernel aren't affected this vulnerability.

Fixed status

mainline: [e4571b8c5e9ffa1e85c0c671995bd4dcc5c75091]
This one is queued for 5.10.62, so this is getting fixed for us.

CVE-2021-3743: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c

The Qualcomm's IPC router protocol(qrtr) has been introduced since
4.15-rc1 so before 4.15 kernels aren't affected.
Checked on cip-kernel-config, it looks like no CIP member enables QRTR.

Fixed status

mainline: [7e78c597c3ebfd0cb329aa09a838734147e4f117]
Fixes are queued for 4.19 and 5.10.62, so this is getting fixed for us.

CVE-2021-3753: A out-of-bounds caused by the race of KDSETMODE in vt

Commit ffb324e6f874121f7dce5bdae5e05d02baae7269 introduced race
condition and oob bug. The commit ffb324e6f874 have been backported to
4.4 and 4.19.
Agreed, fixed in 4.19.192 and 4.4.270. Nothing for us to do there.

Updated CVEs

CVE-2020-3702: Specifically timed and handcrafted traffic can cause
internal errors in a WLAN device that lead to improper layer 2 Wi-Fi
encryption with a consequent possibility of information disclosure
over the air for a discrete set of traffic

Vulnerability in ath9k driver. 4.4.y-cip/arm/siemens_imx6_defconfig
and 4.4.y-cip/arm/moxa_mxc_defconfig use ath9k.
Fixed in 4.14 but not 4.4.

stable/4.14: [2cbb22fd4b4fb4d0822d185bf5bd6d027107bfda,
20e7de09cbdb76a38f28fb71709fae347123ddb7,
995586a56748c532850870523d3a9080492b3433,
f4d4f4473129e9ee55b8562250adc53217bad529,
61b014a8f8de02bedc56f76620170437f5638588]
Diffstat looks like this:

key.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
main.c | 5 +++++
1 file changed, 5 insertions(+)
ath.h | 1 +
key.c | 4 ++--
2 files changed, 3 insertions(+), 2 deletions(-)
ath.h | 2 +-
ath5k/mac80211-ops.c | 2 +-
ath9k/htc_drv_main.c | 2 +-
ath9k/main.c | 5 ++---
key.c | 34 +++++++++++++++++-----------------
5 files changed, 22 insertions(+), 23 deletions(-)
hw.h | 1
main.c | 87 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
2 files changed, 87 insertions(+), 1 deletion(-)

Best regards,
Pavel

--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany


Regards,
--
Masami Ichikawa
Cybertrust Japan Co., Ltd.

Email :masami.ichikawa@cybertrust.co.jp
:masami.ichikawa@miraclelinux.com


Re: New CVE entry this week

Nobuhiro Iwamatsu
 

Hi,

-----Original Message-----
From: cip-dev@lists.cip-project.org [mailto:cip-dev@lists.cip-project.org] On Behalf Of Pavel Machek
Sent: Thursday, September 2, 2021 3:28 PM
To: cip-dev@lists.cip-project.org
Subject: Re: [cip-dev] New CVE entry this week

Hi!

* CVE short summary
These summaries are not so short; I simply skip them and go to full
list. Perhaps they don't need to be included, or could include only
CVEs where we need to take an action?

* CVE detail

New CVEs

CVE-2021-3739: btrfs: fix NULL pointer dereference when deleting
device by invalid id

Fixed in btrfs tree but not fixed in mainline yet.
This vulnerability has been introduced since 4.20-rc1 so before 4.20
kernel aren't affected this vulnerability.

Fixed status

mainline: [e4571b8c5e9ffa1e85c0c671995bd4dcc5c75091]
This one is queued for 5.10.62, so this is getting fixed for us.

CVE-2021-3743: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c

The Qualcomm's IPC router protocol(qrtr) has been introduced since
4.15-rc1 so before 4.15 kernels aren't affected.
Checked on cip-kernel-config, it looks like no CIP member enables QRTR.

Fixed status

mainline: [7e78c597c3ebfd0cb329aa09a838734147e4f117]
Fixes are queued for 4.19 and 5.10.62, so this is getting fixed for us.

CVE-2021-3753: A out-of-bounds caused by the race of KDSETMODE in vt

Commit ffb324e6f874121f7dce5bdae5e05d02baae7269 introduced race
condition and oob bug. The commit ffb324e6f874 have been backported to
4.4 and 4.19.
Agreed, fixed in 4.19.192 and 4.4.270. Nothing for us to do there.

Updated CVEs

CVE-2020-3702: Specifically timed and handcrafted traffic can cause
internal errors in a WLAN device that lead to improper layer 2 Wi-Fi
encryption with a consequent possibility of information disclosure
over the air for a discrete set of traffic

Vulnerability in ath9k driver. 4.4.y-cip/arm/siemens_imx6_defconfig
and 4.4.y-cip/arm/moxa_mxc_defconfig use ath9k.
Fixed in 4.14 but not 4.4.

stable/4.14: [2cbb22fd4b4fb4d0822d185bf5bd6d027107bfda,
20e7de09cbdb76a38f28fb71709fae347123ddb7,
995586a56748c532850870523d3a9080492b3433,
f4d4f4473129e9ee55b8562250adc53217bad529,
61b014a8f8de02bedc56f76620170437f5638588]
Diffstat looks like this:

key.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
main.c | 5 +++++
1 file changed, 5 insertions(+)
ath.h | 1 +
key.c | 4 ++--
2 files changed, 3 insertions(+), 2 deletions(-)
ath.h | 2 +-
ath5k/mac80211-ops.c | 2 +-
ath9k/htc_drv_main.c | 2 +-
ath9k/main.c | 5 ++---
key.c | 34 +++++++++++++++++-----------------
5 files changed, 22 insertions(+), 23 deletions(-)
hw.h | 1
main.c | 87 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
2 files changed, 87 insertions(+), 1 deletion(-)
I checked the patch application and build at hand.
We can backport without any changes to 4.4 tree. But I don't have this device, so I can't confirm the working.


Best regards,
Nobuhiro


Re: New CVE entry this week

Pavel Machek
 

Hi!

* CVE short summary
These summaries are not so short; I simply skip them and go to full
list. Perhaps they don't need to be included, or could include only
CVEs where we need to take an action?

* CVE detail

New CVEs

CVE-2021-3739: btrfs: fix NULL pointer dereference when deleting
device by invalid id

Fixed in btrfs tree but not fixed in mainline yet.
This vulnerability has been introduced since 4.20-rc1 so before 4.20
kernel aren't affected this vulnerability.

Fixed status

mainline: [e4571b8c5e9ffa1e85c0c671995bd4dcc5c75091]
This one is queued for 5.10.62, so this is getting fixed for us.

CVE-2021-3743: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c

The Qualcomm's IPC router protocol(qrtr) has been introduced since
4.15-rc1 so before 4.15 kernels aren't affected.
Checked on cip-kernel-config, it looks like no CIP member enables QRTR.

Fixed status

mainline: [7e78c597c3ebfd0cb329aa09a838734147e4f117]
Fixes are queued for 4.19 and 5.10.62, so this is getting fixed for us.

CVE-2021-3753: A out-of-bounds caused by the race of KDSETMODE in vt

Commit ffb324e6f874121f7dce5bdae5e05d02baae7269 introduced race
condition and oob bug. The commit ffb324e6f874 have been backported to
4.4 and 4.19.
Agreed, fixed in 4.19.192 and 4.4.270. Nothing for us to do there.

Updated CVEs

CVE-2020-3702: Specifically timed and handcrafted traffic can cause
internal errors in a WLAN device that lead to improper layer 2 Wi-Fi
encryption with a consequent possibility of information disclosure
over the air for a discrete set of traffic

Vulnerability in ath9k driver. 4.4.y-cip/arm/siemens_imx6_defconfig
and 4.4.y-cip/arm/moxa_mxc_defconfig use ath9k.
Fixed in 4.14 but not 4.4.

stable/4.14: [2cbb22fd4b4fb4d0822d185bf5bd6d027107bfda,
20e7de09cbdb76a38f28fb71709fae347123ddb7,
995586a56748c532850870523d3a9080492b3433,
f4d4f4473129e9ee55b8562250adc53217bad529,
61b014a8f8de02bedc56f76620170437f5638588]
Diffstat looks like this:

key.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
main.c | 5 +++++
1 file changed, 5 insertions(+)
ath.h | 1 +
key.c | 4 ++--
2 files changed, 3 insertions(+), 2 deletions(-)
ath.h | 2 +-
ath5k/mac80211-ops.c | 2 +-
ath9k/htc_drv_main.c | 2 +-
ath9k/main.c | 5 ++---
key.c | 34 +++++++++++++++++-----------------
5 files changed, 22 insertions(+), 23 deletions(-)
hw.h | 1
main.c | 87 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
2 files changed, 87 insertions(+), 1 deletion(-)

Best regards,
Pavel

--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany


CIP IRC weekly meeting today on libera.chat

Jan Kiszka
 

Hi all,

Kindly be reminded to attend the weekly meeting through IRC to discuss
technical topics with CIP kernel today.

Please note that we moved from Freenode to libera.chat. Our channel is
the following:

irc:irc.libera.chat:6667/cip

Furthermore note that the IRC meeting is now scheduled to UTC (GMT) 13:00:

https://www.timeanddate.com/worldclock/meetingdetails.html?year=2021&month=9&day=2&hour=13&min=0&sec=0&p1=224&p2=179&p3=136&p4=37&p5=241&p6=248

USWest USEast UK DE TW JP
06:00 09:00 14:00 15:00 21:00 22:00

Last meeting minutes:

https://irclogs.baserock.org/meetings/cip/2021/08/cip.2021-08-26-13.00.log.html

* Action item
1. Combine root filesystem with kselftest binary - iwamatsu & alicef
2. Do some experiment to lower burdens on CI - patersonc

* Kernel maintenance updates
* Kernel testing
* AOB

Jan

--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux


New CVE entry this week

Masami Ichikawa
 

Hi !

It's this week's CVE report.

* CVE short summary

** New CVEs

CVE-2021-3739: mainline is fixed. before 4.20-rc1 kernels aren't affected.

CVE-2021-3743: mainline is fixed. before 4.15-rc1 kernels aren't affected.

CVE-2021-3753: mainline is fixed. 4.4 and 4.19 kernels are affected.

** Updated CVEs

CVE-2020-3702: 4.14, 4.19, 5.10, 5.4 kernels are fixed

CVE-2021-3653:stable kernels are fixed.

CVE-2021-3656: stable are fixed. 4.4 is not affected.

CVE-2021-3600: Patches for 4.19 exist in stable-rc tree as of 2021/09/02.

** Tracking CVEs

CVE-2021-31615: No fix information as of 2021/09/02.

CVE-2021-3640: No fix information as of 2021/09/02.

CVE-2020-26555: No fix information as of 2021/09/02.

CVE-2020-26556: No fix information as of 2021/09/02.

CVE-2020-26557: No fix information as of 2021/09/02.

CVE-2020-26559: No fix information as of 2021/09/02.

CVE-2020-26560: No fix information as of 2021/09/02.

CVE-2021-3600: mainline, 5.10, 5.4 are fixed. 4.4 isn't affected. 4.19
will be fixed in stable tree.

* CVE detail

New CVEs

CVE-2021-3739: btrfs: fix NULL pointer dereference when deleting
device by invalid id

Fixed in btrfs tree but not fixed in mainline yet.
This vulnerability has been introduced since 4.20-rc1 so before 4.20
kernel aren't affected this vulnerability.

Fixed status

mainline: [e4571b8c5e9ffa1e85c0c671995bd4dcc5c75091]

CVE-2021-3743: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c

The Qualcomm's IPC router protocol(qrtr) has been introduced since
4.15-rc1 so before 4.15 kernels aren't affected.
Checked on cip-kernel-config, it looks like no CIP member enables QRTR.

Fixed status

mainline: [7e78c597c3ebfd0cb329aa09a838734147e4f117]

CVE-2021-3753: A out-of-bounds caused by the race of KDSETMODE in vt

Commit ffb324e6f874121f7dce5bdae5e05d02baae7269 introduced race
condition and oob bug. The commit ffb324e6f874 have been backported to
4.4 and 4.19.

Fixed status

mainline: [2287a51ba822384834dafc1c798453375d1107c7]

Updated CVEs

CVE-2020-3702: Specifically timed and handcrafted traffic can cause
internal errors in a WLAN device that lead to improper layer 2 Wi-Fi
encryption with a consequent possibility of information disclosure
over the air for a discrete set of traffic

Vulnerability in ath9k driver. 4.4.y-cip/arm/siemens_imx6_defconfig
and 4.4.y-cip/arm/moxa_mxc_defconfig use ath9k.

Fixed status

mainline: [56c5485c9e444c2e85e11694b6c44f1338fc20fd,
73488cb2fa3bb1ef9f6cf0d757f76958bd4deaca,
d2d3e36498dd8e0c83ea99861fac5cf9e8671226,
144cd24dbc36650a51f7fe3bf1424a1432f1f480,
ca2848022c12789685d3fab3227df02b863f9696]
stable/4.14: [2cbb22fd4b4fb4d0822d185bf5bd6d027107bfda,
20e7de09cbdb76a38f28fb71709fae347123ddb7,
995586a56748c532850870523d3a9080492b3433,
f4d4f4473129e9ee55b8562250adc53217bad529,
61b014a8f8de02bedc56f76620170437f5638588]
stable/4.19: [dd5815f023b89c9a28325d8a2a5f0779b57b7190,
d2fd9d34210f34cd0ff5b33fa94e9fcc2a513cea,
fb924bfcecc90ca63ca76b5a10f192bd0e1bb35d,
7c5a966edd3c6eec4a9bdf698c1f27712d1781f0,
08c613a2cb06c68ef4e7733e052af067b21e5dbb]
stable/5.10: [8f05076983ddeaae1165457b6aa4eca9fe0e5498,
6566c207e5767deb37d283ed9f77b98439a1de4e,
2925a8385ec746bf09c11dcadb9af13c26091a4d,
609c0cfd07f0ae6c444e064a59b46c5f3090b705,
e2036bc3fc7daa03c15fda27e1818192da817cea]
stable/5.4: [0c049ce432b37a51a0da005314ac32e5d9324ccf,
add283e2517a90468ce223465e0f4360128bb650,
b7d593705eb4f0655a70f0207f573fb1edb80bda,
c6feaf806da6a0deecc2fe41adb3443cdecba347,
23f77ad13f8176314b7c51f71b9ac7c5c6d10b7b]

CVE-2021-3653: KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl

Fixed status

mainline: [0f923e07124df069ba68d8bb12324398f4b6b709]
stable/4.14: [26af47bdc45e454877f15fa7658a167bb9799681]
stable/4.19: [42f4312c0e8a225b5f1e3ed029509ef514f2157a]
stable/4.4: [53723b7be26ef31ad642ce5ffa8b42dec16db40e]
stable/4.9: [29c4f674715ba8fe7a391473313e8c71f98799c4]
stable/5.10: [c0883f693187c646c0972d73e525523f9486c2e3]
stable/5.13: [a0949ee63cf95408870a564ccad163018b1a9e6b]
stable/5.4: [7c1c96ffb658fbfe66c5ebed6bcb5909837bc267]


CVE-2021-3656: KVM: nSVM: always intercept VMLOAD/VMSAVE when nested

Fixed status

mainline: [c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc]
stable/4.14: [6ed198381ed2496fbc82214108e56a441d3b0213]
stable/4.19: [119d547cbf7c055ba8100309ad71910478092f24]
stable/5.10: [3dc5666baf2a135f250e4101d41d5959ac2c2e1f]
stable/5.13: [639a033fd765ed473dfee27028df5ccbe1038a2e]
stable/5.4: [a17f2f2c89494c0974529579f3552ecbd1bc2d52]
stable/4.4: Not affected

Currently tracking CVEs

CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in
Bluetooth Core Specifications 4.0 through 5.2

There is no fix information as of 2021/08/26.

CVE-2021-3640: UAF in sco_send_frame function

There is no fix information as of 2021/08/26.

CVE-2020-26555: BR/EDR pin code pairing broken

There is no fix information as of 2021/08/26.

CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning

No fix information as of 2021/08/26.

CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh
Provisioning Leads to MITM

No fix information as of 2021/08/26.

CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning

No fix information as of 2021/08/26.

CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning

No fix information as of 2021/08/26.

CVE-2021-3600: eBPF 32-bit source register truncation on div/mod

The vulnerability has been introduced since 4.15-rc9. 4.4 is not
affected. 4.19 is not fixed yet as of 2021/08/26.
Patches have been sent to stable
kernel(https://lore.kernel.org/stable/YSj43Lpw9bilHuIn@kroah.com/T/#t).
Then these have been included in stable-rc tree. These patch set
addressed to fix CVE-2021-3444 and CVE-2021-3600.

Discussion: https://lore.kernel.org/stable/YSd1q9Llm1vsWbXT@mussarela/T/#t

Patches in stable-rc tree.

bpf: Do not use ax register in interpreter on div/mod:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/commit/?h=queue/4.19&id=5179c6c58d0a2a05eeadd1bc0431bee01609d5b2
bpf: Fix 32 bit src register truncation on div/mod:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/commit/?h=queue/4.19&id=ca13f215fc36e37cf46d624b8c0ee71c10e231b1
bpf: Fix truncation handling for mod32 dst reg wrt zero:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/commit/?h=queue/4.19&id=a84037fcded8a9513f4838079cef85c516036f23


mainline: [e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90]
stable/5.10: [1d16cc210fabd0a7ebf52d3025f81c2bde054a90]
stable/5.4: [78e2f71b89b22222583f74803d14f3d90cdf9d12]

Regards,


cip/linux-4.19.y-cip baseline: 319 runs, 3 regressions (v4.19.205-cip56) #kernelci

kernelci.org bot <bot@...>
 

cip/linux-4.19.y-cip baseline: 319 runs, 3 regressions (v4.19.205-cip56)

Regressions Summary
-------------------

platform | arch | lab | compiler | defconfig | regressions
---------------------+------+--------------+----------+---------------------+------------
qemu_arm-versatilepb | arm | lab-baylibre | gcc-8 | versatile_defconfig | 1
qemu_arm-versatilepb | arm | lab-broonie | gcc-8 | versatile_defconfig | 1
qemu_arm-versatilepb | arm | lab-cip | gcc-8 | versatile_defconfig | 1

Details: https://kernelci.org/test/job/cip/branch/linux-4.19.y-cip/kernel/v4.19.205-cip56/plan/baseline/

Test: baseline
Tree: cip
Branch: linux-4.19.y-cip
Describe: v4.19.205-cip56
URL: https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git
SHA: ad19e133aebcec558066ea338f896ec0b7338254


Test Regressions
----------------


platform | arch | lab | compiler | defconfig | regressions
---------------------+------+--------------+----------+---------------------+------------
qemu_arm-versatilepb | arm | lab-baylibre | gcc-8 | versatile_defconfig | 1

Details: https://kernelci.org/test/plan/id/612d8ea3b86a70ad1c8e2ca5

Results: 0 PASS, 1 FAIL, 0 SKIP
Full config: versatile_defconfig
Compiler: gcc-8 (arm-linux-gnueabihf-gcc (Debian 8.3.0-2) 8.3.0)
Plain log: https://storage.kernelci.org//cip/linux-4.19.y-cip/v4.19.205-cip56/arm/versatile_defconfig/gcc-8/lab-baylibre/baseline-qemu_arm-versatilepb.txt
HTML log: https://storage.kernelci.org//cip/linux-4.19.y-cip/v4.19.205-cip56/arm/versatile_defconfig/gcc-8/lab-baylibre/baseline-qemu_arm-versatilepb.html
Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/kci-2020.05-6-g8983f3b738df/armel/baseline/rootfs.cpio.gz


* baseline.login: https://kernelci.org/test/case/id/612d8ea3b86a70ad1c8e2ca6
failing since 290 days (last pass: v4.19.152-cip37-37-g18852869b06b, first fail: v4.19.157-cip38)



platform | arch | lab | compiler | defconfig | regressions
---------------------+------+--------------+----------+---------------------+------------
qemu_arm-versatilepb | arm | lab-broonie | gcc-8 | versatile_defconfig | 1

Details: https://kernelci.org/test/plan/id/612d8f796095f64edd8e2c86

Results: 0 PASS, 1 FAIL, 0 SKIP
Full config: versatile_defconfig
Compiler: gcc-8 (arm-linux-gnueabihf-gcc (Debian 8.3.0-2) 8.3.0)
Plain log: https://storage.kernelci.org//cip/linux-4.19.y-cip/v4.19.205-cip56/arm/versatile_defconfig/gcc-8/lab-broonie/baseline-qemu_arm-versatilepb.txt
HTML log: https://storage.kernelci.org//cip/linux-4.19.y-cip/v4.19.205-cip56/arm/versatile_defconfig/gcc-8/lab-broonie/baseline-qemu_arm-versatilepb.html
Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/kci-2020.05-6-g8983f3b738df/armel/baseline/rootfs.cpio.gz


* baseline.login: https://kernelci.org/test/case/id/612d8f796095f64edd8e2c87
failing since 290 days (last pass: v4.19.152-cip37-37-g18852869b06b, first fail: v4.19.157-cip38)



platform | arch | lab | compiler | defconfig | regressions
---------------------+------+--------------+----------+---------------------+------------
qemu_arm-versatilepb | arm | lab-cip | gcc-8 | versatile_defconfig | 1

Details: https://kernelci.org/test/plan/id/612d8e83b44cb7d5a18e2c9b

Results: 0 PASS, 1 FAIL, 0 SKIP
Full config: versatile_defconfig
Compiler: gcc-8 (arm-linux-gnueabihf-gcc (Debian 8.3.0-2) 8.3.0)
Plain log: https://storage.kernelci.org//cip/linux-4.19.y-cip/v4.19.205-cip56/arm/versatile_defconfig/gcc-8/lab-cip/baseline-qemu_arm-versatilepb.txt
HTML log: https://storage.kernelci.org//cip/linux-4.19.y-cip/v4.19.205-cip56/arm/versatile_defconfig/gcc-8/lab-cip/baseline-qemu_arm-versatilepb.html
Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/kci-2020.05-6-g8983f3b738df/armel/baseline/rootfs.cpio.gz


* baseline.login: https://kernelci.org/test/case/id/612d8e83b44cb7d5a18e2c9c
failing since 290 days (last pass: v4.19.152-cip37-37-g18852869b06b, first fail: v4.19.157-cip38)


cip/linux-4.19.y-cip baseline-nfs: 42 runs, 1 regressions (v4.19.205-cip56) #kernelci

kernelci.org bot <bot@...>
 

cip/linux-4.19.y-cip baseline-nfs: 42 runs, 1 regressions (v4.19.205-cip56)

Regressions Summary
-------------------

platform | arch | lab | compiler | defconfig | regressions
-----------+------+-----------------+----------+--------------------+------------
dove-cubox | arm | lab-pengutronix | gcc-8 | multi_v7_defconfig | 1

Details: https://kernelci.org/test/job/cip/branch/linux-4.19.y-cip/kernel/v4.19.205-cip56/plan/baseline-nfs/

Test: baseline-nfs
Tree: cip
Branch: linux-4.19.y-cip
Describe: v4.19.205-cip56
URL: https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git
SHA: ad19e133aebcec558066ea338f896ec0b7338254


Test Regressions
----------------


platform | arch | lab | compiler | defconfig | regressions
-----------+------+-----------------+----------+--------------------+------------
dove-cubox | arm | lab-pengutronix | gcc-8 | multi_v7_defconfig | 1

Details: https://kernelci.org/test/plan/id/612d91bb905996aa128e2c8c

Results: 0 PASS, 1 FAIL, 0 SKIP
Full config: multi_v7_defconfig
Compiler: gcc-8 (arm-linux-gnueabihf-gcc (Debian 8.3.0-2) 8.3.0)
Plain log: https://storage.kernelci.org//cip/linux-4.19.y-cip/v4.19.205-cip56/arm/multi_v7_defconfig/gcc-8/lab-pengutronix/baseline-nfs-dove-cubox.txt
HTML log: https://storage.kernelci.org//cip/linux-4.19.y-cip/v4.19.205-cip56/arm/multi_v7_defconfig/gcc-8/lab-pengutronix/baseline-nfs-dove-cubox.html
Rootfs: http://storage.kernelci.org/images/rootfs/debian/buster/20210730.6/armhf/initrd.cpio.gz


* baseline-nfs.login: https://kernelci.org/test/case/id/612d91bb905996aa128e2c8d
failing since 127 days (last pass: v4.19.186-cip47-1-g4c2cb7ba796b, first fail: v4.19.188-cip48)


cip/linux-4.19.y-cip build: 114 builds: 0 failed, 114 passed, 31 warnings (v4.19.205-cip56) #kernelci

kernelci.org bot <bot@...>
 

cip/linux-4.19.y-cip build: 114 builds: 0 failed, 114 passed, 31 warnings (v4.19.205-cip56)

Full Build Summary: https://kernelci.org/build/cip/branch/linux-4.19.y-cip/kernel/v4.19.205-cip56/

Tree: cip
Branch: linux-4.19.y-cip
Git Describe: v4.19.205-cip56
Git Commit: ad19e133aebcec558066ea338f896ec0b7338254
Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git
Built: 3 unique architectures

Warnings Detected:

arm64:

arm:
allmodconfig (gcc-8): 2 warnings
am200epdkit_defconfig (gcc-8): 1 warning
colibri_pxa300_defconfig (gcc-8): 1 warning
corgi_defconfig (gcc-8): 1 warning
efm32_defconfig (gcc-8): 1 warning
eseries_pxa_defconfig (gcc-8): 1 warning
h5000_defconfig (gcc-8): 1 warning
integrator_defconfig (gcc-8): 1 warning
lpc32xx_defconfig (gcc-8): 1 warning
lpd270_defconfig (gcc-8): 1 warning
magician_defconfig (gcc-8): 1 warning
mainstone_defconfig (gcc-8): 1 warning
multi_v4t_defconfig (gcc-8): 1 warning
palmz72_defconfig (gcc-8): 1 warning
pcm027_defconfig (gcc-8): 1 warning
prima2_defconfig (gcc-8): 1 warning
pxa168_defconfig (gcc-8): 1 warning
pxa255-idp_defconfig (gcc-8): 1 warning
pxa3xx_defconfig (gcc-8): 1 warning
pxa910_defconfig (gcc-8): 1 warning
raumfeld_defconfig (gcc-8): 1 warning
s3c6400_defconfig (gcc-8): 1 warning
s5pv210_defconfig (gcc-8): 1 warning
spitz_defconfig (gcc-8): 1 warning
stm32_defconfig (gcc-8): 1 warning
tango4_defconfig (gcc-8): 1 warning
tct_hammer_defconfig (gcc-8): 1 warning
viper_defconfig (gcc-8): 1 warning
vt8500_v6_v7_defconfig (gcc-8): 1 warning
zeus_defconfig (gcc-8): 1 warning

x86_64:


Warnings summary:

29 drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable]
1 /tmp/ccSMp14H.s:18196: Warning: using r15 results in unpredictable behaviour
1 /tmp/ccSMp14H.s:18124: Warning: using r15 results in unpredictable behaviour

================================================================================

Detailed per-defconfig build reports:

--------------------------------------------------------------------------------
acs5k_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
acs5k_tiny_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
allmodconfig (arm, gcc-8) — PASS, 0 errors, 2 warnings, 0 section mismatches

Warnings:
/tmp/ccSMp14H.s:18124: Warning: using r15 results in unpredictable behaviour
/tmp/ccSMp14H.s:18196: Warning: using r15 results in unpredictable behaviour

--------------------------------------------------------------------------------
allnoconfig (x86_64, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
am200epdkit_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches

Warnings:
drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable]

--------------------------------------------------------------------------------
aspeed_g4_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
aspeed_g5_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
at91_dt_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
axm55xx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
badge4_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
bcm2835_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
cerfcube_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
cm_x300_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
colibri_pxa270_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
colibri_pxa300_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches

Warnings:
drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable]

--------------------------------------------------------------------------------
collie_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
corgi_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches

Warnings:
drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable]

--------------------------------------------------------------------------------
davinci_all_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
defconfig (arm64, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
defconfig+CONFIG_CPU_BIG_ENDIAN=y (arm64, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
defconfig+CONFIG_RANDOMIZE_BASE=y (arm64, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
defconfig+crypto (arm64, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
defconfig+ima (arm64, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
dove_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
ebsa110_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
efm32_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches

Warnings:
drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable]

--------------------------------------------------------------------------------
em_x270_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
ep93xx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
eseries_pxa_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches

Warnings:
drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable]

--------------------------------------------------------------------------------
exynos_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
footbridge_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
gemini_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
h3600_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
h5000_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches

Warnings:
drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable]

--------------------------------------------------------------------------------
hackkit_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
hisi_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
imote2_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
imx_v4_v5_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
imx_v6_v7_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
integrator_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches

Warnings:
drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable]

--------------------------------------------------------------------------------
iop13xx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
iop32x_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
iop33x_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
ixp4xx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
jornada720_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
keystone_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
ks8695_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
lpc18xx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
lpc32xx_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches

Warnings:
drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable]

--------------------------------------------------------------------------------
lpd270_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches

Warnings:
drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable]

--------------------------------------------------------------------------------
magician_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches

Warnings:
drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable]

--------------------------------------------------------------------------------
mainstone_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches

Warnings:
drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable]

--------------------------------------------------------------------------------
mini2440_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
mmp2_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
moxart_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
mps2_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
multi_v4t_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches

Warnings:
drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable]

--------------------------------------------------------------------------------
multi_v5_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
multi_v7_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
multi_v7_defconfig+CONFIG_EFI=y+CONFIG_ARM_LPAE=y (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
multi_v7_defconfig+CONFIG_SMP=n (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
multi_v7_defconfig+crypto (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
multi_v7_defconfig+ima (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
mvebu_v5_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
mxs_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
netwinder_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
netx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
nhk8815_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
nuc910_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
nuc950_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
nuc960_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
omap1_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
omap2plus_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
orion5x_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
oxnas_v6_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
palmz72_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches

Warnings:
drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable]

--------------------------------------------------------------------------------
pcm027_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches

Warnings:
drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable]

--------------------------------------------------------------------------------
pleb_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
prima2_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches

Warnings:
drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable]

--------------------------------------------------------------------------------
pxa168_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches

Warnings:
drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable]

--------------------------------------------------------------------------------
pxa255-idp_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches

Warnings:
drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable]

--------------------------------------------------------------------------------
pxa3xx_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches

Warnings:
drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable]

--------------------------------------------------------------------------------
pxa910_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches

Warnings:
drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable]

--------------------------------------------------------------------------------
pxa_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
qcom_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
raumfeld_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches

Warnings:
drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable]

--------------------------------------------------------------------------------
realview_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
rpc_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
s3c6400_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches

Warnings:
drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable]

--------------------------------------------------------------------------------
s5pv210_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches

Warnings:
drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable]

--------------------------------------------------------------------------------
sama5_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
simpad_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
socfpga_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
spear13xx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
spear3xx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
spear6xx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
spitz_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches

Warnings:
drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable]

--------------------------------------------------------------------------------
stm32_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches

Warnings:
drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable]

--------------------------------------------------------------------------------
sunxi_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
tango4_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches

Warnings:
drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable]

--------------------------------------------------------------------------------
tct_hammer_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches

Warnings:
drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable]

--------------------------------------------------------------------------------
trizeps4_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
u300_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
versatile_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
vexpress_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
viper_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches

Warnings:
drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable]

--------------------------------------------------------------------------------
vt8500_v6_v7_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches

Warnings:
drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable]

--------------------------------------------------------------------------------
x86_64_defconfig (x86_64, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
x86_64_defconfig+crypto (x86_64, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
x86_64_defconfig+ima (x86_64, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
x86_64_defconfig+x86-chromebook (x86_64, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
x86_64_defconfig+x86_kvm_guest (x86_64, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
zeus_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches

Warnings:
drivers/clk/clk.c:49:27: warning: ‘orphan_list’ defined but not used [-Wunused-variable]

--------------------------------------------------------------------------------
zx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches

---
For more info write to <info@kernelci.org>


[ANNOUNCE] Release v4.19.205-cip56

Nobuhiro Iwamatsu
 

Hi,

CIP kernel team has released Linux kernel v4.19.205-cip56.
The linux-4.19.y-cip tree has been updated base version from v4.19.204
to v4.19.205.

You can get this release via the git tree at:

v4.19.205-cip56:
repository:
https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git
branch:
linux-4.19.y-cip
commit hash:
ad19e133aebcec558066ea338f896ec0b7338254
Fixed CVEs:
CVE-2021-3653: KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl
CVE-2021-3656: KVM: nSVM: always intercept VMLOAD/VMSAVE when nested
CVE-2020-3702: None
added commits:
CIP: Bump version suffix to -cip56 after merge from stable

Best regards,
Nobuhiro


Re: New CVE entries this week

Masami Ichikawa
 

Hi !

On Thu, Aug 26, 2021 at 8:51 PM Pavel Machek <pavel@denx.de> wrote:

Hi!

CVE-2021-3600: eBPF 32-bit source register truncation on div/mod

The vulnerability has been introduced since 4.15-rc9. 4.4 is not
affected. 4.19 is not fixed yet as of 2021/08/26.

mainline: [e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90]
stable/5.10: [1d16cc210fabd0a7ebf52d3025f81c2bde054a90]
stable/5.4: [78e2f71b89b22222583f74803d14f3d90cdf9d12]
I took a look into this. Apparently 4.14 and 4.19 is affected. (
https://seclists.org/oss-sec/2021/q2/228 )

Due to BPF 32-bit subregister requirements (see bpf_design_QA.rst)
top 32 bits should be always zero when the 32 bit registers are in
use. So it could be possible to use BPF_JMP instead of BPF_JMP32.
Hmm, no; that is what original code did and what is known not to work
for reasons I don't fully understand.

Anyway, I asked on the lists, and according to Thadeu Lima de Souza
Cascardo Ubuntu did some work on it and is likely to do some more.
Thank you for asking.

Oh, and we may want watch CVE-2021-3444, it is apparently related and
not yet fixed in 4.19.
I see. We keep track of it.

Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany


Regards,

--
Masami Ichikawa
Cybertrust Japan Co., Ltd.

Email :masami.ichikawa@cybertrust.co.jp
:masami.ichikawa@miraclelinux.com


Re: New CVE entries this week

Pavel Machek
 

Hi!

CVE-2021-3600: eBPF 32-bit source register truncation on div/mod

The vulnerability has been introduced since 4.15-rc9. 4.4 is not
affected. 4.19 is not fixed yet as of 2021/08/26.

mainline: [e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90]
stable/5.10: [1d16cc210fabd0a7ebf52d3025f81c2bde054a90]
stable/5.4: [78e2f71b89b22222583f74803d14f3d90cdf9d12]
I took a look into this. Apparently 4.14 and 4.19 is affected. (
https://seclists.org/oss-sec/2021/q2/228 )

Due to BPF 32-bit subregister requirements (see bpf_design_QA.rst)
top 32 bits should be always zero when the 32 bit registers are in
use. So it could be possible to use BPF_JMP instead of BPF_JMP32.
Hmm, no; that is what original code did and what is known not to work
for reasons I don't fully understand.

Anyway, I asked on the lists, and according to Thadeu Lima de Souza
Cascardo Ubuntu did some work on it and is likely to do some more.

Oh, and we may want watch CVE-2021-3444, it is apparently related and
not yet fixed in 4.19.

Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany


Re: New CVE entries this week

Pavel Machek
 

Hi!

New CVEs

CVE-2020-3702: Specifically timed and handcrafted traffic can cause
internal errors in a WLAN device that lead to improper layer 2 Wi-Fi
encryption with a consequent possibility of information disclosure
over the air for a discrete set of traffic

This CVE affects ath9k driver.

Fixed status

mainline: [56c5485c9e444c2e85e11694b6c44f1338fc20fd,
73488cb2fa3bb1ef9f6cf0d757f76958bd4deaca,
d2d3e36498dd8e0c83ea99861fac5cf9e8671226,
144cd24dbc36650a51f7fe3bf1424a1432f1f480,
ca2848022c12789685d3fab3227df02b863f9696]
At least some of the relevant fixes are queued for
5.10.61/4.19. Likely this will resolve itself.

CVE-2021-3600: eBPF 32-bit source register truncation on div/mod

The vulnerability has been introduced since 4.15-rc9. 4.4 is not
affected. 4.19 is not fixed yet as of 2021/08/26.

mainline: [e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90]
stable/5.10: [1d16cc210fabd0a7ebf52d3025f81c2bde054a90]
stable/5.4: [78e2f71b89b22222583f74803d14f3d90cdf9d12]
I took a look into this. Apparently 4.14 and 4.19 is affected. (
https://seclists.org/oss-sec/2021/q2/228 )

Due to BPF 32-bit subregister requirements (see bpf_design_QA.rst)
top 32 bits should be always zero when the 32 bit registers are in
use. So it could be possible to use BPF_JMP instead of BPF_JMP32.

Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany


New CVE entries this week

Masami Ichikawa
 

Hi !

It's this week's CVE report.

* CVE short summary

** New CVEs

CVE-2020-3702: mainline is fixed

CVE-2021-3732: mainline and stable kernels are fixed

** Updated CVEs

There is no update.

** Tracking CVEs

CVE-2021-31615: No fix information as of 2021/08/26.

CVE-2021-3640: No fix information as of 2021/08/26.

CVE-2020-26555: No fix information as of 2021/08/26.

CVE-2020-26556: No fix information as of 2021/08/26.

CVE-2020-26557: No fix information as of 2021/08/26.

CVE-2020-26559: No fix information as of 2021/08/26.

CVE-2020-26560: No fix information as of 2021/08/26.

CVE-2021-3600: mainline, 5.10, 5.4 are fixed. 4.4 isn't affected. 4.19
isn't fixed.

* CVE detail

New CVEs

CVE-2020-3702: Specifically timed and handcrafted traffic can cause
internal errors in a WLAN device that lead to improper layer 2 Wi-Fi
encryption with a consequent possibility of information disclosure
over the air for a discrete set of traffic

This CVE affects ath9k driver.

Fixed status

mainline: [56c5485c9e444c2e85e11694b6c44f1338fc20fd,
73488cb2fa3bb1ef9f6cf0d757f76958bd4deaca,
d2d3e36498dd8e0c83ea99861fac5cf9e8671226,
144cd24dbc36650a51f7fe3bf1424a1432f1f480,
ca2848022c12789685d3fab3227df02b863f9696]

CVE-2021-3732: kernel: overlayfs: Mounting overlayfs inside an
unprivileged user namespace can reveal files

cip/4.19: [963d85d630dabe75a3cfde44a006fec3304d07b8]
cip/4.4: [c6e8810d25295acb40a7b69ed3962ff181919571]
mainline: [427215d85e8d1476da1a86b8d67aceb485eb3631]
stable/4.14: [517b875dfbf58f0c6c9e32dc90f5cf42d71a42ce]
stable/4.19: [963d85d630dabe75a3cfde44a006fec3304d07b8]
stable/4.4: [c6e8810d25295acb40a7b69ed3962ff181919571]
stable/4.9: [e3eee87c846dc47f6d8eb6d85e7271f24122a279]
stable/5.10: [6a002d48a66076524f67098132538bef17e8445e]
stable/5.13: [41812f4b84484530057513478c6770590347dc30]
stable/5.4: [812f39ed5b0b7f34868736de3055c92c7c4cf459]

Updated CVEs

There is no update.

Currently tracking CVEs

CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in
Bluetooth Core Specifications 4.0 through 5.2

There is no fix information as of 2021/08/26.

CVE-2021-3640: UAF in sco_send_frame function

There is no fix information as of 2021/08/26.

CVE-2020-26555: BR/EDR pin code pairing broken

There is no fix information as of 2021/08/26.

CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning

No fix information as of 2021/08/26.

CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh
Provisioning Leads to MITM

No fix information as of 2021/08/26.

CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning

No fix information as of 2021/08/26.

CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning

No fix information as of 2021/08/26.

CVE-2021-3600: eBPF 32-bit source register truncation on div/mod

The vulnerability has been introduced since 4.15-rc9. 4.4 is not
affected. 4.19 is not fixed yet as of 2021/08/26.

mainline: [e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90]
stable/5.10: [1d16cc210fabd0a7ebf52d3025f81c2bde054a90]
stable/5.4: [78e2f71b89b22222583f74803d14f3d90cdf9d12]

Regards,


--
Masami Ichikawa
Cybertrust Japan Co., Ltd.

Email :masami.ichikawa@cybertrust.co.jp
:masami.ichikawa@miraclelinux.com


CIP IRC weekly meeting today on libera.chat

masashi.kudo@cybertrust.co.jp <masashi.kudo@...>
 

Hi all,

 

Kindly be reminded to attend the weekly meeting through IRC to discuss technical topics with CIP kernel today.

 

Please note that we already moved from Freenode to libera.chat, and our channel is the following:

              irc:irc.libera.chat:6667/cip

 

Please also note that the IRC meeting was rescheduled to UTC (GMT) 13:00.

https://www.timeanddate.com/worldclock/meetingdetails.html?year=2021&month=8&day=26&hour=13&min=0&sec=0&p1=224&p2=179&p3=136&p4=37&p5=241&p6=248

 

USWest USEast  UK         DE         TW        JP

06:00     09:00     14:00     15:00     21:00     22:00

 

Last meeting minutes:

https://irclogs.baserock.org/meetings/cip/2021/08/cip.2021-08-19-09.00.log.html

https://irclogs.baserock.org/meetings/cip/2021/08/cip.2021-08-19-13.00.log.html

 

* Action item

  1. Combine root filesystem with kselftest binary - iwamatsu & alicef

  2. Do some experiment to lower burdens on CI - patersonc

 

* Kernel maintenance updates

* Kernel testing

* AOB

 

The meeting will take 30 min, although it can be extended to an hour if it makes sense and those involved in the topics can stay. Otherwise, the topic will be taken offline or in the next meeting.

 

Best regards,

--

M. Kudo

Cybertrust Japan Co., Ltd.


Re: [isar-cip-dev][PATCH] Uprevision the cip-kernel-config to latest one

Jan Kiszka
 

On 10.08.21 09:20, Srinuvasan A wrote:
From: Srinuvasan A <srinuvasan_a@mentor.com>

Uprevision the cip-kernel-config to latest one.

Signed-off-by: Srinuvasan A <srinuvasan_a@mentor.com>
---
recipes-kernel/linux/linux-cip-common.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-kernel/linux/linux-cip-common.inc b/recipes-kernel/linux/linux-cip-common.inc
index 6362408..1afec88 100644
--- a/recipes-kernel/linux/linux-cip-common.inc
+++ b/recipes-kernel/linux/linux-cip-common.inc
@@ -25,6 +25,6 @@ SRC_URI_append = " ${@ "git://gitlab.com/cip-project/cip-kernel/cip-kernel-confi

SRC_URI_append_bbb = "file://${KERNEL_DEFCONFIG}"

-SRCREV_cip-kernel-config ?= "b72318b9346f7262f6dd7511384ca61bd8b545c8"
+SRCREV_cip-kernel-config ?= "cd5d43e99f4d5f20707d7ac1e721bb22d4c9e16e"

S = "${WORKDIR}/linux-cip-v${PV}"
Thanks, applied.

Jan

--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux


Re: [isar-cip-dev][PATCH] Uprevision the cip-kernel-config to latest one

Srinuvasan A
 

Hi All,

                  Can you please merge into next.

Thanks.

341 - 360 of 7061