FTR, a second backport series for 4.4 was also posted: https://lore.kernel.org/stable/20210204172903.2860981-1-lee.jones@... ChenYu

Hi everyone, Two new issue this week: - CVE-2021-3347 [UAF in futex]: fixed for 4.14 and later [1] - CVE-2021-3348 [nbd: UAF when adding connections while operations are running]: fixed in all kernels

Hi, Debian maintainers speculate it might be related to 4c59406ed003 ("xfrm: policy: Fix doulbe free in xfrm_policy_timer"). Of course we won't really know until Google discloses the facts. ChenYu

Looks like there's an update: https://lore.kernel.org/stable/20210125142126.70d6a33c@... I will update the tracker. ChenYu

<daniel.sangorrin@...> wrote: I tried again yesterday and the issue still persists. SZ said he would look into it today. ChenYu

Hi everyone, One new issue this week: - CVE-2021-3178 [nfsd4: readdirplus returns parent of export] - fixed in mainline The fix was only merged into Linus's tree a couple days ago, so we should see th

Hi everyone, Three new issues this week: - CVE-2020-28374 [target/xcopy] - fixed Fix is missing from 4.4 and 4.9; notified Sasha on IRC - CVE-2020-35508 [fork copy_process race] - fixed for all kernel

Hi everyone, Three new issues this week: - CVE-2020-35499 [bluetooth/sco] - fixed in all relevant kernels - CVE-2020-36158 [mwifiex] - fixed in mainline; needs backport - CVE-2021-0342 [net/tun] - fix

Hi everyone, One new issue this week, though information is scarce. - CVE-2020-27066 [ipv6/xfrm] The issue is still undisclosed. It is stated to be fixed, though ATM it is unknown what the exact fix i

Hi everyone, Here is the cip-kernel-sec report for this week. This week we have two new issues: - CVE-2020-29568 [xen/blkdev/backend] - fixed - CVE-2020-29569 [xen/blkdev/backend] - fixed Both are cur

Hi everyone, Here is the cip-kernel-sec report for this week. This week we have four new issues: - CVE-2020-27825 [UAF in kernel/trace/ring_buffer.c] - CVE-2020-27835 [IF/hfi1: incorrect mm_struct usa

Hi everyone, Here is the cip-kernel-sec report for this week. This week we have five new issues: - CVE-2020-27786 [rawmidi UAF race condition] - fixed for all stable kernels - CVE-2020-27820 [drm/nouv

New issues: - CVE-2019-20934 [fair scheduler UAF in NUMA code] - CVE-2020-27815 [fs/jfs: array index out-of-bounds] - CVE-2020-29368 [mm/THP: COW race condition] - CVE-2020-29369 [mm/mmap: race condit

(Resent from correct email address.) Hi everyone, This week we have six new issues: - CVE-2020-15436 [blockdev UAF] - Fixed in all stable kernels - CVE-2020-15437 [serial/8250 NULL pointer dereference

Hi everyone, This week we have two new issues: - CVE-2020-12912 [hwmon/amd_energy] - Fixed in relevant stable kernels This driver was introduced in v5.8, so no members actually use it. - CVE-2020-2570

Confirmed. The fixes for CVE-2020-27673 and 27675 are part of 4.19.155. Looks like there is no backport for older LTS branches though. ChenYu

Hi, I will not be able to attend today's meeting. I will send out this week's CVE report this evening, likely after the meeting. Regards, ChenYu masashi.kudo@... <masashi.kudo@cybertrust.

Hi everyone, Since there's no CIP weekly meeting this week, I'm sharing the details on the mailing list. If people prefer this format, I can also do this in the future. This could make up for the merg

<ben.hutchings@...> wrote: Yes. So in the future I'll push all script-imported updates directly. Would you still like to review manual data input, or should I push those directly as well?

Hi, After today's CIP weekly meeting, Pavel proposed the idea of skipping merge requests for the cip-kernel-sec repository: 17:25 < pave1> wens: I see that currently merges to cip-kernel-sec are appro