cip-kernel-sec Updates for Last Week of October


Chen-Yu Tsai (Moxa) <wens@...>
 

Hi everyone,

Since there's no CIP weekly meeting this week, I'm sharing the details
on the mailing list. If people prefer this format, I can also do this
in the future. This could make up for the merge request which summarized
the information.

Here's this week's update:

New CVEs:
- CVE-2019-0146 [net/i40e] - likely fixed
- CVE-2020-27673 [xen/dom0] - fixed in mainline
- CVE-2020-27675 [xen/dom0] - fixed in mainline

Old CVEs now fixed:
- CVE-2020-14351 [perf] - fixed in mainline
- CVE-2020-27152 [KVM] - fixed in mainline

So we have yet another Intel i40e CVE that has a nearly useless
description.

For the rest, they are all fixed in v5.10-rc1.

- Fixes for CVE-2020-14351 and CVE-2020-27152 have been queued
up for v5.8 and v5.9.

- Fix for CVE-2020-27675 has been queued up for v5.9

- Fix for CVE-2020-27673 has not been backported yet.


Regards
ChenYu
Moxa


masashi.kudo@cybertrust.co.jp <masashi.kudo@...>
 

Hi, Chen-Yu san,

Thanks for your report! This is very helpful.

Could you add the backporting status for 4.4 and 4.19 stable kernels?
We may want to discuss the necessity of the backporting for them.

Best regards,
--
M. Kudo

-----Original Message-----
From: cip-dev@lists.cip-project.org <cip-dev@lists.cip-project.org> On Behalf Of
Chen-Yu Tsai (Moxa)
Sent: Thursday, October 29, 2020 11:42 AM
To: cip-dev@lists.cip-project.org
Cc: Pavel Machek <pavel@denx.de>; Nobuhiro Iwamatsu
<nobuhiro1.iwamatsu@toshiba.co.jp>
Subject: [cip-dev] cip-kernel-sec Updates for Last Week of October

Hi everyone,

Since there's no CIP weekly meeting this week, I'm sharing the details on the
mailing list. If people prefer this format, I can also do this in the future. This could
make up for the merge request which summarized the information.

Here's this week's update:

New CVEs:
- CVE-2019-0146 [net/i40e] - likely fixed
- CVE-2020-27673 [xen/dom0] - fixed in mainline
- CVE-2020-27675 [xen/dom0] - fixed in mainline

Old CVEs now fixed:
- CVE-2020-14351 [perf] - fixed in mainline
- CVE-2020-27152 [KVM] - fixed in mainline

So we have yet another Intel i40e CVE that has a nearly useless description.

For the rest, they are all fixed in v5.10-rc1.

- Fixes for CVE-2020-14351 and CVE-2020-27152 have been queued
up for v5.8 and v5.9.

- Fix for CVE-2020-27675 has been queued up for v5.9

- Fix for CVE-2020-27673 has not been backported yet.


Regards
ChenYu
Moxa


Pavel Machek
 

Hi!

- Fix for CVE-2020-27673 has not been backported yet.
Some kind of Xen issue, not really relevant to us, and fix is not
easy.

I'd say we can ignore this one.

Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany


Pavel Machek
 

Hi!

- Fix for CVE-2020-27673 has not been backported yet.
Some kind of Xen issue, not really relevant to us, and fix is not
easy.

I'd say we can ignore this one.
This is queued for 4.19.155:

| a9d6e970261d 0891fb39ba67 o: | xen/events: don't use chip_data for legacy IRQs
| d103e667bb8c 073d0552ead5 o: | xen/events: avoid removing an event channel while handling it
| ed86a5182306 4d3fe31bd993 o: | xen/events: add a proper barrier to 2-level uevent unmasking
| 6e894d279f4e f01337197419 o: | xen/events: fix race in evtchn_fifo_unmask()
| 0279bd8ca365 54c9de89895e o: | xen/events: add a new "late EOI" evtchn framework
| adc67cdf742f 01263a1fabe3 .: | xen/blkback: use lateeoi irq binding
| 322a5dc88d82 23025393dbeb .: | xen/netback: use lateeoi irq binding
| 515827d40949 86991b6e7ea6 .: | xen/scsiback: use lateeoi irq binding
| f2db1b870c08 c8d647a326f0 .: | xen/pvcallsback: use lateeoi irq binding
| 8b0ac9a498d2 c2711441bc96 .: | xen/pciback: use lateeoi irq binding
| 757d54717fae c44b849cee8c o: | xen/events: switch user event channels to lateeoi model
| c3c580896847 7beb290caa2a o: | xen/events: use a common cpu hotplug hook for event channels
| 7835cdf92784 e99502f76271 o: | xen/events: defer eoi in case of excessive number of events
| f8bf3977d67c 5f7f77400ab5 o: | xen/events: block rogue events for some time

"defer eoi" should be fix for this bug.

So..we don't need to do anything here, and it will get fixed.

Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany


Chen-Yu Tsai (Moxa) <wens@...>
 

On Tue, Nov 3, 2020 at 5:12 AM Pavel Machek <pavel@denx.de> wrote:

Hi!

- Fix for CVE-2020-27673 has not been backported yet.
Some kind of Xen issue, not really relevant to us, and fix is not
easy.

I'd say we can ignore this one.
This is queued for 4.19.155:

| a9d6e970261d 0891fb39ba67 o: | xen/events: don't use chip_data for legacy IRQs
| d103e667bb8c 073d0552ead5 o: | xen/events: avoid removing an event channel while handling it
| ed86a5182306 4d3fe31bd993 o: | xen/events: add a proper barrier to 2-level uevent unmasking
| 6e894d279f4e f01337197419 o: | xen/events: fix race in evtchn_fifo_unmask()
| 0279bd8ca365 54c9de89895e o: | xen/events: add a new "late EOI" evtchn framework
| adc67cdf742f 01263a1fabe3 .: | xen/blkback: use lateeoi irq binding
| 322a5dc88d82 23025393dbeb .: | xen/netback: use lateeoi irq binding
| 515827d40949 86991b6e7ea6 .: | xen/scsiback: use lateeoi irq binding
| f2db1b870c08 c8d647a326f0 .: | xen/pvcallsback: use lateeoi irq binding
| 8b0ac9a498d2 c2711441bc96 .: | xen/pciback: use lateeoi irq binding
| 757d54717fae c44b849cee8c o: | xen/events: switch user event channels to lateeoi model
| c3c580896847 7beb290caa2a o: | xen/events: use a common cpu hotplug hook for event channels
| 7835cdf92784 e99502f76271 o: | xen/events: defer eoi in case of excessive number of events
| f8bf3977d67c 5f7f77400ab5 o: | xen/events: block rogue events for some time

"defer eoi" should be fix for this bug.

So..we don't need to do anything here, and it will get fixed.
Confirmed. The fixes for CVE-2020-27673 and 27675 are part of 4.19.155.

Looks like there is no backport for older LTS branches though.

ChenYu