cip-dev@lists.cip-project.org | cip-kernel-sec Updates for Week of 2020-11-05

Home Messages Hashtags Subgroups

Date Date 1 - 1 of 1

Chen-Yu Tsai <wens213@...> #5752 New CVEs: - CVE-2020-25668 [concurrency use-after-free in vt] - fixed for v4.19 and later - CVE-2020-25670 [net/nfc/llcp res. leak] - CVE-2020-25671 [net/nfc/llcp res. leak] - CVE-2020-25672 [net/nfc/llcp res. leak] - CVE-2020-25673 [net/nfc/llcp res. leak] No member enables NFC so we can ignore 25670 ~ 25673. Old CVEs now fixed: - CVE-2020-25656 [use-after-free in vt_do_kdgkb_ioctl] - fixed for v4.14 and later For CVE-2020-25668, the commit log says the bug has been around for at least 12 years, so likely needing a backport to older kernels. For CVE-2020-25656, we still need to identify when it was introduced. Regards, ChenYu Moxa
More

1 - 1 of 1