Date
1 - 3 of 3
Cip-kernel-sec Updates for Week of 2021-02-04
|
masashi.kudo@cybertrust.co.jp <masashi.kudo@...>
Hi, Chen-Yu san,
toggle quoted message
Show quoted text
Thanks for reporting this! Best regards, -- M. Kudo -----Original Message----- |
|
|
|
Chen-Yu Tsai (Moxa) <wens@...>
On Thu, Feb 4, 2021 at 1:26 PM Chen-Yu Tsai <wens@...> wrote:
FTR, a second backport series for 4.4 was also posted: https://lore.kernel.org/stable/20210204172903.2860981-1-lee.jones@linaro.org/ ChenYu For CVE-2020-27825 from two weeks ago, the fix has been backported to |
|
|
|
Chen-Yu Tsai (Moxa) <wens@...>
Hi everyone,
Two new issue this week: - CVE-2021-3347 [UAF in futex]: fixed for 4.14 and later [1] - CVE-2021-3348 [nbd: UAF when adding connections while operations are running]: fixed in all kernels For CVE-2021-3347, based on [1], more patches are needed for 4.4 and 4.9. The second batch: 12bb3f7f1b03d5913b3f9d4236a488aa7774dfe9..34b1a1ce1458f50ef27c54e28eb9b1947012907a inclusive has not been included yet. Lee Jones seems to be handling it [2]. For CVE-2020-27825 from two weeks ago, the fix has been backported to all stable kernels. For CVE-2020-16120, Ubuntu mentions a regression due to the backported fix [3]. We probably don't care either way since this requires unprivileged user namespace is enabled. Regards ChenYu [1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/pending/futex_issues.txt [2] https://lore.kernel.org/stable/20210203134539.2583943-1-lee.jones@linaro.org/ [2] https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1900141 |
|
|