Hi !
It's this week's CVE report.
This week reported 3 new CVEs and 2 updated CVEs.
* New CVEs
CVE-2022-3078: lack of check after calling vzalloc() and lack of free
after allocation in vidtv driver
CVSS v3 score is 5.5 MEDIUM.
The vidtv driver was introduced by commit f90cf60 ("media: vidtv: add
a bridge driver") was merged in 5.10-rc1.
There is a lack of check after calling vzalloc() and lack of free
after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c.
Kernel 4.4, 4.9, 4.14, 4.19, and 5.4 are not affected.
No CIP member enables CONFIG_DVB_VIDTV.
Fixed status
mainline: [e6a21a14106d9718aa4f8e115b1e474888eeba44]
stable/5.10: [663e7a72871f89f7a10cc8d7b2f17f27c64e071d]
stable/5.15: [9dd2fd7a1f84c947561af29424c5ddcecfcf2cbe]
CVE-2022-39190: 'netfilter: nf_tables: disallow binding to already bound chain
CVSS v3 score is not assigned.
There is a lack of input value check in nft_verdict_init of the file
net/netfilter/nf_tables_api.c which will cause denial of service
vulnerability. This vulnerability was introduced by commit d0e2c7d
("netfilter: nf_tables: add NFT_CHAIN_BINDING") which was merged in
5.9-rc1.
Kernel 4.4, 4.9, 4.14, 4.19, and 5.4 are not affected.
Fixed status
mainline: [e02f0d3970404bfea385b6edb86f2d936db0ea2b]
stable/5.10: [c08a104a8bce832f6e7a4e8d9ac091777b9982ea]
stable/5.15: [51f192ae71c3431aa69a988449ee2fd288e57648]
stable/5.19: [fdca693fcf26c11596e7aa1e540af2b4a5288c76]
CVE-2022-39842: video: fbdev: pxa3xx-gcu: Fix integer overflow in
pxa3xx_gcu_write
CVSS v3 score is not assigned.
There is an integer overflow bug in pxa3xx_gcu_write() in PXA3XX_GCU driver.
All stable kernels(include 4.4) are affected by this issue.
No CIP member enables CONFIG_PXA3XX_GCU.
Fixed status
mainline: [a09d2d00af53b43c6f11e6ab3cb58443c2cac8a7]
* Updated CVEs
CVE-2022-39188: unmap_mapping_range() race with munmap() on VM_PFNMAP
mappings leads to stale TLB entry
4.14, 4.19, 4.9, 5.10, 5.15, and 5.4 were fixed.
Fixed status
mainline: [b67fbebd4cf980aecbcc750e1462128bffe8ae15]
stable/4.14: [b8a54a2a45feacbc96065e5d6b9a1cbee2aa1e9d]
stable/4.19: [c3b1e88f14e7f442e2ddcbec94527eec84ac0ca3]
stable/4.9: [390f33a95419f7fa1254ba6b6feeabde480732f9]
stable/5.10: [895428ee124ad70b9763259308354877b725c31d]
stable/5.15: [3ffb97fce282df03723995f5eed6a559d008078e]
stable/5.4: [c9c5501e815132530d741ec9fdd22657f91656bc]
CVE-2022-3028: af_key: Do not call xfrm_probe_algs in parallel
4.14, 4.19, 4.9, and 5.4 were fixed.
Fixed status
mainline: [ba953a9d89a00c078b85f4b190bc1dde66fe16b5]
stable/4.14: [f1b1b63e307478e93548f59e18bd844744b396d3]
stable/4.19: [7dbfc8f25f22fe2a64dd808266e00c8d2661ebdd]
stable/4.9: [e580d3201ed222c4752ced7e629ad96bc0340713]
stable/5.10: [c5c4d4c9806dadac7bc82f9c29ef4e1b78894775]
stable/5.15: [103bd319c0fc90f1cb013c3a508615e6df8af823]
stable/5.19: [6901885656c029c976498290b52f67f2c251e6a0]
stable/5.4: [8ee27a4f0f1ad36d430221842767880df6494147]
Currently tracking CVEs
CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in
Bluetooth Core Specifications 4.0 through 5.2
There is no fix information.
CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning
No fix information.
CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh
Provisioning Leads to MITM
No fix information.
CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning
No fix information.
CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning
No fix information.
Regards,
--
Masami Ichikawa
Cybertrust Japan Co., Ltd.
Email :masami.ichikawa@...
:masami.ichikawa@...
