cip-dev@lists.cip-project.org | New CVE entries this week.

Home Messages Hashtags Subgroups

Date Date 1 - 1 of 1

New CVE entries this week.

Masami Ichikawa #7323 Hi ! It's this week's CVE report. This week reported 1 new CVE. * New CVEs CVE-2021-4197: cgroup: Use open-time creds and namespace for migration perm checks CVSS v3 score is not provided A local attacker could escalate privileges for the containers or other processes that uses cgroups Patch series is available (https://lore.kernel.org/lkml/20211209214707.805617-1-tj@kernel.org/T/) but it hasn't been merged into the mainline yet. Fixed status Not fixed yet. * Updated CVEs CVE-2021-44733: tee: handle lookup of shm with reference count 0 This CVE was introduced by commit 967c9cc ("tee: generic TEE subsystem") at 4.12-rc1. so 4.4 isn't affected this issue. Fixed status mainline: [dfd0743f1d9ea76931510ed150334d571fbab49d] stable/4.14: [3d556a28bbfe34a80b014db49908b0f1bcb1ae80] stable/4.19: [b4a661b4212b8fac8853ec3b68e4a909dccc88a1] stable/5.10: [c05d8f66ec3470e5212c4d08c46d6cb5738d600d] stable/5.15: [492eb7afe858d60408b2da09adc78540c4d16543] stable/5.4: [940e68e57ab69248fabba5889e615305789db8a7] CVE-2021-45100: ksmbd: disable SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1 This CVE was introduced by commit e2f3448 ("cifsd: add server-side procedures for SMB3") which was merged at 5.15-rc1. so before 5.15 kernels are not affected. Fixed status mainline: [83912d6d55be10d65b5268d1871168b9ebe1ec4b] stable/5.15: [a2c144d17623984fdafa4634ecf4ab64580d29bb] CVE-2021-45469: f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() The mainline hasn't been fixed yet. Fixed status stable/4.14: [88dedecc24763c2e0bc1e8eeb35f9f2cd785a7e5] stable/4.19: [f9dfa44be0fb5e8426183a70f69a246cf5827f49] stable/5.10: [fffb6581a23add416239dfcf7e7f3980c6b913da] stable/5.15: [a8a9d753edd7f71e6a2edaa580d8182530b68791] stable/5.4: [b0406b5ef4e2c4fb21d9e7d5c36a0453b4279e9b] Currently tracking CVEs CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 There is no fix information. CVE-2020-26555: BR/EDR pin code pairing broken No fix information CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning No fix information. CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh Provisioning Leads to MITM No fix information. CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning No fix information. CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning No fix information. Regards, -- Masami Ichikawa Cybertrust Japan Co., Ltd. Email :masami.ichikawa@cybertrust.co.jp :masami.ichikawa@miraclelinux.com
More All Messages By This Member

1 - 1 of 1

1

Previous Topic Next Topic

Home Hashtags Subgroups Terms