From: Pavel Machek <pavel@denx.de>
To: cip-dev@lists.cip-project.org
Subject: Re: [cip-dev] New CVE entries in this week
Date: Thu, 9 Dec 2021 10:20:52 +0100 [thread overview]
Message-ID: <20211209092052.GA14638@amd> (raw)
In-Reply-To: <CAODzB9om4QmKLw-ABYqwWSBKL0Sndapov8FWLmhPQKtq1ZvQKA@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2265 bytes --]
Hi!
> * New CVEs
>
> CVE-2021-39636: "no details"
>
> CVSS v3 score is not provided
>
> There is no vulnerability details yet. However, there is five patches
> are addressed so the bug is in the netfilter module.
>
> f32815d ("xtables: add xt_match, xt_target and data copy_to_user
> functions"): merged in 4.11-rc1
> f77bc5b ("iptables: use match, target and data copy_to_user helpers"):
> merged in 4.11-rc1
> e47ddb2 ("ip6tables: use match, target and data copy_to_user
> helpers"): merged in 4.11-rc1
> ec23189 ("xtables: extend matches and targets with .usersize"): merged
> in 4.11-rc1
> 1e98ffe ("netfilter: x_tables: fix pointer leaks to userspace"):
> merged in 4.16-rc1. This fixes commit ec23189 ("xtables: extend
> matches and targets with .usersize") that was merged in 4.11-rc1.
>
> Fixed status
>
> mainline: [f32815d21d4d8287336fb9cef4d2d9e0866214c2,
> f77bc5b23fb1af51fc0faa8a479dea8969eb5079,
> e47ddb2c4691fd2bd8d25745ecb6848408899757,
> ec23189049651b16dc2ffab35a4371dc1f491aca,
> 1e98ffea5a8935ec040ab72299e349cb44b8defd]
> stable/4.14: [f32815d21d4d8287336fb9cef4d2d9e0866214c2,
> f77bc5b23fb1af51fc0faa8a479dea8969eb5079,
> e47ddb2c4691fd2bd8d25745ecb6848408899757,
> ec23189049651b16dc2ffab35a4371dc1f491aca,
> ad10785a706e63ff155fc97860cdcc5e3bc5992d]
Hmm. Fun. 1e98ffea5a8935ec040ab72299e349cb44b8defd may have a clue:
This leads to kernel pointer leaks if a match/target is set
and then read back to userspace.
So that sounds like KASLR workaround? iptables are normally limited to
priviledged users, and KASLR is just a technology to make exploitation
hard. I don't think we care too much here.
> CVE-2018-25020: bpf: fix truncated jump targets on heavy expansions
>
> CVSS v3 score is not provided
>
> Fixed status
>
> The BPF subsystem in the kernel through 4.17-rc7 has overflow bug.
>
> mainline: [050fad7c4534c13c8eb1d9c2ba66012e014773cb]
Fun. JITs are hard to get right. I guess "avoid BPF" and "certainly
don't allow unpriviledged access to BPF" is good advice.
Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]
next prev parent reply other threads:[~2021-12-09 9:21 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-08 23:44 New CVE entries in this week Masami Ichikawa
2021-12-09 9:20 ` Pavel Machek [this message]
2021-12-09 14:12 ` [cip-dev] " Masami Ichikawa
-- strict thread matches above, loose matches on Subject: below --
2022-01-26 23:51 Masami Ichikawa
2022-01-27 8:21 ` [cip-dev] " nobuhiro1.iwamatsu
2022-01-28 6:18 ` Masami Ichikawa
2022-01-29 21:03 ` Pavel Machek
2022-01-31 0:00 ` Masami Ichikawa
2022-01-12 23:39 Masami Ichikawa
2022-01-13 8:07 ` [cip-dev] " Pavel Machek
2022-01-13 12:41 ` Masami Ichikawa
2021-12-29 23:29 Masami Ichikawa
2021-12-30 10:20 ` [cip-dev] " Pavel Machek
2021-12-30 23:05 ` Masami Ichikawa
2021-12-23 0:48 Masami Ichikawa
2021-12-23 17:11 ` [cip-dev] " Pavel Machek
2021-12-15 23:49 Masami Ichikawa
2021-12-16 5:26 ` [cip-dev] " nobuhiro1.iwamatsu
2021-12-16 5:58 ` Masami Ichikawa
2021-12-16 8:49 ` Pavel Machek
[not found] <16BAA9D56D09F20A.23256@lists.cip-project.org>
2021-11-25 5:16 ` Masami Ichikawa
2021-11-25 8:00 ` nobuhiro1.iwamatsu
2021-11-25 12:00 ` Masami Ichikawa
2021-11-25 9:09 ` Pavel Machek
2021-11-25 12:01 ` Masami Ichikawa
2021-11-25 2:41 Masami Ichikawa
2021-11-25 9:14 ` [cip-dev] " Pavel Machek
2021-11-10 23:52 Masami Ichikawa
2021-11-11 9:21 ` [cip-dev] " Pavel Machek
2021-11-11 12:47 ` Masami Ichikawa
2021-11-04 1:11 New CVE Entries " Masami Ichikawa
2021-11-04 9:57 ` [cip-dev] " Pavel Machek
2021-11-04 13:04 ` Masami Ichikawa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211209092052.GA14638@amd \
--to=pavel@denx.de \
--cc=cip-dev@lists.cip-project.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.