From: "Pavel Machek" <pavel@denx.de>
To: Chen-Yu Tsai <wens@csie.org>
Cc: Pavel Machek <pavel@denx.de>,
cip-dev@lists.cip-project.org,
Nobuhiro Iwamatsu <nobuhiro1.iwamatsu@toshiba.co.jp>,
masashi.kudo@cybertrust.co.jp
Subject: Re: [cip-dev] Cip-kernel-sec Updates for Week of 2021-05-05
Date: Wed, 5 May 2021 10:17:57 +0200 [thread overview]
Message-ID: <20210505081757.GB29521@amd> (raw)
In-Reply-To: <CAGb2v64aHtMy_TxaKPHjyw6vEaTn+msY9De-T6s5Xo1hRdWtOg@mail.gmail.com>
[-- Attachment #1.1: Type: text/plain, Size: 1231 bytes --]
Hi!
> > > Two new CVEs this week:
> > >
> > > - CVE-2021-31829 [bpf: stack pointer protection from speculative
> > > arithmetic] - fixed
> > > Fixes just landed in mainline as part of the merge window. Fixes not
> > > tagged for stable.
> >
> > Could you push your changes to cip-kernel-sec?
>
> Done. Sorry about that.
Thank you!
> > These are queued for 5.10.35 and 4.19, I believe they may be related.
> >
> > v |8373088d4 b9b34d o: 5.10| bpf: Fix masking negation logic upon negative dst register
> > a |fbb1ea771 b9b34d o: 4.19| bpf: Fix masking negation logic upon negative dst register
> > a |024fb2412 801c60 o: 5.10| bpf: Fix leakage of uninitialized bpf stack under speculation
>
> I only looked through my inbox. And our scripts don't pick things up
> from the stable-queue. In any case they will be picked up once the
> stable kernels including them are released.
According to https://ubuntu.com/security/CVE-2021-31829 it is those
two patches that fix it. So this should get resolved in 5.10.35 for
us.
Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
[-- Attachment #1.2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]
[-- Attachment #2: Type: text/plain, Size: 428 bytes --]
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#6423): https://lists.cip-project.org/g/cip-dev/message/6423
Mute This Topic: https://lists.cip-project.org/mt/82597445/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/4520388/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2021-05-05 8:18 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-05 4:36 [cip-dev] Cip-kernel-sec Updates for Week of 2021-05-05 Chen-Yu Tsai (Moxa)
2021-05-05 7:51 ` Pavel Machek
2021-05-05 7:56 ` Chen-Yu Tsai (Moxa)
2021-05-05 8:17 ` Pavel Machek [this message]
2021-05-05 8:34 ` Pavel Machek
2021-05-05 11:15 ` Chen-Yu Tsai (Moxa)
2021-06-18 2:21 ` 市川正美
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210505081757.GB29521@amd \
--to=pavel@denx.de \
--cc=cip-dev@lists.cip-project.org \
--cc=masashi.kudo@cybertrust.co.jp \
--cc=nobuhiro1.iwamatsu@toshiba.co.jp \
--cc=wens@csie.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox