From: Pavel Machek <pavel@denx.de>
To: cip-dev@lists.cip-project.org
Subject: Re: [cip-dev] New CVE entries in this week
Date: Thu, 9 Dec 2021 10:20:52 +0100 [thread overview]
Message-ID: <20211209092052.GA14638@amd> (raw)
In-Reply-To: <CAODzB9om4QmKLw-ABYqwWSBKL0Sndapov8FWLmhPQKtq1ZvQKA@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2265 bytes --]
Hi!
> * New CVEs
>
> CVE-2021-39636: "no details"
>
> CVSS v3 score is not provided
>
> There is no vulnerability details yet. However, there is five patches
> are addressed so the bug is in the netfilter module.
>
> f32815d ("xtables: add xt_match, xt_target and data copy_to_user
> functions"): merged in 4.11-rc1
> f77bc5b ("iptables: use match, target and data copy_to_user helpers"):
> merged in 4.11-rc1
> e47ddb2 ("ip6tables: use match, target and data copy_to_user
> helpers"): merged in 4.11-rc1
> ec23189 ("xtables: extend matches and targets with .usersize"): merged
> in 4.11-rc1
> 1e98ffe ("netfilter: x_tables: fix pointer leaks to userspace"):
> merged in 4.16-rc1. This fixes commit ec23189 ("xtables: extend
> matches and targets with .usersize") that was merged in 4.11-rc1.
>
> Fixed status
>
> mainline: [f32815d21d4d8287336fb9cef4d2d9e0866214c2,
> f77bc5b23fb1af51fc0faa8a479dea8969eb5079,
> e47ddb2c4691fd2bd8d25745ecb6848408899757,
> ec23189049651b16dc2ffab35a4371dc1f491aca,
> 1e98ffea5a8935ec040ab72299e349cb44b8defd]
> stable/4.14: [f32815d21d4d8287336fb9cef4d2d9e0866214c2,
> f77bc5b23fb1af51fc0faa8a479dea8969eb5079,
> e47ddb2c4691fd2bd8d25745ecb6848408899757,
> ec23189049651b16dc2ffab35a4371dc1f491aca,
> ad10785a706e63ff155fc97860cdcc5e3bc5992d]
Hmm. Fun. 1e98ffea5a8935ec040ab72299e349cb44b8defd may have a clue:
This leads to kernel pointer leaks if a match/target is set
and then read back to userspace.
So that sounds like KASLR workaround? iptables are normally limited to
priviledged users, and KASLR is just a technology to make exploitation
hard. I don't think we care too much here.
> CVE-2018-25020: bpf: fix truncated jump targets on heavy expansions
>
> CVSS v3 score is not provided
>
> Fixed status
>
> The BPF subsystem in the kernel through 4.17-rc7 has overflow bug.
>
> mainline: [050fad7c4534c13c8eb1d9c2ba66012e014773cb]
Fun. JITs are hard to get right. I guess "avoid BPF" and "certainly
don't allow unpriviledged access to BPF" is good advice.
Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]
next prev parent reply other threads:[~2021-12-09 9:21 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-08 23:44 New CVE entries in this week Masami Ichikawa
2021-12-09 9:20 ` Pavel Machek [this message]
2021-12-09 14:12 ` [cip-dev] " Masami Ichikawa
-- strict thread matches above, loose matches on Subject: below --
2022-01-26 23:51 Masami Ichikawa
2022-01-27 8:21 ` [cip-dev] " nobuhiro1.iwamatsu
2022-01-28 6:18 ` Masami Ichikawa
2022-01-29 21:03 ` Pavel Machek
2022-01-31 0:00 ` Masami Ichikawa
2022-01-12 23:39 Masami Ichikawa
2022-01-13 8:07 ` [cip-dev] " Pavel Machek
2022-01-13 12:41 ` Masami Ichikawa
2021-12-29 23:29 Masami Ichikawa
2021-12-30 10:20 ` [cip-dev] " Pavel Machek
2021-12-30 23:05 ` Masami Ichikawa
2021-12-23 0:48 Masami Ichikawa
2021-12-23 17:11 ` [cip-dev] " Pavel Machek
2021-12-15 23:49 Masami Ichikawa
2021-12-16 5:26 ` [cip-dev] " nobuhiro1.iwamatsu
2021-12-16 5:58 ` Masami Ichikawa
2021-12-16 8:49 ` Pavel Machek
[not found] <16BAA9D56D09F20A.23256@lists.cip-project.org>
2021-11-25 5:16 ` Masami Ichikawa
2021-11-25 8:00 ` nobuhiro1.iwamatsu
2021-11-25 12:00 ` Masami Ichikawa
2021-11-25 9:09 ` Pavel Machek
2021-11-25 12:01 ` Masami Ichikawa
2021-11-25 2:41 Masami Ichikawa
2021-11-25 9:14 ` [cip-dev] " Pavel Machek
2021-11-10 23:52 Masami Ichikawa
2021-11-11 9:21 ` [cip-dev] " Pavel Machek
2021-11-11 12:47 ` Masami Ichikawa
2021-11-04 1:11 New CVE Entries " Masami Ichikawa
2021-11-04 9:57 ` [cip-dev] " Pavel Machek
2021-11-04 13:04 ` Masami Ichikawa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211209092052.GA14638@amd \
--to=pavel@denx.de \
--cc=cip-dev@lists.cip-project.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox