Re: [cip-dev] New CVE in this week

[Pavel Machek <pavel@denx.de>]

[-- Attachment #1: Type: text/plain, Size: 1650 bytes --]

Hi!

> CVE-2022-0185: vfs: fs_context: fix up param length parsing in
> legacy_parse_param
> mainline: [722d94847de29310e8aa03fcbdb41fc92c521756]

This one is queued up for 5.10.93. We likely don't need to do anything
here.

> CVE-2021-4095: 'KVM: NULL pointer dereference in kvm_dirty_ring_get()
> in virt/kvm/dirty_ring.c'
> 
> This issue was fixed in the mainline this week. It introduced at
> commit 629b534 ("KVM: x86/xen: update wallclock region") which was
> merged in 5.12-rc1-dontuse.

As it does not affect "our" kernels, we don't need to do anything. Good.

> CVE-2021-4197: cgroup: Use open-time creds and namespace for migration
> perm checks
> 
> Commit 1756d79 ("cgroup: Use open-time credentials for process
> migraton perm checks") failed to apply to 4.4, 4.9, 4.14, 4.19,
> 5.4,and 5.10. This commit fixes 187fe84 ("cgroup: require write perm
> on common ancestor when moving processes on the default hierarchy")
> which was merged in 4.2-rc1.

This one looks relatively simple.

> Commit 0d2b595 ("cgroup: Allocate cgroup_file_ctx for
> kernfs_open_file->priv") failed to apply to 4.14, 4.19, 5.4, and 5.10.
> 
> Commit e574576 ("cgroup: Use open-time cgroup namespace for process
> migration perm checks") was failed to apply to 4.14, 4.19, 5.4, and
> 5.10. This commit fixes 5136f63 ("cgroup: implement "nsdelegate" mount
> option") which was merged in 4.13-rc1.

Unfortunatley these two are more complicated.

Best regards,
								Pavel

-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]