* New CVE in this week
@ 2022-01-20 1:16 Masami Ichikawa
2022-01-20 9:45 ` [cip-dev] " Pavel Machek
0 siblings, 1 reply; 2+ messages in thread
From: Masami Ichikawa @ 2022-01-20 1:16 UTC (permalink / raw)
To: cip-dev
Hi !
It's this week's CVE report.
This week reported 2 new CVEs.
* New CVEs
CVE-2022-23222: bpf: Fix out of bounds access from invalid *_or_null
type verification
CVSS v3 score is not provided
The adjust_ptr_min_max_vals() in kernel/bpf/verifier.c didn't handle
proper input validation that led a local attacker can escalate his
privilege. This bug affects 5.8 or later kernel.
There is a mitigation that set kernel.unprivileged_bpf_disabled to 1.
So, disabled unprivileged bpf is good way for eBFP as usual :)
Fixed status
mainline: [c25b2ae136039ffa820c26138ed4a5e5f3ab3841]
stable/5.10: [35ab8c9085b0af847df7fac9571ccd26d9f0f513]
stable/5.15: [e8efe8369944c6199f124e3b50662ad05a048b60]
stable/5.16: [931e56be527fb2672556e3c00c57ff2a5f5de43e]
CVE-2022-0185: vfs: fs_context: fix up param length parsing in
legacy_parse_param
CVSS v3 score is not provided
It was introduced by commit 3e1aeb0 ("vfs: Implement a filesystem
superblock creation/configuration context") which was merged in
5.1-rc1. This bug's root cause is an integer underflow which makes a
heap overflow bug. If an unprivileged user can use unshare operation
with CAP_SYS_ADMIN, user will be able to exploit the system via this
bug.
Fixed status
mainline: [722d94847de29310e8aa03fcbdb41fc92c521756]
* Updated CVEs
CVE-2021-4095: 'KVM: NULL pointer dereference in kvm_dirty_ring_get()
in virt/kvm/dirty_ring.c'
This issue was fixed in the mainline this week. It introduced at
commit 629b534 ("KVM: x86/xen: update wallclock region") which was
merged in 5.12-rc1-dontuse.
Fixed status
mainline: [55749769fe608fa3f4a075e42e89d237c8e37637]
CVE-2021-4197: cgroup: Use open-time creds and namespace for migration
perm checks
Commit 1756d79 ("cgroup: Use open-time credentials for process
migraton perm checks") failed to apply to 4.4, 4.9, 4.14, 4.19,
5.4,and 5.10. This commit fixes 187fe84 ("cgroup: require write perm
on common ancestor when moving processes on the default hierarchy")
which was merged in 4.2-rc1.
Commit 0d2b595 ("cgroup: Allocate cgroup_file_ctx for
kernfs_open_file->priv") failed to apply to 4.14, 4.19, 5.4, and 5.10.
Commit e574576 ("cgroup: Use open-time cgroup namespace for process
migration perm checks") was failed to apply to 4.14, 4.19, 5.4, and
5.10. This commit fixes 5136f63 ("cgroup: implement "nsdelegate" mount
option") which was merged in 4.13-rc1.
Fixed status
mainline: [1756d7994ad85c2479af6ae5a9750b92324685af,
0d2b5955b36250a9428c832664f2079cbf723bec,
e57457641613fef0d147ede8bd6a3047df588b95]
stable/5.15: [c6ebc35298848accb5e50c37fdb2490cf4690c92,
50273128d640e8d21a13aec5f4bbce4802f17d7d,
43fa0b3639c5fd48c96b19d645d0c7ff2327651a]
Currently tracking CVEs
CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in
Bluetooth Core Specifications 4.0 through 5.2
There is no fix information.
CVE-2020-26555: BR/EDR pin code pairing broken
No fix information
CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning
No fix information.
CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh
Provisioning Leads to MITM
No fix information.
CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning
No fix information.
CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning
No fix information.
Regards,
--
Masami Ichikawa
Cybertrust Japan Co., Ltd.
Email :masami.ichikawa@cybertrust.co.jp
:masami.ichikawa@miraclelinux.com
^ permalink raw reply [flat|nested] 2+ messages in thread* Re: [cip-dev] New CVE in this week
2022-01-20 1:16 New CVE in this week Masami Ichikawa
@ 2022-01-20 9:45 ` Pavel Machek
0 siblings, 0 replies; 2+ messages in thread
From: Pavel Machek @ 2022-01-20 9:45 UTC (permalink / raw)
To: cip-dev
[-- Attachment #1: Type: text/plain, Size: 1650 bytes --]
Hi!
> CVE-2022-0185: vfs: fs_context: fix up param length parsing in
> legacy_parse_param
> mainline: [722d94847de29310e8aa03fcbdb41fc92c521756]
This one is queued up for 5.10.93. We likely don't need to do anything
here.
> CVE-2021-4095: 'KVM: NULL pointer dereference in kvm_dirty_ring_get()
> in virt/kvm/dirty_ring.c'
>
> This issue was fixed in the mainline this week. It introduced at
> commit 629b534 ("KVM: x86/xen: update wallclock region") which was
> merged in 5.12-rc1-dontuse.
As it does not affect "our" kernels, we don't need to do anything. Good.
> CVE-2021-4197: cgroup: Use open-time creds and namespace for migration
> perm checks
>
> Commit 1756d79 ("cgroup: Use open-time credentials for process
> migraton perm checks") failed to apply to 4.4, 4.9, 4.14, 4.19,
> 5.4,and 5.10. This commit fixes 187fe84 ("cgroup: require write perm
> on common ancestor when moving processes on the default hierarchy")
> which was merged in 4.2-rc1.
This one looks relatively simple.
> Commit 0d2b595 ("cgroup: Allocate cgroup_file_ctx for
> kernfs_open_file->priv") failed to apply to 4.14, 4.19, 5.4, and 5.10.
>
> Commit e574576 ("cgroup: Use open-time cgroup namespace for process
> migration perm checks") was failed to apply to 4.14, 4.19, 5.4, and
> 5.10. This commit fixes 5136f63 ("cgroup: implement "nsdelegate" mount
> option") which was merged in 4.13-rc1.
Unfortunatley these two are more complicated.
Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-01-20 9:45 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-01-20 1:16 New CVE in this week Masami Ichikawa
2022-01-20 9:45 ` [cip-dev] " Pavel Machek
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox