* Re: CVE-2021-3444
2021-06-29 22:02 ` CVE-2021-3444 Sasha Levin
@ 2021-06-30 12:51 ` Salvatore Bonaccorso
0 siblings, 0 replies; 3+ messages in thread
From: Salvatore Bonaccorso @ 2021-06-30 12:51 UTC (permalink / raw)
To: Sasha Levin
Cc: Anil Altinay, stable, Thadeu Lima de Souza Cascardo,
Daniel Borkmann, Alexei Starovoitov
Hi Anil,
On Tue, Jun 29, 2021 at 06:02:14PM -0400, Sasha Levin wrote:
> On Tue, Jun 29, 2021 at 01:06:00PM -0700, Anil Altinay wrote:
> > Hi,
> >
> > I realized that this cve(
> > https://www.openwall.com/lists/oss-security/2021/03/23/2 ) is not in
> > the 4.19 tree but the commits introduced the vulnerability before
> > 4.19. Is there any reason that the fix was not cherry-picked to 4.19?
>
> Backport wasn't trivial, and no one seemed to care enough about 4.19.
> Feel free to backport the fix and send it out for review.
FWIW, thre was/is some work in progress from this for the 4.19.y
series and in fact they are already done by Thadeu Lima de Souza
Cascardo, based on earlier version from Daniel. They are not yet in a
form probably to be accepted for stable@... they need some adaption to
commit message to reflect the needed changes for the backport, as
clean cyerry-picks were not possible and are based on earlier versions
of the patches.
There is a prerequisite needed, which is not in mainline, which is a
aprtial undo of old commit 144cd91c4c2b ("bpf: move tmp variable into
ax register in interpreter") and on top of it first a backport needed
for e88b2c6e5a4d ("bpf: Fix 32 bit src register truncation on
div/mod") (which is the fix for CVE-2021-3600), and then a backport of
the CVE-2021-3444.
Cascardo, Daniel, Alexei, should we post that series here so maybe
someone is able to fixup the patches as needed for inclusion in
4.19.y?
Regards,
Salvatore
^ permalink raw reply [flat|nested] 3+ messages in thread