|
Message-ID: <2024013010-jockey-kindred-c6cd@gregkh> Date: Tue, 30 Jan 2024 08:34:03 -0800 From: Greg KH <greg@...ah.com> To: oss-security@...ts.openwall.com Cc: Armin Kuster <akuster@...sta.com> Subject: Re: FWD: Kernel vulnerabilities CVE-2021-33630 & CVE-2021-33631 On Tue, Jan 30, 2024 at 03:25:24PM +0100, Solar Designer wrote: > On Tue, Jan 30, 2024 at 08:46:56AM -0500, Armin Kuster wrote: > > I noticed these two openEuler CVEs were assigned two weeks ago affecting > > some K.O stable branches. > > > > https://nvd.nist.gov/vuln/detail/CVE-2021-33630 > > This says: > > "NULL Pointer Dereference vulnerability in openEuler kernel on Linux > (network modules) allows Pointer Manipulation. This vulnerability is > associated with program files net/sched/sch_cbs.C. This issue affects > openEuler kernel: from 4.19.90 before 4.19.90-2401.3." > > > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e8b9bfa110896f95d602d8c98d5f9d67e41d78c > > This mainline commit is from 2019, "net/sched: cbs: Fix not adding cbs > instance to list". > > > https://nvd.nist.gov/vuln/detail/CVE-2021-33631 > > This says: > > "Integer Overflow or Wraparound vulnerability in openEuler kernel on > Linux (filesystem modules) allows Forced Integer Overflow.This issue > affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from > 5.10.0-60.18.0 before 5.10.0-183.0.0." The commit above was fixed in the following kernels: 5.2.19 5.3.4 5.4 and was fixing an issue that showed up in the 4.19.99 and 5.2 kernel releases. I can queue this up to the 4.19.y kernel tree next week if people really think this is needed, would have been nice if whom ever created the CVE would have done so :( > > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c099c4fdc438014d5893629e70a8ba934433ee8 > > 2022, "ext4: fix kernel BUG in 'ext4_write_inline_data_end()'" > > So the concern is that upstream longterm 4.19.y and 5.10.y (and perhaps > some others) may still be affected. This commit is fixed in the following kernel trees: 4.14.312 4.19.280 5.4.240 5.10.177 5.15.87 6.0.18 6.1.4 6.2 So I think that all actively supported kernel.org releases are ok. > The above links don't say anything about attack vectors and required > access - I guess CAP_NET_ADMIN and raw block device write (e.g., to a > USB flash drive on another computer), respectively, are the > prerequisites? The CVSS scores look exaggerated, especially NVD's score > of 7.8 for CVE-2021-33631. Yeah, that looks really high but who knows how CVSS scores really are calculated :) thanks, greg k-h
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.