Hello,
It seems the fix commits for a couple of CVEs have not been cherry
picked in the current linux-5.4.y branch (v5.4.188, currently):
---
CVE-2020-16120:
<https://nvd.nist.gov/vuln/detail/CVE-2020-16120> references the
following mainline commits:
d1d04ef8572bc8c22265057bd3d5a79f223f8f52 "ovl: stack file ops"
(break commit)
56230d956739b9cb1cbde439d76227d77979a04d "ovl: verify permissions
in ovl_path_open()"
48bd024b8a40d73ad6b086de2615738da0c7004f "ovl: switch to mounter
creds in readdir"
05acefb4872dae89e772729efb194af754c877e8 "ovl: check permission to
open real file"
b6650dab404c701d7fe08a108b746542a934da84 "ovl: do not fail because
of O_NOATIME"
The CVE description says the last commit in the list above fixes a
regression introduced by these two commits:
130fdbc3d1f9966dd4230709c30f3768bccd3065 "ovl: pass correct flags
for opening real directory"
292f902a40c11f043a5ca1305a114da0e523eaa3 "ovl: call secutiry hook
in ovl_real_ioctl()"
---
CVE-2021-3428:
According to <https://bugzilla.suse.com/show_bug.cgi?id=1173485>, the
mainline fix commits are:
d176b1f62f24 "ext4: handle error of ext4_setup_system_zone() on
remount"
bf9a379d0980 "ext4: don't allow overlapping system zones"
ce9f24cccdc0 "ext4: check journal inode extents more carefully"
Of these, only the first two have been cherry-picked.
---
Half of these commits may be cherry-picked without a conflict. I wonder
why they have not been applied and cannot find any discussion about them
on this mailing list. Is it an oversight? Or because the v5.4 line is
not affected? Some other reason?
Regards,
achtol
