• State Resolved
  • Locked Locked
  • Replies 3 replies
  • Subscribers 98 subscribers
  • Views 387 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

AM5708: LCPD-11136 details

J-breeze
Expert 1105 points
Part Number: AM5708

Hi Champs,

I'd like to know in detail of LCPD-11136 because I want to make sure if I need a backport.
What are four CVEs that closed on Linux PSDK v04.03.00.05 below?

  o 2.1.6.2. Issued found and closed on this release that may be applicable to prior releases
    (http://software-dl.ti.com/processor-sdk-linux/esd/docs/04_03_00_05/linux/Release_Specific.html#issued-found-and-closed-on-this-release-that-may-be-applicable-to-prior-releases)

    Record ID: LCPD-11136
    Title    : Four Common Vulnerabilities and Exposures (CVE) not implemented

Best regards,
J-breeze

  • 0
    TI__Mastermind 30516 points

    J-breeze,

    This ended up being a test case failure. The code for the CVEs were in the kernel and once the test case was fixed, they passed. Unfortunately, this discovery missed our release window. Here are the four CVEs that were referred to:

    cve-2017-6951 - 4.9.25 - b2dd90e812f3f733b55f0bf4487032e53b487665
    cve-2012-0957 - 3.14 - 2702b1526c7278c4d65d78de209a465d4de2885e
    cve-2017-5669 - 270e84a1e6effd6c0c6e9b13b196b5fdaa392954
    cve-2016-4997 - ce683e5f9d045e5d67d1312a42b359cb2ab2a13c

    The code is in our tree and once again the test passed when tested properly.

    I hope this resolves this issue.

  • 0 in reply to RonB
    Expert 1105 points

    Hi RonB,

    Thank you for your information.
    I'm planning to backport the CVEs to PSDK Linux v04.01.00..06.
    So, could you please let me know whether the PSDK Linux has the code for the CVEs in the kernel or not?
    If yes, I don't need the backporting?

    Best regards,
    J-Breeze

  • 0 in reply to J-breeze
    TI__Mastermind 30516 points

    I would recommend using "git log" to confirm whether these commits are in your tree or not. Based on the info. above, the first one seems to have been added in  4.9.25 so might be there. The 3.14 one should definitely be there. git should allow you to confirm each.

    I hope this helps.