|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-1: CVE-2021-0200: kernel-firmware: out-of-bounds write in the firmware for Intel(R) Ethernet 700 Series Controllers | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Thomas Leroy <thomas.leroy> |
| Component: | Incidents | Assignee: | Takashi Iwai <tiwai> |
| Status: | RESOLVED INVALID | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P4 - Low | CC: | meissner, smash_bz, thomas.leroy, tiwai |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/315206/ | ||
| Whiteboard: | |||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
Thomas Leroy
2021-11-19 13:54:54 UTC
Still not clear for me if we are affected or not. Please update if we have more concrete information. This is some kind of tricky case. The issue seems to be related to a specific controller firmware, to which I can't find sign in kernel-firmware. It does not seem to be related to ethernet drivers that we could find in kernel-source. For the moment, from what I found, I think we are not affected, but I am not 100% sure. I can find some references to X710, XL710 and XXV710 intel drivers in kernel sources (intel i40 drivers), which I assume are related to the Intel(R) Ethernet 700 Series Controllers. Takashi, can you please confirm that the drivers containing *710 references are related to these 700 Series Controllers? If this is the case, I will assign this bug to kernel-source, and conduct investigations like a standard kernel issue. (In reply to Thomas Leroy from comment #4) > I can find some references to X710, XL710 and XXV710 intel drivers in kernel > sources (intel i40 drivers), which I assume are related to the Intel(R) > Ethernet 700 Series Controllers. > Takashi, can you please confirm that the drivers containing *710 references > are related to these 700 Series Controllers? I can only guess that i40e corresponds to the described devices. But the description is way too vague, and I don't find any corresponding version. > If this is the case, I will > assign this bug to kernel-source, and conduct investigations like a standard > kernel issue. But isn't the bug about the firmware, no? How it can be a standard kernel issue? Of course, if there is a known workaround for the buggy firmware in the upstream driver code, we may backport it. Too little information, so far... (In reply to Takashi Iwai from comment #5) > But isn't the bug about the firmware, no? How it can be a standard kernel You're absolutely right. I just wanted to check if we could find some useful information in the kernel drivers. (In reply to Takashi Iwai from comment #6) > Of course, if there is a known workaround for the buggy firmware in the > upstream driver code, we may backport it. Too little information, so far... I double checked the history of the drivers sources mentioning *710 firmware, but nothing related to a recent security fix appeared. Due to the few information we have, and the absence of firmware related to Intel(R) 700 Series Controllers in our kernel-firmware package, I close this bug because we are not affected. Thank you very much Takashi for your help. |