Bugzilla – Full Text Bug Listing
|Summary:||VUL-1: CVE-2021-0200: kernel-firmware: out-of-bounds write in the firmware for Intel(R) Ethernet 700 Series Controllers|
|Product:||[Novell Products] SUSE Security Incidents||Reporter:||Thomas Leroy <thomas.leroy>|
|Component:||Incidents||Assignee:||Takashi Iwai <tiwai>|
|Status:||RESOLVED INVALID||QA Contact:||Security Team bot <security-team>|
|Priority:||P4 - Low||CC:||meissner, smash_bz, thomas.leroy, tiwai|
|Found By:||Security Response Team||Services Priority:|
|Marketing QA Status:||---||IT Deployment:||---|
Description Thomas Leroy 2021-11-19 13:54:54 UTC
Comment 1 Thomas Leroy 2021-11-19 13:55:24 UTC
Still not clear for me if we are affected or not.
Comment 2 Takashi Iwai 2021-12-01 07:54:41 UTC
Please update if we have more concrete information.
Comment 3 Thomas Leroy 2021-12-01 13:54:29 UTC
This is some kind of tricky case. The issue seems to be related to a specific controller firmware, to which I can't find sign in kernel-firmware. It does not seem to be related to ethernet drivers that we could find in kernel-source. For the moment, from what I found, I think we are not affected, but I am not 100% sure.
Comment 4 Thomas Leroy 2021-12-07 14:34:39 UTC
I can find some references to X710, XL710 and XXV710 intel drivers in kernel sources (intel i40 drivers), which I assume are related to the Intel(R) Ethernet 700 Series Controllers. Takashi, can you please confirm that the drivers containing *710 references are related to these 700 Series Controllers? If this is the case, I will assign this bug to kernel-source, and conduct investigations like a standard kernel issue.
Comment 5 Takashi Iwai 2021-12-08 14:41:26 UTC
(In reply to Thomas Leroy from comment #4) > I can find some references to X710, XL710 and XXV710 intel drivers in kernel > sources (intel i40 drivers), which I assume are related to the Intel(R) > Ethernet 700 Series Controllers. > Takashi, can you please confirm that the drivers containing *710 references > are related to these 700 Series Controllers? I can only guess that i40e corresponds to the described devices. But the description is way too vague, and I don't find any corresponding version. > If this is the case, I will > assign this bug to kernel-source, and conduct investigations like a standard > kernel issue. But isn't the bug about the firmware, no? How it can be a standard kernel issue?
Comment 6 Takashi Iwai 2021-12-08 14:43:25 UTC
Of course, if there is a known workaround for the buggy firmware in the upstream driver code, we may backport it. Too little information, so far...
Comment 7 Thomas Leroy 2021-12-09 10:23:35 UTC
(In reply to Takashi Iwai from comment #5) > But isn't the bug about the firmware, no? How it can be a standard kernel You're absolutely right. I just wanted to check if we could find some useful information in the kernel drivers. (In reply to Takashi Iwai from comment #6) > Of course, if there is a known workaround for the buggy firmware in the > upstream driver code, we may backport it. Too little information, so far... I double checked the history of the drivers sources mentioning *710 firmware, but nothing related to a recent security fix appeared. Due to the few information we have, and the absence of firmware related to Intel(R) 700 Series Controllers in our kernel-firmware package, I close this bug because we are not affected. Thank you very much Takashi for your help.