Security patches for BSP3

Hi all,

We are currently running Toradex BSP3 LTS on a Colibri iMX7 eMMC and recently found out that we needed to patch our linux kernel (4-.14.170) because of some CVEs impacting our security design (example: CVE-2021-3347).

Having seen the following [Toradex Embedded Linux Support Strategy], I’ve been digging the linux-toradex git repository but i was unable to find any security patches applicable to the kernel version of BSP3.

Did I miss/misunderstand something?

Thanks and regards
G.

Hi @gmi

Thanks for writing to the Toradex Community!

Could you share which security Patches are you missing?

Best regards,
Jaski

Hi Jaski,

CVE-2021-3347, CVE-2021-33909 or CVE-2021-22555 for example among others, although I was able to patch the last two manually.

Regards
G.

Good, actually I would also have recommended you this.

Best regards,
Jaski

You recommend to patch manually?

Regards
G.

Yes, since you will have your own custom image with all the patches needed for your application.

Best regards,
Jaski

Ok.
Where can I find the security patches to the off the shelf Toradex LTS BSPs?

Regards
G.

There are no security patches off the shelf. We only do a new LTS release if there are hardware changes.

Best regards,
Jaski

Ok.

By reading this https://developer.toradex.com/knowledge-base/toradex-embedded-linux-bsp-support-strategy#Maintenance_Releases_for_Long_Term_Embedded_Linux_Release_LTS, I really expected Toradex to deliver Kernel security patches to LTS BSP (as well as U-Boot and OE/Yocto).

You should change this description on your website, this is very confusing. I would have know that LTS releases for you BSP were not aligned Linux kernel/UBoot/Yocto mainlines as far as security is concerned, I would have chosen Quarterly Releases to get at latest security updates.

You should also move your “solve - post#3” on this topic to your latest message `There are no security patches off the shelf. We only do a new LTS release if there are hardware changes.

Best regards,
Jaski` .

This information may be very useful for your customers.

Thanks and regards
G.

Hi @gmi

Thanks for your message. We will change the wording.
We apologize for any inconvenience.

Best regards,
Jaski