[kernel-sec-discuss] r4813 - active

Ben Hutchings benh at moszumanska.debian.org
Wed Dec 28 17:49:45 UTC 2016


Author: benh
Date: 2016-12-28 17:49:45 +0000 (Wed, 28 Dec 2016)
New Revision: 4813

Modified:
   active/CVE-2016-9576
Log:
Update status of CVE-2016-9576, now identifying a different commit as the fix


Modified: active/CVE-2016-9576
===================================================================
--- active/CVE-2016-9576	2016-12-28 17:07:34 UTC (rev 4812)
+++ active/CVE-2016-9576	2016-12-28 17:49:45 UTC (rev 4813)
@@ -1,12 +1,19 @@
-Description: use-after-free in SCSI generic device interface
+Description: Memory corruption in SCSI generic device interface
 References:
  https://marc.info/?l=linux-scsi&m=148010092224801&w=2
  https://gist.githubusercontent.com/dvyukov/80cd94b4e4c288f16ee4c787d404118b/raw/10536069562444da51b758bb39655b514ff93b45/gistfile1.txt
 Notes:
+ bwh> When the CVE was assigned this was claimed to be fixed by commit
+ bwh> a0ac402cfcdc "Don't feed anything but regular iovec's to
+ bwh> blk_rq_map_user_iov".  That very likely addreses similar
+ bwh> vulnerabilities in other drivers.  But sg doesn't implement
+ bwh> splice itself, and always passes iovecs.  It looks like commit
+ bwh> 128394eff343 "sg_write()/bsg_write() is not fit to be called
+ bwh> under KERNEL_DS" is the real fix for this.
 Bugs:
-upstream: released (4.9) [a0ac402cfcdc904f9772e1762b3fda112dcc56a0]
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid: released (4.8.15-1)
-3.16-jessie-security:
-3.2-wheezy-security:
+upstream: released (4.10-rc1) [128394eff343fc6d2f32172f03e24829539c5835]
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
+sid: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: needed




More information about the kernel-sec-discuss mailing list