[kernel-sec-discuss] r4823 - active

Ben Hutchings benh at moszumanska.debian.org
Fri Dec 30 19:40:36 UTC 2016 

Author: benh
Date: 2016-12-30 19:40:36 +0000 (Fri, 30 Dec 2016)
New Revision: 4823

Added:
   active/CVE-2016-10088
Modified:
   active/CVE-2016-9576
Log:
Add CVE-2016-10088 and update the related CVE-2016-9576 accordingly


Copied: active/CVE-2016-10088 (from rev 4822, active/CVE-2016-9576)
===================================================================
--- active/CVE-2016-10088	                        (rev 0)
+++ active/CVE-2016-10088	2016-12-30 19:40:36 UTC (rev 4823)
@@ -0,0 +1,14 @@
+Description: Memory corruption in SCSI generic device interface
+References:
+ https://marc.info/?l=linux-scsi&m=148010092224801&w=2
+ https://gist.githubusercontent.com/dvyukov/80cd94b4e4c288f16ee4c787d404118b/raw/10536069562444da51b758bb39655b514ff93b45/gistfile1.txt
+ http://www.openwall.com/lists/oss-security/2016/12/30/1
+Notes:
+ bwh> This is the vulnerabilbility left after fixing CVE-2016-9576.
+Bugs:
+upstream: released (4.10-rc1) [128394eff343fc6d2f32172f03e24829539c5835]
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
+sid: needed
+3.16-jessie-security: pending (3.16.39-1) [bugfix/all/sg_write-bsg_write-is-not-fit-to-be-called-under-ker.patch]
+3.2-wheezy-security: pending (3.2.84-1) [bugfix/all/sg_write-bsg_write-is-not-fit-to-be-called-under-ker.patch]

Modified: active/CVE-2016-9576
===================================================================
--- active/CVE-2016-9576	2016-12-29 03:45:11 UTC (rev 4822)
+++ active/CVE-2016-9576	2016-12-30 19:40:36 UTC (rev 4823)
@@ -3,14 +3,14 @@
  https://marc.info/?l=linux-scsi&m=148010092224801&w=2
  https://gist.githubusercontent.com/dvyukov/80cd94b4e4c288f16ee4c787d404118b/raw/10536069562444da51b758bb39655b514ff93b45/gistfile1.txt
 Notes:
- bwh> When the CVE was assigned this was claimed to be fixed by commit
- bwh> a0ac402cfcdc "Don't feed anything but regular iovec's to
- bwh> blk_rq_map_user_iov".  That very likely addreses similar
- bwh> vulnerabilities in other drivers, but doesn't completely fix
- bwh> this.  Commit 128394eff343 "sg_write()/bsg_write() is not fit
- bwh> to be called under KERNEL_DS" is a complete fix for sg and bsg.
+ bwh> This CVE is for the vulnerability fixed by commit a0ac402cfcdc
+ bwh> "Don't feed anything but regular iovec's to blk_rq_map_user_iov",
+ bwh> but that only addresses half the problem.  The remaining issue is
+ bwh> covered by CVE-2016-10088, and commit 128394eff343 "sg_write()/
+ bwh> bsg_write() is not fit to be called under KERNEL_DS" is a
+ bwh> complete fix for both CVEs.
 Bugs:
-upstream: released (4.10-rc1) [128394eff343fc6d2f32172f03e24829539c5835]
+upstream: released (4.9) [a0ac402cfcdc904f9772e1762b3fda112dcc56a0]
 3.16-upstream-stable: needed
 3.2-upstream-stable: needed
 sid: needed

More information about the kernel-sec-discuss mailing list