[kernel-sec-discuss] r4161 - active

Ben Hutchings benh at moszumanska.debian.org
Sun Feb 14 04:51:09 UTC 2016 

Author: benh
Date: 2016-02-14 04:51:08 +0000 (Sun, 14 Feb 2016)
New Revision: 4161

Added:
   active/CVE-2016-2085
   active/CVE-2016-bpf-wrong-branch
   active/CVE-2016-usbmidi-double-free
Log:
Add new issues with upstream fixes pending

Added: active/CVE-2016-2085
===================================================================
--- active/CVE-2016-2085	                        (rev 0)
+++ active/CVE-2016-2085	2016-02-14 04:51:08 UTC (rev 4161)
@@ -0,0 +1,10 @@
+Description: Timing side-channel in EVM
+References:
+Notes:
+Bugs:
+upstream: pending (4.5-rc4) [613317bd212c585c20796c10afe5daaa95d4b0a1]
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
+sid: ignored "EVM is not enabled"
+3.16-jessie-security: ignored "EVM is not enabled"
+3.2-wheezy-security: ignored "EVM is not enabled"

Added: active/CVE-2016-bpf-wrong-branch
===================================================================
--- active/CVE-2016-bpf-wrong-branch	                        (rev 0)
+++ active/CVE-2016-bpf-wrong-branch	2016-02-14 04:51:08 UTC (rev 4161)
@@ -0,0 +1,12 @@
+Description: Incorrect branch fixups for eBPF allow arbitrary read
+References:
+Notes:
+ bwh> Introduced in 4.1 by commit 9bac3d6d548e
+ bwh> ("bpf: allow extended BPF programs access skb fields")
+Bugs:
+upstream: pending (4.5-rc4) [a1b14d27ed0965838350f1377ff97c93ee383492]
+3.16-upstream-stable: N/A "Vulnerable code not present"
+3.2-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+3.16-jessie-security: N/A "Vulnerable code not present"
+3.2-wheezy-security: N/A "Vulnerable code not present"

Added: active/CVE-2016-usbmidi-double-free
===================================================================
--- active/CVE-2016-usbmidi-double-free	                        (rev 0)
+++ active/CVE-2016-usbmidi-double-free	2016-02-14 04:51:08 UTC (rev 4161)
@@ -0,0 +1,12 @@
+Description: Double-free in snd-usbmidi-lib triggered by invalid USB descriptor
+References:
+Notes:
+Bugs:
+upstream: pending (4.5-rc4) [07d86ca93db7e5cdf4743564d98292042ec21af7]
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
+2.6.32-upstream-stable: needed
+sid: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
+2.6.32-squeeze-security: needed

More information about the kernel-sec-discuss mailing list