[kernel-sec-discuss] r4349 - active
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri May 6 13:46:06 UTC 2016
Author: carnil
Date: 2016-05-06 13:46:06 +0000 (Fri, 06 May 2016)
New Revision: 4349
Added:
active/CVE-2016-double-fdput-in-replace_map_fd_with_map_ptr
Log:
Add temporary entry for use-after-free issue
Added: active/CVE-2016-double-fdput-in-replace_map_fd_with_map_ptr
===================================================================
--- active/CVE-2016-double-fdput-in-replace_map_fd_with_map_ptr (rev 0)
+++ active/CVE-2016-double-fdput-in-replace_map_fd_with_map_ptr 2016-05-06 13:46:06 UTC (rev 4349)
@@ -0,0 +1,13 @@
+Description: UAF via double-fdput() in bpf(BPF_PROG_LOAD) error path
+References:
+ https://bugs.chromium.org/p/project-zero/issues/detail?id=808
+Notes:
+ Introduced by: https://git.kernel.org/linus/0246e64d9a5fcd4805198de59b9b5cf1f974eb41 (v3.18-rc1)
+ Exploitable since: https://git.kernel.org/linus/1be7f75d1668d6296b80bf35dcf6762393530afc (v4.4-rc1)
+Bugs:
+upstream: released (4.6-rc6) [8358b02bf67d3a5d8a825070e1aa73f25fb2e4c7]
+3.16-upstream-stable: N/A "Vulnerable code introduced in 0246e64d9a5fcd4805198de59b9b5cf1f974eb41 (3.18-rc1)"
+3.2-upstream-stable: N/A "Vulnerable code introduced in 0246e64d9a5fcd4805198de59b9b5cf1f974eb41 (3.18-rc1)"
+sid: pending (4.5.2-2) [bugfix/all/bpf-fix-double-fdput-in-replace_map_fd_with_map_ptr.patch]
+3.16-jessie-security: N/A "Vulnerable code not present"
+3.2-wheezy-security: N/A "Vulnerable code not present"
More information about the kernel-sec-discuss
mailing list