[kernel-sec-discuss] r4363 - active retired

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sun May 8 04:14:16 UTC 2016 

Author: carnil
Date: 2016-05-08 04:14:15 +0000 (Sun, 08 May 2016)
New Revision: 4363

Added:
   retired/CVE-2016-4557
Removed:
   active/CVE-2016-4557
Log:
Retire CVE-2016-4557

Deleted: active/CVE-2016-4557
===================================================================
--- active/CVE-2016-4557	2016-05-08 04:13:33 UTC (rev 4362)
+++ active/CVE-2016-4557	2016-05-08 04:14:15 UTC (rev 4363)
@@ -1,13 +0,0 @@
-Description: UAF via double-fdput() in bpf(BPF_PROG_LOAD) error path
-References:
- https://bugs.chromium.org/p/project-zero/issues/detail?id=808
-Notes:
- Introduced by: https://git.kernel.org/linus/0246e64d9a5fcd4805198de59b9b5cf1f974eb41 (v3.18-rc1)
- Exploitable since: https://git.kernel.org/linus/1be7f75d1668d6296b80bf35dcf6762393530afc (v4.4-rc1)
-Bugs:
-upstream: released (4.6-rc6) [8358b02bf67d3a5d8a825070e1aa73f25fb2e4c7]
-3.16-upstream-stable: N/A "Vulnerable code introduced in 0246e64d9a5fcd4805198de59b9b5cf1f974eb41 (3.18-rc1)"
-3.2-upstream-stable: N/A "Vulnerable code introduced in 0246e64d9a5fcd4805198de59b9b5cf1f974eb41 (3.18-rc1)"
-sid: released (4.5.3-1) [bugfix/all/bpf-fix-double-fdput-in-replace_map_fd_with_map_ptr.patch]
-3.16-jessie-security: N/A "Vulnerable code not present"
-3.2-wheezy-security: N/A "Vulnerable code not present"

Copied: retired/CVE-2016-4557 (from rev 4362, active/CVE-2016-4557)
===================================================================
--- retired/CVE-2016-4557	                        (rev 0)
+++ retired/CVE-2016-4557	2016-05-08 04:14:15 UTC (rev 4363)
@@ -0,0 +1,13 @@
+Description: UAF via double-fdput() in bpf(BPF_PROG_LOAD) error path
+References:
+ https://bugs.chromium.org/p/project-zero/issues/detail?id=808
+Notes:
+ Introduced by: https://git.kernel.org/linus/0246e64d9a5fcd4805198de59b9b5cf1f974eb41 (v3.18-rc1)
+ Exploitable since: https://git.kernel.org/linus/1be7f75d1668d6296b80bf35dcf6762393530afc (v4.4-rc1)
+Bugs:
+upstream: released (4.6-rc6) [8358b02bf67d3a5d8a825070e1aa73f25fb2e4c7]
+3.16-upstream-stable: N/A "Vulnerable code introduced in 0246e64d9a5fcd4805198de59b9b5cf1f974eb41 (3.18-rc1)"
+3.2-upstream-stable: N/A "Vulnerable code introduced in 0246e64d9a5fcd4805198de59b9b5cf1f974eb41 (3.18-rc1)"
+sid: released (4.5.3-1) [bugfix/all/bpf-fix-double-fdput-in-replace_map_fd_with_map_ptr.patch]
+3.16-jessie-security: N/A "Vulnerable code not present"
+3.2-wheezy-security: N/A "Vulnerable code not present"

More information about the kernel-sec-discuss mailing list