[kernel-sec-discuss] r4387 - active

Ben Hutchings benh at moszumanska.debian.org
Mon May 16 00:02:34 UTC 2016 

Author: benh
Date: 2016-05-16 00:02:33 +0000 (Mon, 16 May 2016)
New Revision: 4387

Modified:
   active/CVE-2016-0758
   active/CVE-2016-3070
   active/CVE-2016-4482
   active/CVE-2016-4485
   active/CVE-2016-4486
   active/CVE-2016-4569
   active/CVE-2016-4578
   active/CVE-2016-4794
Log:
Fill in more details of recently added issues

Fixes most of the 'unknown' statuses.


Modified: active/CVE-2016-0758
===================================================================
--- active/CVE-2016-0758	2016-05-15 18:07:09 UTC (rev 4386)
+++ active/CVE-2016-0758	2016-05-16 00:02:33 UTC (rev 4387)
@@ -4,9 +4,9 @@
 Notes:
 Bugs:
  https://bugzilla.redhat.com/show_bug.cgi?id=1300257
-upstream: pending [23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa]
-3.16-upstream-stable:
+upstream: pending (4.6) [23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa]
+3.16-upstream-stable: needed
 3.2-upstream-stable: N/A "Vulnerable code introduced by 42d5ec27f873c654a68f7f865dcd7737513e9508 (3.10-rc1)
 sid: pending (4.5.4-1) [bugfix/all/KEYS-Fix-ASN.1-indefinite-length-object-parsing.patch]
-3.16-jessie-security:
+3.16-jessie-security: N/A "Vulnerable code is not built"
 3.2-wheezy-security: N/A "Vulnerable code not present"

Modified: active/CVE-2016-3070
===================================================================
--- active/CVE-2016-3070	2016-05-15 18:07:09 UTC (rev 4386)
+++ active/CVE-2016-3070	2016-05-16 00:02:33 UTC (rev 4387)
@@ -1,10 +1,14 @@
 Description: Null pointer dereference in trace_writeback_dirty_page() 
 References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1306851 (not yet public)
 Notes:
+ bwh> Problematic call sequence removed by upstream commit appears to be:
+ bwh> migrate_page_copy() -> __set_page_dirty_nobuffers()
+ bwh> -> account_page_dirtied() -> trace_writeback_dirty_page()
 Bugs:
 upstream: released (4.4-rc1) [42cb14b110a5698ccf26ce59c4441722605a3743]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: needed
+3.2-upstream-stable: N/A ("Vulnerable code not present")
 sid: released (4.4.2-1)
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-jessie-security: needed
+3.2-wheezy-security: N/A ("Vulnerable code not present")

Modified: active/CVE-2016-4482
===================================================================
--- active/CVE-2016-4482	2016-05-15 18:07:09 UTC (rev 4386)
+++ active/CVE-2016-4482	2016-05-16 00:02:33 UTC (rev 4387)
@@ -2,10 +2,13 @@
 References:
  http://www.spinics.net/lists/linux-usb/msg140243.html
 Notes:
+ bwh> There may or may not be an information leak here in practice,
+ bwh> depending on how the compiler optimises the structure
+ bwh> initialisation.
 Bugs:
-upstream:
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid:
-3.16-jessie-security:
-3.2-wheezy-security:
+upstream: needed
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
+sid: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: needed

Modified: active/CVE-2016-4485
===================================================================
--- active/CVE-2016-4485	2016-05-15 18:07:09 UTC (rev 4386)
+++ active/CVE-2016-4485	2016-05-16 00:02:33 UTC (rev 4387)
@@ -2,9 +2,9 @@
 References:
 Notes:
 Bugs:
-upstream: pending [b8670c09f37bdf2847cc44f36511a53afc6161fd]
-3.16-upstream-stable:
-3.2-upstream-stable:
+upstream: pending (4.6) [b8670c09f37bdf2847cc44f36511a53afc6161fd]
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
 sid: pending (4.5.4-1) [bugfix/all/net-fix-infoleak-in-llc.patch]
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-jessie-security: needed
+3.2-wheezy-security: needed

Modified: active/CVE-2016-4486
===================================================================
--- active/CVE-2016-4486	2016-05-15 18:07:09 UTC (rev 4386)
+++ active/CVE-2016-4486	2016-05-16 00:02:33 UTC (rev 4387)
@@ -2,9 +2,9 @@
 References:
 Notes:
 Bugs:
-upstream: pending [5f8e44741f9f216e33736ea4ec65ca9ac03036e6]
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid:
-3.16-jessie-security:
-3.2-wheezy-security:
+upstream: pending (4.6) [5f8e44741f9f216e33736ea4ec65ca9ac03036e6]
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
+sid: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: needed

Modified: active/CVE-2016-4569
===================================================================
--- active/CVE-2016-4569	2016-05-15 18:07:09 UTC (rev 4386)
+++ active/CVE-2016-4569	2016-05-16 00:02:33 UTC (rev 4387)
@@ -1,11 +1,13 @@
-Description:
+Description: information leak in ALSA timers
 References:
  http://comments.gmane.org/gmane.linux.kernel/2214250
 Notes:
+ bwh> This only affects 64-bit architectures as no padding is needed in
+ bwh> struct snd_timer_tread on 32-bit architectures.
 Bugs:
-upstream:
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid:
-3.16-jessie-security:
-3.2-wheezy-security:
+upstream: needed
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
+sid: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: needed

Modified: active/CVE-2016-4578
===================================================================
--- active/CVE-2016-4578	2016-05-15 18:07:09 UTC (rev 4386)
+++ active/CVE-2016-4578	2016-05-16 00:02:33 UTC (rev 4387)
@@ -1,13 +1,15 @@
-Description:
+Description: information leaks in ALSA timers
 References:
   https://git.kernel.org/cgit/linux/kernel/git/tiwai/sound.git/commit/?h=for-next&id=9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6
  https://git.kernel.org/cgit/linux/kernel/git/tiwai/sound.git/commit/?h=for-next&id=e4ec8cc8039a7063e24204299b462bd1383184a5
  But both commits not yet merged in Linus' tree
 Notes:
+ bwh> This only affects 64-bit architectures as no padding is needed in
+ bwh> struct snd_timer_tread on 32-bit architectures.
 Bugs:
-upstream:
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid:
-3.16-jessie-security:
-3.2-wheezy-security:
+upstream: needed
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
+sid: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: needed

Modified: active/CVE-2016-4794
===================================================================
--- active/CVE-2016-4794	2016-05-15 18:07:09 UTC (rev 4386)
+++ active/CVE-2016-4794	2016-05-16 00:02:33 UTC (rev 4387)
@@ -1,11 +1,14 @@
-Description:
+Description: Use-after-free in pcpu_extend_area_map, triggered by bpf()
 References:
  Reproducer: http://www.openwall.com/lists/oss-security/2016/05/12/6
+ http://thread.gmane.org/gmane.linux.network/408459/
 Notes:
+ bwh> It's not clear whether this is specific to bpf() or an existing bug
+ bwh> that's now easier to hit (and exploit).
 Bugs:
 upstream: needed
 3.16-upstream-stable:
 3.2-upstream-stable:
-sid:
+sid: needed
 3.16-jessie-security:
 3.2-wheezy-security:

More information about the kernel-sec-discuss mailing list