[kernel-sec-discuss] r5171 - active
Ben Hutchings
benh at moszumanska.debian.org
Tue Apr 18 00:08:31 UTC 2017
Author: benh
Date: 2017-04-18 00:08:31 +0000 (Tue, 18 Apr 2017)
New Revision: 5171
Modified:
active/CVE-2017-7889
Log:
Fill in some details for CVE-2017-7889
Modified: active/CVE-2017-7889
===================================================================
--- active/CVE-2017-7889 2017-04-17 03:41:25 UTC (rev 5170)
+++ active/CVE-2017-7889 2017-04-18 00:08:31 UTC (rev 5171)
@@ -1,12 +1,16 @@
-Description: mm: Tighten x86 /dev/mem with zeroing reads
+Description: CONFIG_STRICT_DEVMEM does not prevent read/write of system RAM under 1MB
References:
http://www.openwall.com/lists/oss-security/2017/04/16/4
Notes:
+ bwh> This issue seems to include only read/write, as mmap is not
+ bwh> covered by the commit referenced. So I can't see a security
+ bwh> benefit in fixing just this, although there is a *stability*
+ bwh> benefit for newer versions with CONFIG_HARDENED_USERCOPY.
Bugs:
upstream: released (4.11-rc7) [a4866aa812518ed1a37d8ea0c881dc946409de94]
-4.9-upstream-stable:
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid:
-3.16-jessie-security:
-3.2-wheezy-security:
+4.9-upstream-stable: needed
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
+sid: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
More information about the kernel-sec-discuss
mailing list