[kernel-sec-discuss] r5820 - active
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Dec 23 07:22:45 UTC 2017
Author: carnil
Date: 2017-12-23 07:22:45 +0000 (Sat, 23 Dec 2017)
New Revision: 5820
Added:
active/CVE-2017-17853
Log:
Add CVE-2017-17853
Added: active/CVE-2017-17853
===================================================================
--- active/CVE-2017-17853 (rev 0)
+++ active/CVE-2017-17853 2017-12-23 07:22:45 UTC (rev 5820)
@@ -0,0 +1,14 @@
+Description: bpf/verifier: fix bounds calculation on BPF_RSH
+References:
+ http://www.openwall.com/lists/oss-security/2017/12/21/2
+Notes:
+ carnil> Introduced by b03c9f9fdc37dab81ea04d5dacdc5995d4c224c2 in 4.14-rc1
+Bugs:
+upstream: pending [4374f256ce8182019353c0c639bb8d0695b4c941]
+4.9-upstream-stable: N/A "Vulnerable code introduced in 4.14-rc1"
+3.16-upstream-stable: N/A "Vulnerable code introduced in 4.14-rc1"
+3.2-upstream-stable: N/A "Vulnerable code introduced in 4.14-rc1"
+sid: released (4.14.7-1) [/bugfix/all/bpf-verifier-fix-bounds-calculation-on-bpf_rsh.patch]
+4.9-stretch-security: N/A "Vulnerable code not present"
+3.16-jessie-security: N/A "Vulnerable code not present"
+3.2-wheezy-security: N/A "Vulnerable code not present"
More information about the kernel-sec-discuss
mailing list