[kernel-sec-discuss] r5822 - active

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sat Dec 23 07:22:48 UTC 2017


Author: carnil
Date: 2017-12-23 07:22:48 +0000 (Sat, 23 Dec 2017)
New Revision: 5822

Added:
   active/CVE-2017-17855
Log:
Add CVE-2017-17855

Added: active/CVE-2017-17855
===================================================================
--- active/CVE-2017-17855	                        (rev 0)
+++ active/CVE-2017-17855	2017-12-23 07:22:48 UTC (rev 5822)
@@ -0,0 +1,14 @@
+Description: bpf: don't prune branches when a scalar is replaced with a pointer
+References:
+ http://www.openwall.com/lists/oss-security/2017/12/21/2
+Notes:
+ carnil> Introduced in f1174f77b50c94eecaa658fdc56fa69b421de4b8 in 4.14-rc1
+Bugs:
+upstream: pending [179d1c5602997fef5a940c6ddcf31212cbfebd14]
+4.9-upstream-stable: N/A "Vulnerable code introduced in 4.14-rc1"
+3.16-upstream-stable: N/A "Vulnerable code introduced in 4.14-rc1"
+3.2-upstream-stable: N/A "Vulnerable code introduced in 4.14-rc1"
+sid: released (4.14.7-1) [bugfix/all/bpf-don-t-prune-branches-when-a-scalar-is-replaced-w.patch]
+4.9-stretch-security: N/A "Vulnerable code not present"
+3.16-jessie-security: N/A "Vulnerable code not present"
+3.2-wheezy-security: N/A "Vulnerable code not present"




More information about the kernel-sec-discuss mailing list