[kernel-sec-discuss] r5825 - active
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Dec 23 15:33:12 UTC 2017
Author: carnil
Date: 2017-12-23 15:33:12 +0000 (Sat, 23 Dec 2017)
New Revision: 5825
Added:
active/CVE-bpf-fix-branch-pruning-logic
active/CVE-bpf-reject-out-of-bounds-stack-pointer-calculation
active/CVE-bpf-verifier-fix-states_equal-comparison-of-pointer-and-unknown
Log:
Add three temporary items without CVE (yet)
Added: active/CVE-bpf-fix-branch-pruning-logic
===================================================================
--- active/CVE-bpf-fix-branch-pruning-logic (rev 0)
+++ active/CVE-bpf-fix-branch-pruning-logic 2017-12-23 15:33:12 UTC (rev 5825)
@@ -0,0 +1,14 @@
+Description: bpf: fix branch pruning logic
+References:
+ https://www.spinics.net/lists/stable/msg206984.html
+Notes:
+ carnil> Introduced by 17a5267067f3c372fec9ffb798d6eaba6b5e6a4c in 3.18-rc1
+Bugs:
+upstream: released (4.15-rc1) [c131187db2d3fa2f8bf32fdf4e9a4ef805168467]
+4.9-upstream-stable: needed
+3.16-upstream-stable: N/A "Vulnerable code introduced in 3.18-rc1"
+3.2-upstream-stable: N/A "Vulnerable code introduced in 3.18-rc1"
+sid: needed
+4.9-stretch-security: pending (4.9.65-3+deb9u1) [bugfix/all/bpf-fix-branch-pruning-logic.patch]
+3.16-jessie-security: N/A "Vulnerable code not present"
+3.2-wheezy-security: N/A "Vulnerable code not present"
Added: active/CVE-bpf-reject-out-of-bounds-stack-pointer-calculation
===================================================================
--- active/CVE-bpf-reject-out-of-bounds-stack-pointer-calculation (rev 0)
+++ active/CVE-bpf-reject-out-of-bounds-stack-pointer-calculation 2017-12-23 15:33:12 UTC (rev 5825)
@@ -0,0 +1,18 @@
+Description: bpf: reject out-of-bounds stack pointer calculation
+References:
+ https://www.spinics.net/lists/stable/msg206985.html
+Notes:
+ carnil> Introduced by 7bca0a9702edfc8d0e7e46f984ca422ffdbe0498 (4.9.28)
+ carnil> which is 332270fdc8b6fba07d059a9ad44df9e1a2ad4529 (4.12-rc1) in
+ carnil> mainline. Quoting commit message: "This is a fix specifically
+ carnil> for the v4.9 stable tree because the mainline code looks very
+ carnil>different at this point."
+Bugs:
+upstream:
+4.9-upstream-stable: needed
+3.16-upstream-stable: N/A "Vulnerable code introduced later"
+3.2-upstream-stable: N/A "Vulnerable code introduced later"
+sid:
+4.9-stretch-security: pending (4.9.65-3+deb9u1) [bugfix/all/bpf-reject-out-of-bounds-stack-pointer-calculation.patch]
+3.16-jessie-security: N/A "Vulnerable code introduced later"
+3.2-wheezy-security: N/A "Vulnerable code introduced later"
Added: active/CVE-bpf-verifier-fix-states_equal-comparison-of-pointer-and-unknown
===================================================================
--- active/CVE-bpf-verifier-fix-states_equal-comparison-of-pointer-and-unknown (rev 0)
+++ active/CVE-bpf-verifier-fix-states_equal-comparison-of-pointer-and-unknown 2017-12-23 15:33:12 UTC (rev 5825)
@@ -0,0 +1,18 @@
+Description: bpf/verifier: Fix states_equal() comparison of pointer and UNKNOWN
+References:
+Notes:
+ carnil> Ben's commit message states "This was fixed differently upstream,
+ carnil> but the code around here waslargely rewritten in 4.14 by commit
+ carnil> f1174f77b50c "bpf/verifier: rework value tracking". The bug can be
+ carnil> detected by the bpf/verifier sub-test "pointer/scalar confusion in
+ carnil> state equality check (way 1)"."
+ carnil> how was it fixed? Which upstream commit?
+Bugs:
+upstream:
+4.9-upstream-stable: needed
+3.16-upstream-stable: N/A "Vulnerable code introduced later"
+3.2-upstream-stable: N/A "Vulnerable code introduced later"
+sid:
+4.9-stretch-security: pending (4.9.65-3+deb9u1) [bugfix/all/bpf-verifier-fix-states_equal-comparison-of-pointer-and-unknown.patch]
+3.16-jessie-security: N/A "Vulnerable code introduced later"
+3.2-wheezy-security: N/A "Vulnerable code introduced later"
More information about the kernel-sec-discuss
mailing list