[kernel-sec-discuss] r5828 - active

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sat Dec 23 16:48:38 UTC 2017


Author: carnil
Date: 2017-12-23 16:48:38 +0000 (Sat, 23 Dec 2017)
New Revision: 5828

Added:
   active/CVE-2017-17864
Removed:
   active/CVE-bpf-verifier-fix-states_equal-comparison-of-pointer-and-unknown
Log:
CVE-2017-17864 assigned

Copied: active/CVE-2017-17864 (from rev 5827, active/CVE-bpf-verifier-fix-states_equal-comparison-of-pointer-and-unknown)
===================================================================
--- active/CVE-2017-17864	                        (rev 0)
+++ active/CVE-2017-17864	2017-12-23 16:48:38 UTC (rev 5828)
@@ -0,0 +1,18 @@
+Description: bpf/verifier: Fix states_equal() comparison of pointer and UNKNOWN
+References:
+Notes:
+ carnil> Ben's commit message states "This was fixed differently upstream,
+ carnil> but the code around here waslargely rewritten in 4.14 by commit
+ carnil> f1174f77b50c "bpf/verifier: rework value tracking". The bug can be
+ carnil> detected by the bpf/verifier sub-test "pointer/scalar confusion in
+ carnil> state equality check (way 1)"."
+ carnil> how was it fixed? Which upstream commit?
+Bugs:
+upstream:
+4.9-upstream-stable: needed
+3.16-upstream-stable: N/A "Vulnerable code introduced later"
+3.2-upstream-stable: N/A "Vulnerable code introduced later"
+sid:
+4.9-stretch-security: pending (4.9.65-3+deb9u1) [bugfix/all/bpf-verifier-fix-states_equal-comparison-of-pointer-and-unknown.patch]
+3.16-jessie-security: N/A "Vulnerable code introduced later"
+3.2-wheezy-security: N/A "Vulnerable code introduced later"

Deleted: active/CVE-bpf-verifier-fix-states_equal-comparison-of-pointer-and-unknown
===================================================================
--- active/CVE-bpf-verifier-fix-states_equal-comparison-of-pointer-and-unknown	2017-12-23 16:48:37 UTC (rev 5827)
+++ active/CVE-bpf-verifier-fix-states_equal-comparison-of-pointer-and-unknown	2017-12-23 16:48:38 UTC (rev 5828)
@@ -1,18 +0,0 @@
-Description: bpf/verifier: Fix states_equal() comparison of pointer and UNKNOWN
-References:
-Notes:
- carnil> Ben's commit message states "This was fixed differently upstream,
- carnil> but the code around here waslargely rewritten in 4.14 by commit
- carnil> f1174f77b50c "bpf/verifier: rework value tracking". The bug can be
- carnil> detected by the bpf/verifier sub-test "pointer/scalar confusion in
- carnil> state equality check (way 1)"."
- carnil> how was it fixed? Which upstream commit?
-Bugs:
-upstream:
-4.9-upstream-stable: needed
-3.16-upstream-stable: N/A "Vulnerable code introduced later"
-3.2-upstream-stable: N/A "Vulnerable code introduced later"
-sid:
-4.9-stretch-security: pending (4.9.65-3+deb9u1) [bugfix/all/bpf-verifier-fix-states_equal-comparison-of-pointer-and-unknown.patch]
-3.16-jessie-security: N/A "Vulnerable code introduced later"
-3.2-wheezy-security: N/A "Vulnerable code introduced later"




More information about the kernel-sec-discuss mailing list