[kernel-sec-discuss] r5830 - dsa-texts

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sat Dec 23 17:00:12 UTC 2017 

Author: carnil
Date: 2017-12-23 17:00:12 +0000 (Sat, 23 Dec 2017)
New Revision: 5830

Modified:
   dsa-texts/4.9.65-3+deb9u1
Log:
Sort CVEs after assignment

Modified: dsa-texts/4.9.65-3+deb9u1
===================================================================
--- dsa-texts/4.9.65-3+deb9u1	2017-12-23 17:00:11 UTC (rev 5829)
+++ dsa-texts/4.9.65-3+deb9u1	2017-12-23 17:00:12 UTC (rev 5830)
@@ -41,27 +41,6 @@
     correctly model the behaviour of 32-bit load instructions.  A
     local user can use this for privilege escalation.
 
-CVE-2017-17862
-
-    Alexei Starovoitov discovered that the Extended BPF verifier
-    ignored unreachable code, even though it would still be processed
-    by JIT compilers.  This could possibly be used by local users for
-    denial of service.  It also increases the severity of bugs in
-    determining unreachable code.
-
-CVE-2017-17863
-
-    Jann Horn discovered that the Extended BPF verifier did not
-    correctly model pointer arithmetic on the stack frame pointer.
-    A local user can use this for privilege escalation.
-
-CVE-2017-17864
-
-    Jann Horn discovered that the Extended BPF verifier could fail to
-    detect pointer leaks from conditional code.  A local user could
-    use this to obtain sensitive information in order to exploit
-    other vulnerabilities.
-
 CVE-2017-17448
 
     Kevin Cernekee discovered that the netfilter subsystem allowed
@@ -127,6 +106,27 @@
     A local user could use this to cause a denial of service or to
     obtain sensitive information.
 
+CVE-2017-17862
+
+    Alexei Starovoitov discovered that the Extended BPF verifier
+    ignored unreachable code, even though it would still be processed
+    by JIT compilers.  This could possibly be used by local users for
+    denial of service.  It also increases the severity of bugs in
+    determining unreachable code.
+
+CVE-2017-17863
+
+    Jann Horn discovered that the Extended BPF verifier did not
+    correctly model pointer arithmetic on the stack frame pointer.
+    A local user can use this for privilege escalation.
+
+CVE-2017-17864
+
+    Jann Horn discovered that the Extended BPF verifier could fail to
+    detect pointer leaks from conditional code.  A local user could
+    use this to obtain sensitive information in order to exploit
+    other vulnerabilities.
+
 CVE-2017-1000407
 
     Andrew Honig reported that the KVM implementation for Intel

More information about the kernel-sec-discuss mailing list