[kernel-sec-discuss] r4933 - active
Ben Hutchings
benh at moszumanska.debian.org
Thu Feb 16 04:13:44 UTC 2017
Author: benh
Date: 2017-02-16 04:13:43 +0000 (Thu, 16 Feb 2017)
New Revision: 4933
Added:
active/CVE-2017-6001
Modified:
active/CVE-2016-6786
Log:
Add CVE-2017-6001 and rcross-reference to CVE-2016-6786
Modified: active/CVE-2016-6786
===================================================================
--- active/CVE-2016-6786 2017-02-15 18:52:48 UTC (rev 4932)
+++ active/CVE-2016-6786 2017-02-16 04:13:43 UTC (rev 4933)
@@ -1,8 +1,7 @@
Description: Possible privilege escalation due to lack of locking around changing event->ctx
References:
Notes:
- bwh> The upstream fix was not complete; see commit 321027c1fe77 "perf/core:
- bwh> Fix concurrent sys_perf_event_open() vs. 'move_group' race"
+ bwh> The upstream fix was not complete; see CVE-2017-6001
Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1403842
upstream: released (4.0-rc1) [f63a8daa5812afef4f06c962351687e1ff9ccb2b]
Added: active/CVE-2017-6001
===================================================================
--- active/CVE-2017-6001 (rev 0)
+++ active/CVE-2017-6001 2017-02-16 04:13:43 UTC (rev 4933)
@@ -0,0 +1,11 @@
+Description: Possible privilege escalation due to lack of locking around changing event->ctx
+References:
+Notes:
+ bwh> This is left over from an incomplete fix for CVE-2016-6786
+Bugs:
+upstream: released (4.10-rc4) [f321027c1fe77f892f4ea07846aeae08cefbbb290]
+3.16-upstream-stable: pending (3.16.40) [perf-core-fix-concurrent-sys_perf_event_open-vs.-move_group-race.patch]
+3.2-upstream-stable: pending (3.2.85) [perf-core-fix-concurrent-sys_perf_event_open-vs.-move_group-race.patch]
+sid: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
More information about the kernel-sec-discuss
mailing list