[kernel-sec-discuss] r4972 - active
Ben Hutchings
benh at moszumanska.debian.org
Tue Feb 21 20:22:50 UTC 2017
Author: benh
Date: 2017-02-21 20:22:50 +0000 (Tue, 21 Feb 2017)
New Revision: 4972
Modified:
active/CVE-2016-6787
Log:
Update notes for perf locking fixes
Modified: active/CVE-2016-6787
===================================================================
--- active/CVE-2016-6787 2017-02-21 20:12:43 UTC (rev 4971)
+++ active/CVE-2016-6787 2017-02-21 20:22:50 UTC (rev 4972)
@@ -1,11 +1,7 @@
Description: Possible privilege escalation due to lack of locking around changing event->ctx
References:
Notes:
- bwh> The upstream fix was not complete; see commit 321027c1fe77 "perf/core:
- bwh> Fix concurrent sys_perf_event_open() vs. 'move_group' race"
- carnil> bwh pointed out to me (carnil) that the fix applied in jessie-security
- carnil> branch is not yet complete and a dependency commit is needed. Do not
- carnil> release in this state.
+ bwh> The upstream fix was not complete; see CVE-2017-6001
Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1403842
upstream: released (4.0-rc1) [f63a8daa5812afef4f06c962351687e1ff9ccb2b]
More information about the kernel-sec-discuss
mailing list