[kernel-sec-discuss] r5026 - active

Ben Hutchings benh at moszumanska.debian.org
Mon Feb 27 15:42:03 UTC 2017 

Author: benh
Date: 2017-02-27 15:42:03 +0000 (Mon, 27 Feb 2017)
New Revision: 5026

Modified:
   active/CVE-2017-5986
   active/CVE-2017-6345
   active/CVE-2017-6346
   active/CVE-2017-6347
   active/CVE-2017-6348
   active/CVE-2017-6353
Log:
Fill in missing status fields

Modified: active/CVE-2017-5986
===================================================================
--- active/CVE-2017-5986	2017-02-27 07:34:54 UTC (rev 5025)
+++ active/CVE-2017-5986	2017-02-27 15:42:03 UTC (rev 5026)
@@ -3,7 +3,7 @@
 Notes:
  carnil> Introduced in 2.6.17-rc5 with 61c9fed41638249f8b6ca5345064eb1beb50179f
  bwh> Upstream fix actually makes things worse; see
- bwh> https://marc.info/?l=linux-sctp&m=148770688203103&w=2
+ bwh> https://marc.info/?l=linux-sctp&m=148770688203103&w=2 and CVE-2017-6353
 Bugs:
 upstream: released (4.10-rc8) [2dcab598484185dea7ec22219c76dcdd59e3cb90]
 4.9-upstream-stable: released (4.9.11) [00eff2ebbd229758e90659907724c14dd5a18339]

Modified: active/CVE-2017-6345
===================================================================
--- active/CVE-2017-6345	2017-02-27 07:34:54 UTC (rev 5025)
+++ active/CVE-2017-6345	2017-02-27 15:42:03 UTC (rev 5026)
@@ -2,10 +2,15 @@
 References:
 Notes:
 Bugs:
+ bwh> The upstream commit refers to an added assertion in 3.12, but the
+ bwh> purpose of that assertion was to catch potential UAF cases so I
+ bwh> assume this bug could result in a UAF in 3.2.  Note that this bug
+ bwh> is in the obscure llc2 module, not the basic llc support used by
+ bwh> some other protocols.
 upstream: released (4.10) [8b74d439e1697110c5e5c600643e823eb1dd0762]
 4.9-upstream-stable: released (4.9.13) [42b52783a59cc706c71cdc7096edce4a6f086fd3]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
 sid: pending (4.9.13-1)
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-jessie-security: needed
+3.2-wheezy-security: needed

Modified: active/CVE-2017-6346
===================================================================
--- active/CVE-2017-6346	2017-02-27 07:34:54 UTC (rev 5025)
+++ active/CVE-2017-6346	2017-02-27 15:42:03 UTC (rev 5026)
@@ -1,11 +1,13 @@
 Description: packet: fix races in fanout_add()
 References:
 Notes:
+ bwh> The races can clearly lead to a UAF since 4.2.  The impact may be
+ bwh> less severe in earlier versions but still needs to be fixed.
 Bugs:
 upstream: released (4.10) [d199fab63c11998a602205f7ee7ff7c05c97164b]
 4.9-upstream-stable: released (4.9.13) [722737f27774b14be5a1d2d3b9281dcded7c48b2]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
 sid: pending (4.9.13-1)
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-jessie-security: needed
+3.2-wheezy-security: needed

Modified: active/CVE-2017-6347
===================================================================
--- active/CVE-2017-6347	2017-02-27 07:34:54 UTC (rev 5025)
+++ active/CVE-2017-6347	2017-02-27 15:42:03 UTC (rev 5026)
@@ -1,11 +1,13 @@
 Description: ip: fix IP_CHECKSUM handling
 References:
 Notes:
+ bwh> Introduced in 4.0 by commit ad6f939ab193 "ip: Add offset parameter to
+ bwh> ip_cmsg_recv".
 Bugs:
 upstream: pending [ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32]
 4.9-upstream-stable: released (4.9.13) [481aedf869fbf2d4503ca0005dbd68b78422955a]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: N/A "Vulnerable code not present"
+3.2-upstream-stable: N/A "Vulnerable code not present"
 sid: pending (4.9.13-1)
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-jessie-security: N/A "Vulnerable code not present"
+3.2-wheezy-security: N/A "Vulnerable code not present"

Modified: active/CVE-2017-6348
===================================================================
--- active/CVE-2017-6348	2017-02-27 07:34:54 UTC (rev 5025)
+++ active/CVE-2017-6348	2017-02-27 15:42:03 UTC (rev 5026)
@@ -1,11 +1,13 @@
 Description: irda: Fix lockdep annotations in hashbin_delete()
 References:
 Notes:
+ bwh> This actually changes locking, not just lockdep annotations.
+ bwh> So I think it fixes a potential deadlock.
 Bugs:
 upstream: released (4.10) [4c03b862b12f980456f9de92db6d508a4999b788]
 4.9-upstream-stable: released (4.9.13) [c2219da51664451149350e47321aa0fcf72a8b8f]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
 sid: pending (4.9.13-1)
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-jessie-security: needed
+3.2-wheezy-security: needed

Modified: active/CVE-2017-6353
===================================================================
--- active/CVE-2017-6353	2017-02-27 07:34:54 UTC (rev 5025)
+++ active/CVE-2017-6353	2017-02-27 15:42:03 UTC (rev 5026)
@@ -6,11 +6,12 @@
  carnil> affected since we did not apply 2dcab598484185dea7ec22219c76dcdd59e3cb90
  carnil> but maybe we want to make an exception here and threat this CVE never-
  carnil> theless as affected for all branches.
+ bwh> Introduced by attempted fix for CVE-2017-5986
 Bugs:
 upstream: needed
 4.9-upstream-stable: needed
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
 sid: needed
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-jessie-security: needed
+3.2-wheezy-security: needed

More information about the kernel-sec-discuss mailing list