[kernel-sec-discuss] r5026 - active
Ben Hutchings
benh at moszumanska.debian.org
Mon Feb 27 15:42:03 UTC 2017
Author: benh
Date: 2017-02-27 15:42:03 +0000 (Mon, 27 Feb 2017)
New Revision: 5026
Modified:
active/CVE-2017-5986
active/CVE-2017-6345
active/CVE-2017-6346
active/CVE-2017-6347
active/CVE-2017-6348
active/CVE-2017-6353
Log:
Fill in missing status fields
Modified: active/CVE-2017-5986
===================================================================
--- active/CVE-2017-5986 2017-02-27 07:34:54 UTC (rev 5025)
+++ active/CVE-2017-5986 2017-02-27 15:42:03 UTC (rev 5026)
@@ -3,7 +3,7 @@
Notes:
carnil> Introduced in 2.6.17-rc5 with 61c9fed41638249f8b6ca5345064eb1beb50179f
bwh> Upstream fix actually makes things worse; see
- bwh> https://marc.info/?l=linux-sctp&m=148770688203103&w=2
+ bwh> https://marc.info/?l=linux-sctp&m=148770688203103&w=2 and CVE-2017-6353
Bugs:
upstream: released (4.10-rc8) [2dcab598484185dea7ec22219c76dcdd59e3cb90]
4.9-upstream-stable: released (4.9.11) [00eff2ebbd229758e90659907724c14dd5a18339]
Modified: active/CVE-2017-6345
===================================================================
--- active/CVE-2017-6345 2017-02-27 07:34:54 UTC (rev 5025)
+++ active/CVE-2017-6345 2017-02-27 15:42:03 UTC (rev 5026)
@@ -2,10 +2,15 @@
References:
Notes:
Bugs:
+ bwh> The upstream commit refers to an added assertion in 3.12, but the
+ bwh> purpose of that assertion was to catch potential UAF cases so I
+ bwh> assume this bug could result in a UAF in 3.2. Note that this bug
+ bwh> is in the obscure llc2 module, not the basic llc support used by
+ bwh> some other protocols.
upstream: released (4.10) [8b74d439e1697110c5e5c600643e823eb1dd0762]
4.9-upstream-stable: released (4.9.13) [42b52783a59cc706c71cdc7096edce4a6f086fd3]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
sid: pending (4.9.13-1)
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
Modified: active/CVE-2017-6346
===================================================================
--- active/CVE-2017-6346 2017-02-27 07:34:54 UTC (rev 5025)
+++ active/CVE-2017-6346 2017-02-27 15:42:03 UTC (rev 5026)
@@ -1,11 +1,13 @@
Description: packet: fix races in fanout_add()
References:
Notes:
+ bwh> The races can clearly lead to a UAF since 4.2. The impact may be
+ bwh> less severe in earlier versions but still needs to be fixed.
Bugs:
upstream: released (4.10) [d199fab63c11998a602205f7ee7ff7c05c97164b]
4.9-upstream-stable: released (4.9.13) [722737f27774b14be5a1d2d3b9281dcded7c48b2]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
sid: pending (4.9.13-1)
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
Modified: active/CVE-2017-6347
===================================================================
--- active/CVE-2017-6347 2017-02-27 07:34:54 UTC (rev 5025)
+++ active/CVE-2017-6347 2017-02-27 15:42:03 UTC (rev 5026)
@@ -1,11 +1,13 @@
Description: ip: fix IP_CHECKSUM handling
References:
Notes:
+ bwh> Introduced in 4.0 by commit ad6f939ab193 "ip: Add offset parameter to
+ bwh> ip_cmsg_recv".
Bugs:
upstream: pending [ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32]
4.9-upstream-stable: released (4.9.13) [481aedf869fbf2d4503ca0005dbd68b78422955a]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: N/A "Vulnerable code not present"
+3.2-upstream-stable: N/A "Vulnerable code not present"
sid: pending (4.9.13-1)
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-jessie-security: N/A "Vulnerable code not present"
+3.2-wheezy-security: N/A "Vulnerable code not present"
Modified: active/CVE-2017-6348
===================================================================
--- active/CVE-2017-6348 2017-02-27 07:34:54 UTC (rev 5025)
+++ active/CVE-2017-6348 2017-02-27 15:42:03 UTC (rev 5026)
@@ -1,11 +1,13 @@
Description: irda: Fix lockdep annotations in hashbin_delete()
References:
Notes:
+ bwh> This actually changes locking, not just lockdep annotations.
+ bwh> So I think it fixes a potential deadlock.
Bugs:
upstream: released (4.10) [4c03b862b12f980456f9de92db6d508a4999b788]
4.9-upstream-stable: released (4.9.13) [c2219da51664451149350e47321aa0fcf72a8b8f]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
sid: pending (4.9.13-1)
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
Modified: active/CVE-2017-6353
===================================================================
--- active/CVE-2017-6353 2017-02-27 07:34:54 UTC (rev 5025)
+++ active/CVE-2017-6353 2017-02-27 15:42:03 UTC (rev 5026)
@@ -6,11 +6,12 @@
carnil> affected since we did not apply 2dcab598484185dea7ec22219c76dcdd59e3cb90
carnil> but maybe we want to make an exception here and threat this CVE never-
carnil> theless as affected for all branches.
+ bwh> Introduced by attempted fix for CVE-2017-5986
Bugs:
upstream: needed
4.9-upstream-stable: needed
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
sid: needed
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
More information about the kernel-sec-discuss
mailing list