[kernel-sec-discuss] r5696 - active
Ben Hutchings
benh at moszumanska.debian.org
Sun Nov 5 17:33:39 UTC 2017
Author: benh
Date: 2017-11-05 17:33:39 +0000 (Sun, 05 Nov 2017)
New Revision: 5696
Modified:
active/CVE-2017-0786
active/CVE-2017-12188
active/CVE-2017-12190
active/CVE-2017-13080
active/CVE-2017-15265
active/CVE-2017-15649
active/CVE-2017-16525
active/CVE-2017-16526
active/CVE-2017-16527
active/CVE-2017-16528
active/CVE-2017-16529
active/CVE-2017-16530
active/CVE-2017-16531
active/CVE-2017-16532
active/CVE-2017-16533
active/CVE-2017-16534
active/CVE-2017-16535
active/CVE-2017-16536
active/CVE-2017-16537
active/CVE-2017-16538
Log:
Fill in status for new issues
Modified: active/CVE-2017-0786
===================================================================
--- active/CVE-2017-0786 2017-11-04 10:11:52 UTC (rev 5695)
+++ active/CVE-2017-0786 2017-11-05 17:33:39 UTC (rev 5696)
@@ -1,12 +1,14 @@
Description: brcmfmac: add length check in brcmf_cfg80211_escan_handler()
References:
Notes:
+ bwh> Upstream commit is marked for 4.0 onward, but I think the bug was
+ bwh> introduced in 3.7 by commit e756af5b30b0 "brcmfmac: add e-scan support."
Bugs:
upstream: released (4.14-rc4) [17df6453d4be17910456e99c5a85025aa1b7a246]
4.9-upstream-stable: released (4.9.55) [4d3132d97aa753104ee35722352a895750a0fca5]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: needed
+3.2-upstream-stable: N/A "Vulnerable code not present"
sid: released (4.13.4-2) [bugfix/all/brcmfmac-add-length-check-in-brcmf_cfg80211_escan_ha.patch]
4.9-stretch-security: needed
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-jessie-security: needed
+3.2-wheezy-security: N/A "Vulnerable code not present"
Modified: active/CVE-2017-12188
===================================================================
--- active/CVE-2017-12188 2017-11-04 10:11:52 UTC (rev 5695)
+++ active/CVE-2017-12188 2017-11-05 17:33:39 UTC (rev 5696)
@@ -9,12 +9,13 @@
carnil> Issue might thus only affect kernels starting from 4.6-rc1
carnil> but I'm not 100% certain on the last claim or if we should
carnil> adress the issue as well for kernels later than 3.12-rc1
+ bwh> Let's trust Paolo on this
Bugs:
upstream: released (4.14-rc5) [fd19d3b45164466a4adce7cbff448ba9189e1427, 829ee279aed43faa5cb1e4d65c0cad52f2426c53]
4.9-upstream-stable: released (4.9.57) [28955b03fac36829831e185e3ec2793f8eb18689, 3610c4a7838df867d1b9d83a38c87042859ff896]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: N/A "Vulnerable code not present"
+3.2-upstream-stable: N/A "Vulnerable code not present"
sid: released (4.13.4-2) [bugfix/x86/KVM-nVMX-update-last_nonleaf_level-when-initializing.patch, bugfix/x86/KVM-MMU-always-terminate-page-walks-at-level-1.patch]
4.9-stretch-security: needed
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-jessie-security: N/A "Vulnerable code not present"
+3.2-wheezy-security: N/A "Vulnerable code not present"
Modified: active/CVE-2017-12190
===================================================================
--- active/CVE-2017-12190 2017-11-04 10:11:52 UTC (rev 5695)
+++ active/CVE-2017-12190 2017-11-05 17:33:39 UTC (rev 5696)
@@ -6,13 +6,15 @@
https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1495887.html
http://www.openwall.com/lists/oss-security/2017/10/18/9
Notes:
+ bwh> This appears to have been introduced in 2.6.16 by commit 80cfd548eed6
+ bwh> "[BLOCK] bio: check for same page merge possibilities in __bio_add_page()"
Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1495089
upstream: released (4.14-rc5) [95d78c28b5a85bacbc29b8dba7c04babb9b0d467]
4.9-upstream-stable: released (4.9.57) [5444d8ab9a1406af9f1bc2f00c26838637542480]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
sid: released (4.13.10-1)
4.9-stretch-security: needed
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
Modified: active/CVE-2017-13080
===================================================================
--- active/CVE-2017-13080 2017-11-04 10:11:52 UTC (rev 5695)
+++ active/CVE-2017-13080 2017-11-05 17:33:39 UTC (rev 5696)
@@ -3,12 +3,14 @@
Notes:
carnil> "KRACK" also affects the management parts in the kernel,
carnil> mac80211 part.
+ bwh> This has presumably been present for ever, i.e. since commit
+ bwh> f0706e828e96 "[MAC80211]: Add mac80211 wireless stack." in 2.6.22
Bugs:
upstream: released (4.14-rc6) [fdf7cb4185b60c68e1a75e61691c4afdc15dea0e]
-4.9-upstream-stable:
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid:
-4.9-stretch-security:
-3.16-jessie-security:
-3.2-wheezy-security:
+4.9-upstream-stable: needed
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
+sid: needed
+4.9-stretch-security: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
Modified: active/CVE-2017-15265
===================================================================
--- active/CVE-2017-15265 2017-11-04 10:11:52 UTC (rev 5695)
+++ active/CVE-2017-15265 2017-11-05 17:33:39 UTC (rev 5696)
@@ -4,12 +4,14 @@
https://bugzilla.suse.com/show_bug.cgi?id=1062520
http://mailman.alsa-project.org/pipermail/alsa-devel/2017-October/126292.html
Notes:
+ bwh> The bug appears to have been introduced in 2.6.9 by "ALSA CVS update
+ bwh> ... Unlock BKL in ioctl callback to avoid the long preempt-disabling."
Bugs:
upstream: released (4.14-rc5) [71105998845fb012937332fe2e806d443c09e026]
4.9-upstream-stable: released (4.9.57) [35b84860667ff081eee56b62f3db2a28ca8a3823]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
sid: released (4.13.4-2) [bugfix/all/ALSA-seq-Fix-use-after-free-at-creating-a-port.patch]
4.9-stretch-security: needed
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
Modified: active/CVE-2017-15649
===================================================================
--- active/CVE-2017-15649 2017-11-04 10:11:52 UTC (rev 5695)
+++ active/CVE-2017-15649 2017-11-05 17:33:39 UTC (rev 5696)
@@ -6,9 +6,9 @@
Bugs:
upstream: released (4.14-rc2) [008ba2a13f2d04c947adc536d19debb8fe66f110], (4.14-rc4) [4971613c1639d8e5f102c4e797c3bf8f83a5a69e]
4.9-upstream-stable: released (4.9.55) [6f7cdd4aa0a45f21edf6cb31236cd9d10c0d7992, 0f22167d3321a028c0b6edc2d5b2ab0e37a2ac53]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
sid: released (4.13.10-1)
-4.9-stretch-security:
-3.16-jessie-security:
-3.2-wheezy-security:
+4.9-stretch-security: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
Modified: active/CVE-2017-16525
===================================================================
--- active/CVE-2017-16525 2017-11-04 10:11:52 UTC (rev 5695)
+++ active/CVE-2017-16525 2017-11-05 17:33:39 UTC (rev 5696)
@@ -1,12 +1,17 @@
-Description:
+Description: Use-after-free in USB serial console
References:
Notes:
+ bwh> There are two parts, introduced in 2.6.18 by commit 73e487fdb75f
+ bwh> "[PATCH] USB console: fix disconnection issues" and in 4.11 by
+ bwh> commit 0e517c93dc02 "USB: serial: console: clean up sanity checks".
+ bwh> The older part seems unlikely to be exploitable, but should be fixed
+ bwh> anyway.
Bugs:
upstream: released (4.14-rc5) [299d7572e46f98534033a9e65973f13ad1ce9047, bd998c2e0df0469707503023d50d46cf0b10c787]
-4.9-upstream-stable:
-3.16-upstream-stable:
-3.2-upstream-stable:
+4.9-upstream-stable: needed
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
sid: released (4.13.10-1)
-4.9-stretch-security:
-3.16-jessie-security:
-3.2-wheezy-security:
+4.9-stretch-security: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
Modified: active/CVE-2017-16526
===================================================================
--- active/CVE-2017-16526 2017-11-04 10:11:52 UTC (rev 5695)
+++ active/CVE-2017-16526 2017-11-05 17:33:39 UTC (rev 5696)
@@ -1,12 +1,16 @@
Description: uwb: properly check kthread_run return value
References:
Notes:
+ bwh> This doesn't seem like a security flaw, just a dumb bug. It's
+ bwh> also mitigated by the total irrelevance of UWB. Introduced
+ bwh> in 2.6.28 by commit 183b9b592a62 "uwb: add the UWB stack (core
+ bwh> files)".
Bugs:
upstream: released (4.14-rc4) [bbf26183b7a6236ba602f4d6a2f7cade35bba043]
4.9-upstream-stable: released (4.9.55) [8ff7adb930d4a62f43dfc76220a988a043c510ff]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
sid: released (4.13.10-1)
4.9-stretch-security: needed
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
Modified: active/CVE-2017-16527
===================================================================
--- active/CVE-2017-16527 2017-11-04 10:11:52 UTC (rev 5695)
+++ active/CVE-2017-16527 2017-11-05 17:33:39 UTC (rev 5696)
@@ -1,12 +1,14 @@
Description: ALSA: usb-audio: Kill stray URB at exiting
References:
Notes:
+ bwh> Introduced in 2.6.13 by commit 6639b6c2367f "[ALSA] usb-audio - add
+ bwh> mixer control notifications".
Bugs:
upstream: released (4.14-rc5) [124751d5e63c823092060074bd0abaae61aaa9c4]
4.9-upstream-stable: released (4.9.57) [e0c70289a1e334a60b54b54688f18e2ee38396a9]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
sid: released (4.13.10-1)
4.9-stretch-security: needed
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
Modified: active/CVE-2017-16528
===================================================================
--- active/CVE-2017-16528 2017-11-04 10:11:52 UTC (rev 5695)
+++ active/CVE-2017-16528 2017-11-05 17:33:39 UTC (rev 5696)
@@ -1,12 +1,14 @@
Description: ALSA: seq: Cancel pending autoload work at unbinding device
References:
Notes:
+ bwh> Introduced in 3.19 by commit 68ab61084de3 "ALSA: seq: bind seq driver
+ bwh> automatically"
Bugs:
upstream: released (4.14-rc1) [fc27fe7e8deef2f37cba3f2be2d52b6ca5eb9d57]
-4.9-upstream-stable:
-3.16-upstream-stable:
-3.2-upstream-stable:
+4.9-upstream-stable: needed
+3.16-upstream-stable: N/A "Vulnerable code not present"
+3.2-upstream-stable: N/A "Vulnerable code not present"
sid: released (4.13.4-1)
-4.9-stretch-security:
-3.16-jessie-security:
-3.2-wheezy-security:
+4.9-stretch-security: needed
+3.16-jessie-security: N/A "Vulnerable code not present"
+3.2-wheezy-security: N/A "Vulnerable code not present"
Modified: active/CVE-2017-16529
===================================================================
--- active/CVE-2017-16529 2017-11-04 10:11:52 UTC (rev 5695)
+++ active/CVE-2017-16529 2017-11-05 17:33:39 UTC (rev 5696)
@@ -1,12 +1,14 @@
Description: ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor
References:
Notes:
+ bwh> Appears to have been present since usbaudio was added in 2.5.41 by
+ bwh> "PATCH] ALSA update [4/12] - 2002/08/14"
Bugs:
upstream: released (4.14-rc4) [bfc81a8bc18e3c4ba0cbaa7666ff76be2f998991]
4.9-upstream-stable: released (4.9.55) [37b6d898388e78d92a13a8ab50c960d507c968d1]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
sid: released (4.13.10-1)
4.9-stretch-security: needed
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
Modified: active/CVE-2017-16530
===================================================================
--- active/CVE-2017-16530 2017-11-04 10:11:52 UTC (rev 5695)
+++ active/CVE-2017-16530 2017-11-05 17:33:39 UTC (rev 5696)
@@ -1,12 +1,14 @@
Description: USB: uas: fix bug in handling of alternate settings
References:
Notes:
+ bwh> Introduced in 3.15 by commit 6134041bef0a "uas: Verify endpoint
+ bwh> descriptors from uas_use_uas_driver()".
Bugs:
upstream: released (4.14-rc4) [786de92b3cb26012d3d0f00ee37adf14527f35c4]
4.9-upstream-stable: released (4.9.55) [d77606e93d819ad4b8f57511ff61a629ced49750]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: needed
+3.2-upstream-stable: N/A "Vulnerable code not present"
sid: released (4.13.10-1)
-4.9-stretch-security:
-3.16-jessie-security:
-3.2-wheezy-security:
+4.9-stretch-security: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: N/A "Vulnerable code not present"
Modified: active/CVE-2017-16531
===================================================================
--- active/CVE-2017-16531 2017-11-04 10:11:52 UTC (rev 5695)
+++ active/CVE-2017-16531 2017-11-05 17:33:39 UTC (rev 5696)
@@ -1,12 +1,14 @@
Description: USB: fix out-of-bounds in usb_set_configuration
References:
Notes:
+ bwh> Introduced in 2.6.23 by commit 165fe97ed610 "USB: add IAD support to
+ bwh> usbfs and sysfs"
Bugs:
upstream: released (4.14-rc4) [bd7a3fe770ebd8391d1c7d072ff88e9e76d063eb]
4.9-upstream-stable: released (4.9.55) [a6d4ce2e8b653ff7facde0d0051663fa4cf57b78]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
sid: released (4.13.10-1)
-4.9-stretch-security:
-3.16-jessie-security:
-3.2-wheezy-security:
+4.9-stretch-security: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
Modified: active/CVE-2017-16532
===================================================================
--- active/CVE-2017-16532 2017-11-04 10:11:52 UTC (rev 5695)
+++ active/CVE-2017-16532 2017-11-05 17:33:39 UTC (rev 5696)
@@ -1,12 +1,13 @@
Description: usb: usbtest: fix NULL pointer dereference
References:
Notes:
+ bwh> Introduced in 2.6.3 by "[PATCH] USB: usbtest updates"
Bugs:
upstream: released (4.14-rc5) [7c80f9e4a588f1925b07134bb2e3689335f6c6d8]
-4.9-upstream-stable:
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid:
-4.9-stretch-security:
-3.16-jessie-security:
-3.2-wheezy-security:
+4.9-upstream-stable: needed
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
+sid: needed
+4.9-stretch-security: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
Modified: active/CVE-2017-16533
===================================================================
--- active/CVE-2017-16533 2017-11-04 10:11:52 UTC (rev 5695)
+++ active/CVE-2017-16533 2017-11-05 17:33:39 UTC (rev 5696)
@@ -1,12 +1,13 @@
Description: HID: usbhid: fix out-of-bounds bug
References:
Notes:
+ bwh> Appears to have been present since usbhid was introduced in 2.3.36pre6
Bugs:
upstream: released (4.14-rc5) [f043bfc98c193c284e2cd768fefabe18ac2fed9b]
4.9-upstream-stable: released (4.9.57) [57265cddde308292af881ce634a5378dd4e25900]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
sid: released (4.13.10-1)
4.9-stretch-security: needed
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
Modified: active/CVE-2017-16534
===================================================================
--- active/CVE-2017-16534 2017-11-04 10:11:52 UTC (rev 5695)
+++ active/CVE-2017-16534 2017-11-05 17:33:39 UTC (rev 5696)
@@ -1,12 +1,16 @@
Description: USB: core: harden cdc_parse_cdc_header
References:
Notes:
+ bwh> Introduced in 4.4 by commit c40a2c8817e4 "CDC: common parser for extra
+ bwh> headers", but there may be similar bugs in individual drivers in older
+ bwh> versions. cdc_ether seems to have missed a length check for
+ bwh> USB_CDC_ACM_TYPE.
Bugs:
upstream: released (4.14-rc4) [2e1c42391ff2556387b3cb6308b24f6f65619feb]
4.9-upstream-stable: released (4.9.55) [767f7a2cf33a135fe3f57010b51c3f6e92d7677d]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: N/A "Vulnerable code not present"
+3.2-upstream-stable: N/A "Vulnerable code not present"
sid: released (4.13.10-1)
4.9-stretch-security: needed
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-jessie-security: N/A "Vulnerable code not present"
+3.2-wheezy-security: N/A "Vulnerable code not present"
Modified: active/CVE-2017-16535
===================================================================
--- active/CVE-2017-16535 2017-11-04 10:11:52 UTC (rev 5695)
+++ active/CVE-2017-16535 2017-11-05 17:33:39 UTC (rev 5696)
@@ -1,12 +1,13 @@
Description: USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor()
References:
Notes:
+ bwh> Introduced in 3.2 by commit 3148bf041d16 "usbcore: get BOS descriptor set"
Bugs:
upstream: released (4.14-c6) [1c0edc3633b56000e18d82fc241e3995ca18a69e]
4.9-upstream-stable: released (4.9.59) [9d13d3e05be29056eeab610d9ad26b04c9231a04]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
sid: released (4.13.10-1)
4.9-stretch-security: needed
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
Modified: active/CVE-2017-16536
===================================================================
--- active/CVE-2017-16536 2017-11-04 10:11:52 UTC (rev 5695)
+++ active/CVE-2017-16536 2017-11-05 17:33:39 UTC (rev 5696)
@@ -2,12 +2,14 @@
References:
https://patchwork.kernel.org/patch/9963527/
Notes:
+ bwh> Introduced in 2.6.30 by commit e0d3bafd0258 "V4L/DVB (10954): Add
+ bwh> cx231xx USB driver"
Bugs:
-upstream:
-4.9-upstream-stable:
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid:
-4.9-stretch-security:
-3.16-jessie-security:
-3.2-wheezy-security:
+upstream: needed
+4.9-upstream-stable: needed
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
+sid: needed
+4.9-stretch-security: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
Modified: active/CVE-2017-16537
===================================================================
--- active/CVE-2017-16537 2017-11-04 10:11:52 UTC (rev 5695)
+++ active/CVE-2017-16537 2017-11-05 17:33:39 UTC (rev 5696)
@@ -2,12 +2,14 @@
References:
https://patchwork.kernel.org/patch/9994017/
Notes:
+ bwh> Introduced in 2.6.35 by commit 21677cfc562a "V4L/DVB: ir-core: add imon
+ bwh> driver"
Bugs:
-upstream:
-4.9-upstream-stable:
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid:
-4.9-stretch-security:
-3.16-jessie-security:
-3.2-wheezy-security:
+upstream: needed
+4.9-upstream-stable: needed
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
+sid: needed
+4.9-stretch-security: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
Modified: active/CVE-2017-16538
===================================================================
--- active/CVE-2017-16538 2017-11-04 10:11:52 UTC (rev 5695)
+++ active/CVE-2017-16538 2017-11-05 17:33:39 UTC (rev 5696)
@@ -3,12 +3,14 @@
https://patchwork.linuxtv.org/patch/44566/
https://patchwork.linuxtv.org/patch/44567/
Notes:
+ bwh> Probably introduced in 3.9 by commit b858c331cdf4 "[media] m88rs2000:
+ bwh> make use ts2020"
Bugs:
-upstream:
-4.9-upstream-stable:
-3.16-upstream-stable:
-3.2-upstream-stable:
-sid:
-4.9-stretch-security:
-3.16-jessie-security:
-3.2-wheezy-security:
+upstream: needed
+4.9-upstream-stable: needed
+3.16-upstream-stable: needed
+3.2-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+4.9-stretch-security: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: N/A "Vulnerable code not present"
More information about the kernel-sec-discuss
mailing list