diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2016-08-24 08:26:40 +0000 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2016-08-24 08:26:40 +0000 |
commit | 8401a6ccb4231c063895387616a45318b7405892 (patch) | |
tree | e17369dd05390c3dbf15a11fc9abb492606bf13b /retired/CVE-2016-5728 | |
parent | 73c9012ef5d0de587ba5df08cdd9fad0dda01803 (diff) |
Retire several CVEs
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@4591 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired/CVE-2016-5728')
-rw-r--r-- | retired/CVE-2016-5728 | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/retired/CVE-2016-5728 b/retired/CVE-2016-5728 new file mode 100644 index 00000000..235407c5 --- /dev/null +++ b/retired/CVE-2016-5728 @@ -0,0 +1,24 @@ +Description: Race condition vulnerability in VOP driver +References: +Notes: + From Red Hat Bugzilla: The VOP driver is "new" in the 4.6 kernel only + in that the functionality was moved out of the host MIC driver into a + new driver entirely with commit + 61e9c905df78c253752971e200f0ac6d8667dda6. Prior to that, the + functionality was in the drivers/misc/mic/host/mic_virtio.c host driver, + which was introduced with commit f69bcbf3b4c4 (v3.13). + . + If you look at versions of the kernel prior to 4.6, you will see the + code sequence that is fixed by the mentioned upstream patch is still in + the host driver in the mic_copy_dp_entry function. That needs to be + patched with a similar fix. + . + Introduced in 3.13-rc1 with f69bcbf3b4c4b333dcd7a48eaf868bf0c88edab5 +Bugs: + https://bugzilla.kernel.org/show_bug.cgi?id=116651 +upstream: released (v4.7-rc1) [9bf292bfca94694a721449e3fd752493856710f6] +3.16-upstream-stable: released (3.16.37) [misc-mic-fix-for-double-fetch-security-bug-in-vop-driver.patch] +3.2-upstream-stable: N/A "Vulnerable code introduced in 3.13-rc1 with f69bcbf3b4c4b333dcd7a48eaf868bf0c88edab5" +sid: released (4.6.1-1) [2a9369456a384d84c521c8ebb48d247e8738f84f] +3.16-jessie-security: released (3.16.7-ckt25-2+deb8u3) [bugfix/x86/misc-mic-fix-for-double-fetch-security-bug-in-vop-dr.patch] +3.2-wheezy-security: N/A "Vulnerable code not present" |