Retire CVE-2017-1000405

author: Salvatore Bonaccorso <carnil@debian.org> 2018-01-02 11:39:07 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2018-01-02 11:39:07 +0100
commit: 34931cb0d3850a032ae3d5930dbf0885fabc808f (patch)
tree: 45bc95537e6676ea2afabc54d2656bd091f60eef /retired/CVE-2017-1000405
parent: b2cfa1f1b22cd89043ce35c412b1dccccc1ede05 (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/retired/CVE-2017-1000405 b/retired/CVE-2017-1000405
new file mode 100644
index 00000000..6d781181
--- /dev/null
+++ b/retired/CVE-2017-1000405
@@ -0,0 +1,19 @@
+Description: "Dirty COW" variant on transparent huge pages
+References:
+ http://www.openwall.com/lists/oss-security/2017/11/30/1
+ https://github.com/bindecy/HugeDirtyCowPOC
+Notes:
+ carnil> The upstream commit 8310d48b125d19fcd9521d83b8293e63eb1646aa
+ carnil> allows the race condition, and was backported to 3.2.87,
+ carnil> 3.16.42 and 4.9.7.
+ bwh> But in 3.2 dirty bits didn't work on s390, so the backported version of
+ bwh> can_follow_write_pmd() doesn't use them.
+Bugs:
+upstream: released (4.15-rc2) [a8f97366452ed491d13cf1e44241bc0b5740b1f0]
+4.9-upstream-stable: released (4.9.67) [7031ae2ab37d3df53c4a4e9903329a5d38c745ec]
+3.16-upstream-stable: released (3.16.52) [ec041ea68228f2d025e2fa1b5c90a801605d063b]
+3.2-upstream-stable: N/A "Vulnerable code not present"
+sid: released (4.14.2-1) [bugfix/all/mm-thp-Do-not-make-page-table-dirty-unconditionally-.patch]
+4.9-stretch-security: released (4.9.65-1)
+3.16-jessie-security: released (3.16.51-1)
+3.2-wheezy-security: N/A "Vulnerable code not present"
author	Salvatore Bonaccorso <carnil@debian.org>	2018-01-02 11:39:07 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2018-01-02 11:39:07 +0100
commit	34931cb0d3850a032ae3d5930dbf0885fabc808f (patch)
tree	45bc95537e6676ea2afabc54d2656bd091f60eef /retired/CVE-2017-1000405
parent	b2cfa1f1b22cd89043ce35c412b1dccccc1ede05 (diff)