Retire CVE-2017-16995

author: Salvatore Bonaccorso <carnil@debian.org> 2017-12-25 23:33:50 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2017-12-25 23:33:50 +0100
commit: f0034110200d65b388efc510866670f3629b421a (patch)
tree: ba6615360bfd31a8050ddac69293c6fdbda6c8d5 /retired/CVE-2017-16995
parent: 819f46ab5c241a5a9a9e43ae3c1560871cecb2dc (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/retired/CVE-2017-16995 b/retired/CVE-2017-16995
new file mode 100644
index 00000000..5dfa33c3
--- /dev/null
+++ b/retired/CVE-2017-16995
@@ -0,0 +1,16 @@
+Description: bpf: fix incorrect sign extension in check_alu_op()
+References:
+ https://bugs.chromium.org/p/project-zero/issues/detail?id=1454
+ http://www.openwall.com/lists/oss-security/2017/12/21/2
+ https://github.com/brl/grlh/blob/master/get-rekt-linux-hardened.c
+Notes:
+ carnil> Intorduced in 4.9-rc1 with 484611357c19f9e19ef742ebef4505a07d243cc9
+Bugs:
+upstream: released (4.15-rc5) [95a762e2c8c942780948091f8f2a4f32fce1ac6f]
+4.9-upstream-stable: released (4.9.72) [3695b3b18519099224efbc5875569d2cb6da256d]
+3.16-upstream-stable: N/A "Vulnerable code introduced in 4.9-rc1"
+3.2-upstream-stable: N/A "Vulnerable code introduced in 4.9-rc1"
+sid: released (4.14.7-1) [bugfix/all/bpf-fix-incorrect-sign-extension-in-check_alu_op.patch]
+4.9-stretch-security: released (4.9.65-3+deb9u1) [bugfix/all/bpf-fix-incorrect-sign-extension-in-check_alu_op.patch]
+3.16-jessie-security: N/A "Vulnerable code introduced later"
+3.2-wheezy-security: N/A "Vulnerable code introduced later"
author	Salvatore Bonaccorso <carnil@debian.org>	2017-12-25 23:33:50 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2017-12-25 23:33:50 +0100
commit	f0034110200d65b388efc510866670f3629b421a (patch)
tree	ba6615360bfd31a8050ddac69293c6fdbda6c8d5 /retired/CVE-2017-16995
parent	819f46ab5c241a5a9a9e43ae3c1560871cecb2dc (diff)