diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2019-01-08 06:55:12 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2019-01-08 06:55:12 +0100 |
| commit | 643a76ad6b5015ebb76b75986c3c63b83a5d2457 (patch) | |
| tree | 9070697041baef92393ec326d3bf44935836f759 /retired/CVE-2018-18397 | |
| parent | 21e02cdb838612d2762331e35b719f9489d30c41 (diff) | |
Retire CVE-2018-18397
Diffstat (limited to 'retired/CVE-2018-18397')
| -rw-r--r-- | retired/CVE-2018-18397 | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/retired/CVE-2018-18397 b/retired/CVE-2018-18397 new file mode 100644 index 00000000..663c75cf --- /dev/null +++ b/retired/CVE-2018-18397 @@ -0,0 +1,18 @@ +Description: userfaultfd bypasses tmpfs file permissions +References: + https://lore.kernel.org/lkml/20181126173452.26955-1-aarcange@redhat.com/T/#u + https://bugzilla.redhat.com/show_bug.cgi?id=1641548 + https://bugs.chromium.org/p/project-zero/issues/detail?id=1700 + https://www.openwall.com/lists/oss-security/2018/12/12/1 +Notes: + carnil> Commit series fixes 4c27fe4c4c84 ("userfaultfd: shmem: add + carnil> shmem_mcopy_atomic_pte for userfaultfd support") which is added + carnil> in 4.11-rc1. +Bugs: +upstream: released (4.20-rc5) [9e368259ad988356c4c95150fafd1a06af095d98, 5b51072e97d587186c2f5390c8c9c1fb7e179505, 29ec90660d68bbdd69507c1c8b4e33aa299278b1, e2a50c1f64145a04959df2442305d57307e5395a, dcf7fe9d89763a28e0f43975b422ff141fe79e43] +4.19-upstream-stable: released (4.19.8) [10f98c134b02d11923d45ce6688c2479435e8ec9, 6e44dd02c95508f6df5eca4d46adbb75233ea181, 34b7a7cc5321a1b5e13320443557ba1cb11b42e7, 4ce337622f2bbc0df61b0b76aa60388f5def5646, 8f193a716e56f30e36a4c851e59bf6fa74af8d9f] +4.9-upstream-stable: N/A "Vulnerable code introduced later" +3.16-upstream-stable: N/A "Vulnerable code introduced later" +sid: released (4.19.9-1) +4.9-stretch-security: N/A "Vulnerable code not present" +3.16-jessie-security: N/A "Vulnerable code not present" |