Description: AF_PACKET missing/incorrect range checks allow heap buffer overflow References: https://patchwork.ozlabs.org/patch/744811/ https://patchwork.ozlabs.org/patch/744812/ https://patchwork.ozlabs.org/patch/744813/ https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html Notes: bwh> 3.2 is also missing an earlier related fix, commit dc808110bb62 bwh> "packet: handle too big packets for PACKET_V3" nsl> only saw one of the commits in the 4.9 release carnil> which was 16fc98c2479f5477f2df220acd9cb53686e33f4c (in 4.9.23) carnil> the other two commits are in 4.9.26 Bugs: upstream: released (4.11-rc6) [2b6867c2ce76c596676bec7d2d525af525fdc6e2, 8f8d28e4d6d815a391285e121c3a53a0b6cb9e7b, bcc5364bdcfe131e6379363f089e7b4108d35b70] 4.9-upstream-stable: released (4.9.26) [16fc98c2479f5477f2df220acd9cb53686e33f4c, 10452124bac39411e92fc8910dd418648bbb78ac, 1f49c8cd2c9a53ea04bd86bce01247415d12aa26] 3.16-upstream-stable: released (3.16.44) [a481ab4edd87bc2dc6f1fa9029866dd69c86fc5c, a318bc0bcec7f7867f1f1d8cef5ae6f25aa169a7, 7bb3f26487e578c2cb0567196ce93c008967a269] 3.2-upstream-stable: released (3.2.89) [091a6de006536c50f8a30db60d994a5b083b1c7b, 1634172286550a62d8a0a98cf8bec5cd975fa09c, 96053b293c69c636d8d34fc569ac81fbf1118658] sid: released (4.9.18-1) [bugfix/all/net-packet-fix-overflow-in-check-for-priv-area-size.patch, bugfix/all/net-packet-fix-overflow-in-check-for-tp_frame_nr.patch, bugfix/all/net-packet-fix-overflow-in-check-for-tp_reserve.patch] 3.16-jessie-security: released (3.16.43-1) [bugfix/all/net-packet-fix-overflow-in-check-for-priv-area-size.patch, bugfix/all/net-packet-fix-overflow-in-check-for-tp_frame_nr.patch, bugfix/all/net-packet-fix-overflow-in-check-for-tp_reserve.patch] 3.2-wheezy-security: released (3.2.88-1) [bugfix/all/net-packet-fix-overflow-in-check-for-priv-area-size.patch, bugfix/all/net-packet-fix-overflow-in-check-for-tp_frame_nr.patch, bugfix/all/net-packet-fix-overflow-in-check-for-tp_reserve.patch]