retired/CVE-2016-10088


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

Description: Memory corruption in SCSI generic device interface
References:
 https://marc.info/?l=linux-scsi&m=148010092224801&w=2
 https://gist.githubusercontent.com/dvyukov/80cd94b4e4c288f16ee4c787d404118b/raw/10536069562444da51b758bb39655b514ff93b45/gistfile1.txt
 http://www.openwall.com/lists/oss-security/2016/12/30/1
Notes:
 bwh> This is the vulnerabilbility left after fixing CVE-2016-9576.
Bugs:
upstream: released (4.10-rc1) [128394eff343fc6d2f32172f03e24829539c5835]
4.9-upstream-stable: released (4.9.2) [3f3a6bbe6f9f5e895d8945494173594ee51632da]
3.16-upstream-stable: released (3.16.40) [sg_write-bsg_write-is-not-fit-to-be-called-under-kernel_ds.patch]
3.2-upstream-stable: released (3.2.85) [sg_write-bsg_write-is-not-fit-to-be-called-under-kernel_ds.patch]
sid: released (4.8.15-2) [bugfix/all/sg_write-bsg_write-is-not-fit-to-be-called-under-KER.patch]
3.16-jessie-security: released (3.16.39-1) [bugfix/all/sg_write-bsg_write-is-not-fit-to-be-called-under-ker.patch]
3.2-wheezy-security: released (3.2.84-1) [bugfix/all/sg_write-bsg_write-is-not-fit-to-be-called-under-ker.patch]