blob: 0e72544ba5f8d55ba2d577887dbab9e417c2588a (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
Description: Memory corruption in SCSI generic device interface
References:
https://marc.info/?l=linux-scsi&m=148010092224801&w=2
https://gist.githubusercontent.com/dvyukov/80cd94b4e4c288f16ee4c787d404118b/raw/10536069562444da51b758bb39655b514ff93b45/gistfile1.txt
Notes:
bwh> This CVE is for the vulnerability fixed by commit a0ac402cfcdc
bwh> "Don't feed anything but regular iovec's to blk_rq_map_user_iov",
bwh> but that only addresses half the problem. The remaining issue is
bwh> covered by CVE-2016-10088, and commit 128394eff343 "sg_write()/
bwh> bsg_write() is not fit to be called under KERNEL_DS" is a
bwh> complete fix for both CVEs.
Bugs:
upstream: released (4.9) [a0ac402cfcdc904f9772e1762b3fda112dcc56a0]
3.16-upstream-stable: released (3.16.40) [sg_write-bsg_write-is-not-fit-to-be-called-under-kernel_ds.patch]
3.2-upstream-stable: released (3.2.85) [sg_write-bsg_write-is-not-fit-to-be-called-under-kernel_ds.patch]
sid: released (4.8.15-1)
3.16-jessie-security: released (3.16.39-1) [bugfix/all/sg_write-bsg_write-is-not-fit-to-be-called-under-ker.patch]
3.2-wheezy-security: released (3.2.84-1) [bugfix/all/sg_write-bsg_write-is-not-fit-to-be-called-under-ker.patch]
|
