retired/CVE-2017-14991


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

Description: scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE
References:
Notes:
 bwh> Introduced in 4.12-rc1 by commit 109bade9c62 "scsi: sg: use standard
 bwh> lists for sg_requests". This was backported to some stable branches,
 bwh> but I'm not sure why. We might want to take both commits.
 carnil> For 4.9-upstream stable this was in 4.9.52.
Bugs:
upstream: released (4.14-rc2) [3e0097499839e0fe3af380410eababe5a47c4cf9]
4.9-upstream-stable: released (4.9.53) [90cb12f6dc5ac45c51082721ec5bbe18850cf80f]
3.16-upstream-stable: N/A "Vulnerable code introduced later"
3.2-upstream-stable: N/A "Vulnerable code introduced later"
sid: released (4.13.4-1)
4.9-stretch-security: N/A "Vulnerable code introduced later"
3.16-jessie-security: N/A "Vulnerable code introduced later"
3.2-wheezy-security: N/A "Vulnerable code introduced later"