blob: 725813f9aa5588ca3a0d97690ac93faa8562d6c9 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
Description: lib/iov_iter: initialize "flags" in new pipe_buffer
References:
https://www.openwall.com/lists/oss-security/2022/03/07/1
https://dirtypipe.cm4all.com/
Notes:
carnil> Only exploitable starting in 5.8-rc1 due to f6dd975583bd
carnil> ("pipe: merge anon_pipe_buf*_ops"). The commit which landed in
carnil> 5.17-rc6 was still backported to all stable series.
Bugs:
upstream: released (5.17-rc6) [9d2231c5d74e13b2a0546fee6737ee4446017903]
5.10-upstream-stable: released (5.10.102) [b19ec7afa9297d862ed86443e0164643b97250ab]
4.19-upstream-stable: released (4.19.231) [d46c42d8d2742742eddf9290e72df4b563f2e301]
4.9-upstream-stable: released (4.9.303) [c460ef6e0596eb5ca844c45338c20f6023f1e43c]
sid: released (5.16.11-1)
5.10-bullseye-security: released (5.10.92-2) [bugfix/all/lib-iov_iter-initialize-flags-in-new-pipe_buffer.patch]
4.19-buster-security: N/A "Vulnerable code introduced later"
4.9-stretch-security: N/A "Vulnerable code introduced later"
|
