[kernel-sec-discuss] r4501 - active
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Jun 30 06:27:06 UTC 2016
Author: carnil
Date: 2016-06-30 06:27:05 +0000 (Thu, 30 Jun 2016)
New Revision: 4501
Added:
active/CVE-2016-5728
Log:
Add CVE-2016-5728
Added: active/CVE-2016-5728
===================================================================
--- active/CVE-2016-5728 (rev 0)
+++ active/CVE-2016-5728 2016-06-30 06:27:05 UTC (rev 4501)
@@ -0,0 +1,23 @@
+Description: Race condition vulnerability in VOP driver
+References:
+Notes:
+ From Red Hat Bugzilla: The VOP driver is "new" in the 4.6 kernel only
+ in that the functionality was moved out of the host MIC driver into a
+ new driver entirely with commit
+ 61e9c905df78c253752971e200f0ac6d8667dda6. Prior to that, the
+ functionality was in the drivers/misc/mic/host/mic_virtio.c host driver,
+ which was introduced with commit f69bcbf3b4c4 (v3.13).
+ .
+ If you look at versions of the kernel prior to 4.6, you will see the
+ code sequence that is fixed by the mentioned upstream patch is still in
+ the host driver in the mic_copy_dp_entry function. That needs to be
+ patched with a similar fix.
+ .
+ Introduced in 3.13-rc1 with f69bcbf3b4c4b333dcd7a48eaf868bf0c88edab5
+Bugs:
+upstream: released (v4.7-rc1) [9bf292bfca94694a721449e3fd752493856710f6]
+3.16-upstream-stable:
+3.2-upstream-stable: N/A "Vulnerable code introduced in 3.13-rc1 with f69bcbf3b4c4b333dcd7a48eaf868bf0c88edab5"
+sid: released (4.6.1-1) [2a9369456a384d84c521c8ebb48d247e8738f84f]
+3.16-jessie-security:
+3.2-wheezy-security: N/A "Vulnerable code not present"
More information about the kernel-sec-discuss
mailing list