mbox series

[SRU,Trusty,Bionic,0/1] Fix for CVE-2017-13168

Message ID 20181012160946.23935-1-kleber.souza@canonical.com
Headers show
Series Fix for CVE-2017-13168 | expand

Message

Kleber Sacilotto de Souza Oct. 12, 2018, 4:09 p.m. UTC 
https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13168.html

  It was discovered that the generic SCSI driver in the Linux kernel did not
  properly enforce permissions on kernel memory access. A local attacker
  could use this to expose sensitive information or possibly elevate
  privileges.

Clean cherry-pick for Bionic, minor backport needed for Trusty since a
couple of helpers are not present in 3.13. Compile tested.

Already fixed in Xenial as part as one of the upstream stable updates.

Jann Horn (1):
  scsi: sg: mitigate read/write abuse

 drivers/scsi/sg.c | 42 ++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 40 insertions(+), 2 deletions(-)

Comments

Khalid Elmously Oct. 14, 2018, 4:40 p.m. UTC | #1 
On 2018-10-12 18:09:44 , Kleber Souza wrote:
> https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13168.html
> 
>   It was discovered that the generic SCSI driver in the Linux kernel did not
>   properly enforce permissions on kernel memory access. A local attacker
>   could use this to expose sensitive information or possibly elevate
>   privileges.
> 
> Clean cherry-pick for Bionic, minor backport needed for Trusty since a
> couple of helpers are not present in 3.13. Compile tested.
> 
> Already fixed in Xenial as part as one of the upstream stable updates.
> 
> Jann Horn (1):
>   scsi: sg: mitigate read/write abuse
> 
>  drivers/scsi/sg.c | 42 ++++++++++++++++++++++++++++++++++++++++--
>  1 file changed, 40 insertions(+), 2 deletions(-)
>
Acked-by: Khalid Elmously <khalid.elmously@canonical.com>
Stefan Bader Oct. 17, 2018, 7:01 a.m. UTC | #2 
On 12.10.18 18:09, Kleber Sacilotto de Souza wrote:
> https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13168.html
> 
>   It was discovered that the generic SCSI driver in the Linux kernel did not
>   properly enforce permissions on kernel memory access. A local attacker
>   could use this to expose sensitive information or possibly elevate
>   privileges.
> 
> Clean cherry-pick for Bionic, minor backport needed for Trusty since a
> couple of helpers are not present in 3.13. Compile tested.
> 
> Already fixed in Xenial as part as one of the upstream stable updates.
> 
> Jann Horn (1):
>   scsi: sg: mitigate read/write abuse
> 
>  drivers/scsi/sg.c | 42 ++++++++++++++++++++++++++++++++++++++++--
>  1 file changed, 40 insertions(+), 2 deletions(-)
> 
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Khalid Elmously Oct. 22, 2018, 7:23 a.m. UTC | #3 
On 2018-10-12 18:09:44 , Kleber Souza wrote:
> https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13168.html
> 
>   It was discovered that the generic SCSI driver in the Linux kernel did not
>   properly enforce permissions on kernel memory access. A local attacker
>   could use this to expose sensitive information or possibly elevate
>   privileges.
> 
> Clean cherry-pick for Bionic, minor backport needed for Trusty since a
> couple of helpers are not present in 3.13. Compile tested.
> 
> Already fixed in Xenial as part as one of the upstream stable updates.
> 
> Jann Horn (1):
>   scsi: sg: mitigate read/write abuse
> 
>  drivers/scsi/sg.c | 42 ++++++++++++++++++++++++++++++++++++++++--
>  1 file changed, 40 insertions(+), 2 deletions(-)
> 
> -- 
> 2.17.1
> 
> 
> -- 
> kernel-team mailing list
> kernel-team@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team