oss-sec mailing list archives
Re: Linux Kernel use-after-free in SCSI generic device interface
From: <cve-assign () mitre org>
Date: Fri, 30 Dec 2016 12:57:19 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Linus has committed a fix for this to mainline: commit a0ac402cfcdc904f9772e1762b3fda112dcc56a0
whilst the originally identified commit does partly address the issue, the completed fix for the sg and bsg driver appears to be 128394eff343fc6d2f32172f03e24829539c5835.
Use CVE-2016-10088 for the vulnerability that remains after a0ac402cfcdc904f9772e1762b3fda112dcc56a0. The a0ac402cfcdc904f9772e1762b3fda112dcc56a0 code change is in 4.8.14, but the 128394eff343fc6d2f32172f03e24829539c5835 code change is not. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYZp9JAAoJEHb/MwWLVhi2fIIP/RHrAePUQrejGdzGBsGEVGEr eU0RWwNYthutvvKOV0L96oOdLjbjkptp3Q4CWdcny1F39G7e2r7kgt0isSsnveJu TubQ87XWPslY0jzooSGhreGoPB31pmueFZDuVt0f1eYGwXQdWCRH9z59jPyOFQaV CLVekCk5ms1pfvhKbNig6YEuuqSD6RSqEcDw3c4SwAuD/rzxwQtElOP7xo3YlH+z tho/AngjFq7hVvzpNfOP75rPHWS0TTatMYyr8NqOTZI+6WukwvC3uXGT21lKzD8J rzH8sJ7Hv+p/I2gUDCzINcQ9BdzT0uu3la5KbdhCxjZbkMH24sZ1M4IflzxnzwiQ HZicaQMG7RY4Q/QRDBnssI7LSFxKhZ/puh7gRsCHtRexEUQy3veGNFfTOyga/TgB 5ITNA0g6Y0AFIQS2B2eF5+4g+A21LryqZhsBJP4C8knVae9MwaRgnJ0qdAc/MObc s1Oxx63jJbd2wqHO0ybTPG41CnUuBNIVB90HGwLPDw0o06IZq1S7vbG/X/IkVfxC PtE8fwNCKpR1GW8n7sPTWDMrs7qMHfxKp8ES0u+HXW2cs6jcz4CJigMfDj+uQHO0 uJJYwROyfO07RV9MS1R4+kpHq/5XrEx7ka/YjSwMulIHdALJjBSpL3sipOTzNrxa lxseS32rE8umc+Pgz32C =9EjT -----END PGP SIGNATURE-----
Current thread:
- Linux Kernel use-after-free in SCSI generic device interface Marcus Meissner (Dec 08)
- Re: Linux Kernel use-after-free in SCSI generic device interface Salvatore Bonaccorso (Dec 30)
- Re: Linux Kernel use-after-free in SCSI generic device interface cve-assign (Dec 30)
- Re: Linux Kernel use-after-free in SCSI generic device interface Salvatore Bonaccorso (Dec 30)