Ubuntu
linux package

Zesty update to 4.10.14 stable release

Bug #1688499 reported by Stefan Bader on 2017-05-05

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Fix Released	Undecided	Unassigned
	Zesty	Fix Released	Medium	Stefan Bader

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The 4.10.14 upstream stable
       patch set is now available. It should be included in the Ubuntu
       kernel as well.

git://git.kernel.org/

TEST CASE: TBD

The following patches from the 4.10.14 stable release shall be applied:
* ping: implement proper locking
* sparc64: kern_addr_valid regression
* sparc64: Fix kernel panic due to erroneous #ifdef surrounding pmd_write()
* net: neigh: guard against NULL solicit() method
* net: phy: handle state correctly in phy_stop_machine
* kcm: return immediately after copy_from_user() failure
* secure_seq: downgrade to per-host timestamp offsets
* bpf: improve verifier packet range checks
* Revert "UBUNTU: SAUCE: (no-up) net/mlx5: Avoid dereferencing uninitialized
  pointer"
* net/mlx5: Avoid dereferencing uninitialized pointer
* l2tp: hold tunnel socket when handling control frames in l2tp_ip and
  l2tp_ip6
* l2tp: purge socket queues in the .destruct() callback
* openvswitch: Fix ovs_flow_key_update()
* l2tp: take reference on sessions being dumped
* l2tp: fix PPP pseudo-wire auto-loading
* net: ipv4: fix multipath RTM_GETROUTE behavior when iif is given
* sctp: listen on the sock only when it's state is listening or closed
* tcp: clear saved_syn in tcp_disconnect()
* ipv6: Fix idev->addr_list corruption
* net-timestamp: avoid use-after-free in ip_recv_error
* net: vrf: Fix setting NLM_F_EXCL flag when adding l3mdev rule
* sh_eth: unmap DMA buffers when freeing rings
* ipv6: sr: fix out-of-bounds access in SRH validation
* dp83640: don't recieve time stamps twice
* ipv6: sr: fix double free of skb after handling invalid SRH
* ipv6: fix source routing
* gso: Validate assumption of frag_list segementation
* net: ipv6: RTF_PCPU should not be settable from userspace
* netpoll: Check for skb->queue_mapping
* ip6mr: fix notification device destruction
* net/mlx5: Fix driver load bad flow when having fw initializing timeout
* net/mlx5: E-Switch, Correctly deal with inline mode on ConnectX-5
* net/mlx5e: Fix small packet threshold
* net/mlx5e: Fix ETHTOOL_GRXCLSRLALL handling
* tcp: fix SCM_TIMESTAMPING_OPT_STATS for normal skbs
* tcp: mark skbs with SCM_TIMESTAMPING_OPT_STATS
* macvlan: Fix device ref leak when purging bc_queue
* net: ipv6: regenerate host route if moved to gc list
* net: phy: fix auto-negotiation stall due to unavailable interrupt
* ipv6: check skb->protocol before lookup for nexthop
* tcp: memset ca_priv data to 0 properly
* ipv6: check raw payload size correctly in ioctl
* ALSA: oxfw: fix regression to handle Stanton SCS.1m/1d
* ALSA: firewire-lib: fix inappropriate assignment between signed/unsigned
  type
* ALSA: seq: Don't break snd_use_lock_sync() loop by timeout
* scsi: return correct blkprep status code in case scsi_init_io() fails.
* ARC: [plat-eznps] Fix build error
* MIPS: KGDB: Use kernel context for sleeping threads
* MIPS: cevt-r4k: Fix out-of-bounds array access
* MIPS: Avoid BUG warning in arch_check_elf
* p9_client_readdir() fix
* ASoC: intel: Fix PM and non-atomic crash in bytcr drivers
* Input: i8042 - add Clevo P650RS to the i8042 reset list
* nfsd: check for oversized NFSv2/v3 arguments
* nfsd4: minor NFSv2/v3 write decoding cleanup
* nfsd: stricter decoding of write-like NFSv2/v3 ops
* ceph: fix recursion between ceph_set_acl() and __ceph_setattr()
* macsec: avoid heap overflow in skb_to_sgvec
* net: can: usb: gs_usb: Fix buffer on stack
* cpu/hotplug: Serialize callback invocations proper
* ftrace/x86: Fix triple fault with graph tracing and suspend-to-ram
* Linux 4.10.14

See original description

Tags:

CVE References

Stefan Bader (smb) on 2017-05-05

tags:	added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Zesty):
assignee:	nobody → Stefan Bader (smb)
importance:	Undecided → Medium
status:	New → In Progress

Stefan Bader (smb) on 2017-05-05

description:

updated

Revision history for this message

Stefan Bader (smb) wrote on 2017-05-05:

The following patches were skipped because they were already applied:

* bug #1678009 / CVE-2017-7308
- net/packet: fix overflow in check for tp_frame_nr
- net/packet: fix overflow in check for tp_reserve

The following patch was reverted and replaced by its upstream counterpart to pick up the upstream commit SHA1:

* bug #1676786 [Zesty] mlx5_core Kernel oops with bonding mode
  1 and 6
  - UBUNTU: SAUCE: (no-up) net/mlx5: Avoid dereferencing uninitialized
    pointer
  + net/mlx5: Avoid dereferencing uninitialized pointer

The following commit required manual context handling due to changes introduced by
bug #1676388 [zesty] mlx5e OVS fixes.

* net/mlx5: E-Switch, Correctly deal with inline mode on ConnectX-5

Thadeu Lima de Souza Cascardo (cascardo) on 2017-05-05

Changed in linux (Ubuntu Zesty):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2017-06-01:

Download full text (16.0 KiB)

This bug was fixed in the package linux - 4.10.0-22.24

---------------
linux (4.10.0-22.24) zesty; urgency=low

* linux: 4.10.0-22.24 -proposed tracker (LP: #1691146)

* Fix NVLINK2 TCE route (LP: #1690155)
- powerpc/powernv: Fix TCE kill on NVLink2

* CVE-2017-0605
- tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline()

  * perf: qcom: Add L3 cache PMU driver (LP: #1689856)
    - [Config] CONFIG_QCOM_L3_PMU=y
    - perf: qcom: Add L3 cache PMU driver

  * No PMU support for ACPI-based arm64 systems (LP: #1689661)
    - drivers/perf: arm_pmu: rework per-cpu allocation
    - drivers/perf: arm_pmu: manage interrupts per-cpu
    - drivers/perf: arm_pmu: split irq request from enable
    - drivers/perf: arm_pmu: remove pointless PMU disabling
    - drivers/perf: arm_pmu: define armpmu_init_fn
    - drivers/perf: arm_pmu: fold init into alloc
    - drivers/perf: arm_pmu: factor out pmu registration
    - drivers/perf: arm_pmu: simplify cpu_pmu_request_irqs()
    - drivers/perf: arm_pmu: handle no platform_device
    - drivers/perf: arm_pmu: rename irq request/free functions
    - drivers/perf: arm_pmu: split cpu-local irq request/free
    - drivers/perf: arm_pmu: move irq request/free into probe
    - drivers/perf: arm_pmu: split out platform device probe logic
    - arm64: add function to get a cpu's MADT GICC table
    - [Config] CONFIG_ARM_PMU_ACPI=y
    - drivers/perf: arm_pmu: add ACPI framework
    - arm64: pmuv3: handle !PMUv3 when probing
    - arm64: pmuv3: use arm_pmu ACPI framework

  * [SRU][Zesty]QDF2400 kernel oops on ipmitool fru write 0 fru.bin
    (LP: #1689886)
    - ipmi: Fix kernel panic at ipmi_ssif_thread()

  * tty: pl011: fix earlycon work-around for QDF2400 erratum 44 (LP: #1689818)
    - tty: pl011: fix earlycon work-around for QDF2400 erratum 44
    - tty: pl011: use "qdf2400_e44" as the earlycon name for QDF2400 E44

  * kernel-wedge fails in artful due to leftover squashfs-modules d-i files
    (LP: #1688259)
    - Remove squashfs-modules files from d-i
    - [Config] as squashfs-modules is builtin kernel-image must Provides: it

  * arm64/ACPI support for SBSA watchdog (LP: #1688114)
    - clocksource: arm_arch_timer: clean up printk usage
    - clocksource: arm_arch_timer: rename type macros
    - clocksource: arm_arch_timer: rename the PPI enum
    - clocksource: arm_arch_timer: move enums and defines to header file
    - clocksource: arm_arch_timer: add a new enum for spi type
    - clocksource: arm_arch_timer: rework PPI selection
    - clocksource: arm_arch_timer: split dt-only rate handling
    - clocksource: arm_arch_timer: refactor arch_timer_needs_probing
    - clocksource: arm_arch_timer: move arch_timer_needs_of_probing into DT init
      call
    - clocksource: arm_arch_timer: add structs to describe MMIO timer
    - clocksource: arm_arch_timer: split MMIO timer probing.
    - [Config] CONFIG_ACPI_GTDT=y
    - acpi/arm64: Add GTDT table parse driver
    - clocksource: arm_arch_timer: simplify ACPI support code.
    - acpi/arm64: Add memory-mapped timer support in GTDT driver
    - clocksource: arm_arch_timer: add GTDT support for memory-mapped timer
    - acpi/arm64: Add SBS...

This bug was fixed in the package linux - 4.10.0-22.24

---------------
linux (4.10.0-22.24) zesty; urgency=low

* linux: 4.10.0-22.24 -proposed tracker (LP: #1691146)

* Fix NVLINK2 TCE route (LP: #1690155)
    - powerpc/powernv: Fix TCE kill on NVLink2

* CVE-2017-0605
    - tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline()

* perf: qcom: Add L3 cache PMU driver (LP: #1689856)
    - [Config] CONFIG_QCOM_L3_PMU=y
    - perf: qcom: Add L3 cache PMU driver

* [SRU][Zesty]QDF2400 kernel oops on ipmitool fru write 0 fru.bin
    (LP: #1689886)
    - ipmi: Fix kernel panic at ipmi_ssif_thread()

* tty: pl011: fix earlycon work-around for QDF2400 erratum 44  (LP: #1689818)
    - tty: pl011: fix earlycon work-around for QDF2400 erratum 44
    - tty: pl011: use "qdf2400_e44" as the earlycon name for QDF2400 E44

* kernel BUG at /build/linux-7LGLH_/linux-4.10.0/include/linux/swapops.h:129
    (LP: #1674838)
    - Revert "mm/ksm: handle protnone saved writes when making page write protect"
    - Revert "mm, ksm: convert write_protect_page() to use page_vma_mapped_walk()"
    - Revert "mm: introduce page_vma_mapped_walk()"
    - mm/ksm: handle protnone saved writes when making page write protect

* arm64: Add CNTFRQ_EL0 handler (LP: #1688164)
    - arm64: Add CNTFRQ_EL0 trap handler

* Support IPMI system interface on Cavium ThunderX (LP: #1688132)
    - i2c: thunderx: Enable HWMON class probing

* Update ENA driver to 1.1.2 from net-next (LP: #1664312)
    - net/ena: remove ntuple filter support from device feature list
    - net/ena: fix queues number calculation
    - net/ena: fix ethtool RSS flow configuration
    - net/ena: fix RSS default hash configuration
    - net/ena: fix NULL dereference when removing the driver after device reset
      failed
    - net/ena: refactor ena_get_stats64 to be atomic context safe
    - net/ena: fix potential access to freed memory during device reset
    - net/ena: use READ_ONCE to access completion descriptors
    - net/ena: reduce the severity of ena printouts
    - net/ena: change driver's default timeouts
    - net/ena: change condition for host attribute configuration
    - net/ena: update driver version to 1.1.2

* Zesty update to 4.10.15 stable release (LP: #1689258)
    - timerfd: Protect the might cancel mechanism proper
    - Handle mismatched open calls
    - hwmon: (it87) Avoid registering the same chip on both SIO addresses
    - dm ioctl: prevent stack leak in dm ioctl call
    - Linux 4.10.15

* Zesty update to 4.10.14 stable release (LP: #1688499)
    - ping: implement proper locking
    - sparc64: kern_addr_valid regression
    - sparc64: Fix kernel panic due to erroneous #ifdef surrounding pmd_write()
    - net: neigh: guard against NULL solicit() method
    - net: phy: handle state correctly in phy_stop_machine
    - kcm: return immediately after copy_from_user() failure
    - secure_seq: downgrade to per-host timestamp offsets
    - bpf: improve verifier packet range checks
    - Revert "UBUNTU: SAUCE: (no-up) net/mlx5: Avoid dereferencing uninitialized
      pointer"
    - net/mlx5: Avoid dereferencing uninitialized pointer
    - l2tp: hold tunnel socket when handling control frames in l2tp_ip and
      l2tp_ip6
    - l2tp: purge socket queues in the .destruct() callback
    - openvswitch: Fix ovs_flow_key_update()
    - l2tp: take reference on sessions being dumped
    - l2tp: fix PPP pseudo-wire auto-loading
    - net: ipv4: fix multipath RTM_GETROUTE behavior when iif is given
    - sctp: listen on the sock only when it's state is listening or closed
    - tcp: clear saved_syn in tcp_disconnect()
    - ipv6: Fix idev->addr_list corruption
    - net-timestamp: avoid use-after-free in ip_recv_error
    - net: vrf: Fix setting NLM_F_EXCL flag when adding l3mdev rule
    - sh_eth: unmap DMA buffers when freeing rings
    - ipv6: sr: fix out-of-bounds access in SRH validation
    - dp83640: don't recieve time stamps twice
    - ipv6: sr: fix double free of skb after handling invalid SRH
    - ipv6: fix source routing
    - gso: Validate assumption of frag_list segementation
    - net: ipv6: RTF_PCPU should not be settable from userspace
    - netpoll: Check for skb->queue_mapping
    - ip6mr: fix notification device destruction
    - net/mlx5: Fix driver load bad flow when having fw initializing timeout
    - net/mlx5: E-Switch, Correctly deal with inline mode on ConnectX-5
    - net/mlx5e: Fix small packet threshold
    - net/mlx5e: Fix ETHTOOL_GRXCLSRLALL handling
    - tcp: fix SCM_TIMESTAMPING_OPT_STATS for normal skbs
    - tcp: mark skbs with SCM_TIMESTAMPING_OPT_STATS
    - macvlan: Fix device ref leak when purging bc_queue
    - net: ipv6: regenerate host route if moved to gc list
    - net: phy: fix auto-negotiation stall due to unavailable interrupt
    - ipv6: check skb->protocol before lookup for nexthop
    - tcp: memset ca_priv data to 0 properly
    - ipv6: check raw payload size correctly in ioctl
    - ALSA: oxfw: fix regression to handle Stanton SCS.1m/1d
    - ALSA: firewire-lib: fix inappropriate assignment between signed/unsigned
      type
    - ALSA: seq: Don't break snd_use_lock_sync() loop by timeout
    - scsi: return correct blkprep status code in case scsi_init_io() fails.
    - ARC: [plat-eznps] Fix build error
    - MIPS: KGDB: Use kernel context for sleeping threads
    - MIPS: cevt-r4k: Fix out-of-bounds array access
    - MIPS: Avoid BUG warning in arch_check_elf
    - p9_client_readdir() fix
    - ASoC: intel: Fix PM and non-atomic crash in bytcr drivers
    - Input: i8042 - add Clevo P650RS to the i8042 reset list
    - nfsd: check for oversized NFSv2/v3 arguments
    - nfsd4: minor NFSv2/v3 write decoding cleanup
    - nfsd: stricter decoding of write-like NFSv2/v3 ops
    - ceph: fix recursion between ceph_set_acl() and __ceph_setattr()
    - macsec: avoid heap overflow in skb_to_sgvec
    - net: can: usb: gs_usb: Fix buffer on stack
    - cpu/hotplug: Serialize callback invocations proper
    - ftrace/x86: Fix triple fault with graph tracing and suspend-to-ram
    - Linux 4.10.14

* Zesty update to 4.10.13 stable release (LP: #1688485)
    - KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings
    - KEYS: Change the name of the dead type to ".dead" to prevent user access
    - KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings
    - tracing: Allocate the snapshot buffer before enabling probe
    - HID: wacom: Treat HID_DG_TOOLSERIALNUMBER as unsigned
    - ring-buffer: Have ring_buffer_iter_empty() return true when empty
    - mm: prevent NR_ISOLATE_* stats from going negative
    - cifs: Do not send echoes before Negotiate is complete
    - CIFS: remove bad_network_name flag
    - mmc: dw_mmc: silent verbose log when calling from PM context
    - s390/mm: fix CMMA vs KSM vs others
    - Input: elantech - add Fujitsu Lifebook E547 to force crc_enabled
    - ACPI / power: Avoid maybe-uninitialized warning
    - mmc: dw_mmc: Don't allow Runtime PM for SDIO cards
    - mmc: sdhci-esdhc-imx: increase the pad I/O drive strength for DDR50 card
    - ubifs: Fix RENAME_WHITEOUT support
    - ubifs: Fix O_TMPFILE corner case in ubifs_link()
    - mac80211: reject ToDS broadcast data frames
    - mac80211: fix MU-MIMO follow-MAC mode
    - x86/mce: Make the MCE notifier a blocking one
    - ubi/upd: Always flush after prepared for an update
    - powerpc/kprobe: Fix oops when kprobed on 'stdu' instruction
    - x86/mce/AMD: Give a name to MCA bank 3 when accessed with legacy MSRs
    - device-dax: switch to srcu, fix rcu_read_lock() vs pte allocation
    - Linux 4.10.13

* Zesty update to 4.10.12 stable release (LP: #1687045)
    - Revert "UBUNTU: SAUCE: Revert "audit: fix auditd/kernel connection state
      tracking""
    - cgroup, kthread: close race window where new kthreads can be migrated to
      non-root cgroups
    - audit: make sure we don't let the retry queue grow without bounds
    - tcmu: Fix possible overwrite of t_data_sg's last iov[]
    - tcmu: Fix wrongly calculating of the base_command_size
    - tcmu: Skip Data-Out blocks before gathering Data-In buffer for BIDI case
    - thp: fix MADV_DONTNEED vs. MADV_FREE race
    - thp: fix MADV_DONTNEED vs clear soft dirty race
    - zsmalloc: expand class bit
    - orangefs: free superblock when mount fails
    - drm/nouveau/mpeg: mthd returns true on success now
    - drm/nouveau/mmu/nv4a: use nv04 mmu rather than the nv44 one
    - drm/nouveau/kms/nv50: fix setting of HeadSetRasterVertBlankDmi method
    - drm/nouveau/kms/nv50: fix double dma_fence_put() when destroying plane state
    - drm/nouveau: initial support (display-only) for GP107
    - drm/etnaviv: fix missing unlock on error in etnaviv_gpu_submit()
    - drm/fb-helper: Allow var->x/yres(_virtual) < fb->width/height again
    - CIFS: reconnect thread reschedule itself
    - CIFS: store results of cifs_reopen_file to avoid infinite wait
    - Input: xpad - add support for Razer Wildcat gamepad
    - perf annotate s390: Fix perf annotate error -95 (4.10 regression)
    - perf/x86: Avoid exposing wrong/stale data in intel_pmu_lbr_read_32()
    - x86/efi: Don't try to reserve runtime regions
    - x86/signals: Fix lower/upper bound reporting in compat siginfo
    - x86/intel_rdt: Fix locking in rdtgroup_schemata_write()
    - x86, pmem: fix broken __copy_user_nocache cache-bypass assumptions
    - x86/vdso: Ensure vdso32_enabled gets set to valid values only
    - x86/vdso: Plug race between mapping and ELF header setup
    - acpi, nfit, libnvdimm: fix interleave set cookie calculation (64-bit
      comparison)
    - ACPI / scan: Set the visited flag for all enumerated devices
    - parisc: fix bugs in pa_memcpy
    - efi/libstub: Skip GOP with PIXEL_BLT_ONLY format
    - efi/fb: Avoid reconfiguration of BAR that covers the framebuffer
    - iscsi-target: Fix TMR reference leak during session shutdown
    - iscsi-target: Drop work-around for legacy GlobalSAN initiator
    - scsi: sr: Sanity check returned mode data
    - scsi: sd: Consider max_xfer_blocks if opt_xfer_blocks is unusable
    - scsi: qla2xxx: Add fix to read correct register value for ISP82xx.
    - scsi: sd: Fix capacity calculation with 32-bit sector_t
    - target: Avoid mappedlun symlink creation during lun shutdown
    - xen, fbfront: fix connecting to backend
    - new privimitive: iov_iter_revert()
    - make skb_copy_datagram_msg() et.al. preserve ->msg_iter on error
    - libnvdimm: fix blk free space accounting
    - libnvdimm: fix reconfig_mutex, mmap_sem, and jbd2_handle lockdep splat
    - libnvdimm: band aid btt vs clear poison locking
    - can: ifi: use correct register to read rx status
    - pwm: rockchip: State of PWM clock should synchronize with PWM enabled state
    - cpufreq: Bring CPUs up even if cpufreq_online() failed
    - irqchip/irq-imx-gpcv2: Fix spinlock initialization
    - ftrace: Fix removing of second function probe
    - drm/i915/gvt: set the correct default value of CTX STATUS PTR
    - char: lack of bool string made CONFIG_DEVPORT always on
    - Revert "MIPS: Lantiq: Fix cascaded IRQ setup"
    - zram: do not use copy_page with non-page aligned address
    - ftrace: Fix function pid filter on instances
    - crypto: algif_aead - Fix bogus request dereference in completion function
    - crypto: xts - Fix use-after-free on EINPROGRESS
    - crypto: ahash - Fix EINPROGRESS notification callback
    - crypto: lrw - Fix use-after-free on EINPROGRESS
    - parisc: Fix get_user() for 64-bit value on 32-bit kernel
    - dvb-usb-v2: avoid use-after-free
    - [Config] CONFIG_SND_SOC_INTEL_BDW_RT5677_MACH=m
    - ASoC: Intel: select DW_DMAC_CORE since it's mandatory
    - platform/x86: acer-wmi: setup accelerometer when machine has appropriate
      notify event
    - x86/xen: Fix APIC id mismatch warning on Intel
    - ACPI / EC: Use busy polling mode when GPE is not enabled
    - rtc: tegra: Implement clock handling
    - mm: Tighten x86 /dev/mem with zeroing reads
    - cxusb: Use a dma capable buffer also for reading
    - virtio-console: avoid DMA from stack
    - Linux 4.10.12

* Support low-pin-count devices on Hisilicon SoCs (LP: #1677319)
    - [Config] CONFIG_LIBIO=y on arm64 only
    - SAUCE: LIBIO: Introduce a generic PIO mapping method
    - SAUCE: OF: Add missing I/O range exception for indirect-IO devices
    - [Config] CONFIG_HISILICON_LPC=y
    - SAUCE: LPC: Support the device-tree LPC host on Hip06/Hip07
    - SAUCE: LIBIO: Support the dynamically logical PIO registration of ACPI host
      I/O
    - SAUCE: LPC: Add the ACPI LPC support
    - SAUCE: PCI: Apply the new generic I/O management on PCI IO hosts
    - SAUCE: PCI: Restore codepath for !CONFIG_LIBIO

* APST quirk needed for Samsung 512GB NVMe drive (LP: #1678184)
    - nvme: Adjust the Samsung APST quirk
    - nvme: Quirk APST off on "THNSF5256GPUK TOSHIBA"

* [Zesty] d-i: replace msm_emac with qcom_emac (LP: #1677297)
    - Revert "UBUNTU: d-i: initrd needs msm_emac on amberwing platform."
    - d-i: initrd needs qcom_emac on amberwing platform.

* POWER9: CAPI2 enablement (LP: #1686519)
    - cxl: Fix build when CONFIG_DEBUG_FS=n
    - cxl: Read vsec perst load image
    - cxl: Remove unused values in bare-metal environment.
    - cxl: Keep track of mm struct associated with a context
    - cxl: Update implementation service layer
    - cxl: Rename some psl8 specific functions
    - cxl: Isolate few psl8 specific calls
    - cxl: Force psl data-cache flush during device shutdown
    - cxl: Add psl9 specific code

* CVE-2017-7979
    - net sched actions: allocate act cookie early

* refcount underflow / kernel NULL dereference after attempting to add basic
    tc filter (LP: #1682368)
    - net_sched: nla_memdup_cookie() can be static

-- Thadeu Lima de Souza Cascardo <cascardo@canonical.com>  Wed, 17 May 2017 18:13:39 -0300

Changed in linux (Ubuntu):
status:	New → Fix Released

Launchpad Janitor (janitor) on 2017-06-06

Changed in linux (Ubuntu Zesty):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package