Bug#823603: linux: [Local root exploit] Use after free via double-fdput in bpf

To: mike_b@tutanota.com, 823603@bugs.debian.org
Subject: Bug#823603: linux: [Local root exploit] Use after free via double-fdput in bpf
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 6 May 2016 15:36:17 +0200
Message-id: <[🔎] 20160506133617.GA24701@lorien.valinor.li>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 823603@bugs.debian.org
In-reply-to: <[🔎] KH4xaU6--3-0@tutanota.com>
References: <[🔎] KH4xaU6--3-0@tutanota.com>

Hi,

On Fri, May 06, 2016 at 01:06:42PM +0100, mike_b@tutanota.com wrote:
> Dear Maintainer,
> 
> A local root privilege escalation exploit (no CVE currently available) for 
> Linux >=4.4 was reported in:
> 
> https://bugs.chromium.org/p/project-zero/issues/detail?id=808
> 
> As far as I can tell, the bug does not yet appear in the Debian Security 
> Tracker.
> 
> -----
> 
> The upstream fix can be found in that same link, or more directly at:
> 
> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8358b02bf67d3a5d8a825070e1aa73f25fb2e4c7
> 
> Other relevant links:
> 
> https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-NNN1.html

This is pending in the packaging repository as

https://anonscm.debian.org/cgit/kernel/linux.git/commit/?h=sid&id=405645d78889b5effdcfbcc0d9ef6ba75a3ac40d

Regards,
Salvatore

Reply to:

References:
- Bug#823603: linux: [Local root exploit] Use after free via double-fdput in bpf
  - From: <mike_b@tutanota.com>

Prev by Date: Processed: found 823603 in 4.4~rc4-1~exp1
Next by Date: Processed: tagging 823603
Previous by thread: Bug#823603: linux: [Local root exploit] Use after free via double-fdput in bpf
Next by thread: Bug#823603: marked as done (linux: CVE-2016-4557: [Local root exploit] Use after free via double-fdput in bpf)
Index(es):
- Date
- Thread