[Precise][CVE-2013-2140 0/1] xen/blkback: Check device permissions before allowing OP_DISCARD
Luis Henriques
luis.henriques at canonical.com
Tue Oct 22 14:22:50 UTC 2013
Following this email, I'm sending a backport of commit 604c499, which
fixes CVE-2013-2140. The backport include a function rename and some
context adjustment.
Note that Debian wheezy has its kernel (3.2 based) tagged as 'not
affected' [1] ("Vulnerable code not present"). I believe this is
incorrect, as the 3.2 kernel already includes the BLKIF_OP_DISCARD
operation implementation (commit b3cb0d6 "xen-blkback: Implement
discard requests ('feature-discard')").
I plan to send this backport to the stable mailing list as well, asking
Ben to include it on 3.2 stable kernel.
[1] https://security-tracker.debian.org/tracker/CVE-2013-2140
Konrad Rzeszutek Wilk (1):
xen/blkback: Check device permissions before allowing OP_DISCARD
drivers/block/xen-blkback/blkback.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
--
1.8.3.2
More information about the kernel-team
mailing list