[SRU][Trusty][Bionic][PATCH 0/1] Fix for CVE-2017-13168
Kleber Sacilotto de Souza
kleber.souza at canonical.com
Fri Oct 12 16:09:44 UTC 2018
https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13168.html
It was discovered that the generic SCSI driver in the Linux kernel did not
properly enforce permissions on kernel memory access. A local attacker
could use this to expose sensitive information or possibly elevate
privileges.
Clean cherry-pick for Bionic, minor backport needed for Trusty since a
couple of helpers are not present in 3.13. Compile tested.
Already fixed in Xenial as part as one of the upstream stable updates.
Jann Horn (1):
scsi: sg: mitigate read/write abuse
drivers/scsi/sg.c | 42 ++++++++++++++++++++++++++++++++++++++++--
1 file changed, 40 insertions(+), 2 deletions(-)
--
2.17.1
More information about the kernel-team
mailing list