blob: fb881dc555ca1580cb71e90a4618b70ef37ec05e (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
Description: Race condition vulnerability in VOP driver
References:
Notes:
From Red Hat Bugzilla: The VOP driver is "new" in the 4.6 kernel only
in that the functionality was moved out of the host MIC driver into a
new driver entirely with commit
61e9c905df78c253752971e200f0ac6d8667dda6. Prior to that, the
functionality was in the drivers/misc/mic/host/mic_virtio.c host driver,
which was introduced with commit f69bcbf3b4c4 (v3.13).
.
If you look at versions of the kernel prior to 4.6, you will see the
code sequence that is fixed by the mentioned upstream patch is still in
the host driver in the mic_copy_dp_entry function. That needs to be
patched with a similar fix.
.
Introduced in 3.13-rc1 with f69bcbf3b4c4b333dcd7a48eaf868bf0c88edab5
Bugs:
https://bugzilla.kernel.org/show_bug.cgi?id=116651
upstream: released (4.7-rc1) [9bf292bfca94694a721449e3fd752493856710f6]
3.16-upstream-stable: released (3.16.37) [misc-mic-fix-for-double-fetch-security-bug-in-vop-driver.patch]
3.2-upstream-stable: N/A "Vulnerable code introduced in 3.13-rc1 with f69bcbf3b4c4b333dcd7a48eaf868bf0c88edab5"
sid: released (4.6.1-1) [2a9369456a384d84c521c8ebb48d247e8738f84f]
3.16-jessie-security: released (3.16.7-ckt25-2+deb8u3) [bugfix/x86/misc-mic-fix-for-double-fetch-security-bug-in-vop-dr.patch]
3.2-wheezy-security: N/A "Vulnerable code not present"
|