From mboxrd@z Thu Jan 1 00:00:00 1970 From: Greg Kroah-Hartman Subject: Re: Fixing CVE-2017-16939 in v4.4.y and possibly v3.18.y Date: Fri, 1 Dec 2017 15:09:23 +0000 Message-ID: <20171201150923.GA6185@kroah.com> References: <20171130183740.GA20343@roeck-us.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: netdev@vger.kernel.org, stable@vger.kernel.org To: Guenter Roeck Return-path: Received: from mail.linuxfoundation.org ([140.211.169.12]:35166 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753115AbdLAPJW (ORCPT ); Fri, 1 Dec 2017 10:09:22 -0500 Content-Disposition: inline In-Reply-To: <20171130183740.GA20343@roeck-us.net> Sender: netdev-owner@vger.kernel.org List-ID: On Thu, Nov 30, 2017 at 10:37:40AM -0800, Guenter Roeck wrote: > Hi, > > The fix for CVE-2017-16939 has been applied to v4.9.y, but not to v4.4.y > and older kernels. However, I confirmed that running the published POC > (see https://blogs.securiteam.com/index.php/archives/3535) does crash a 4.4 > kernel. > > I confirmed that the following two patches fix the problem in v4.4.y. > Please consider applying them to v4.4.y (and possibly v3.18.y). > > fc9e50f5a5a4e ("netlink: add a start callback for starting a netlink dump") > 1137b5e2529a8 ("ipsec: Fix aborted xfrm policy dump crash") > > My apologies for the noise if this is already under consideration. Ah, thanks for this, I had tried this a few times, and asked around, but missed that just adding the first patch here would solve the issue. Both are now queued up, thanks for bringing this up again. greg k-h