From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
Received: from mail-pl0-f68.google.com ([209.85.160.68]:41518 "EHLO
        mail-pl0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751541AbdK3Shq (ORCPT
        <rfc822;stable@vger.kernel.org>); Thu, 30 Nov 2017 13:37:46 -0500
Date: Thu, 30 Nov 2017 10:37:40 -0800
From: Guenter Roeck <linux@roeck-us.net>
To: netdev@vger.kernel.org
Cc: stable@vger.kernel.org,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: Fixing CVE-2017-16939 in v4.4.y and possibly v3.18.y
Message-ID: <20171130183740.GA20343@roeck-us.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Sender: stable-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>

Hi,

The fix for CVE-2017-16939 has been applied to v4.9.y, but not to v4.4.y
and older kernels. However, I confirmed that running the published POC
(see https://blogs.securiteam.com/index.php/archives/3535) does crash a 4.4
kernel.

I confirmed that the following two patches fix the problem in v4.4.y.
Please consider applying them to v4.4.y (and possibly v3.18.y).

fc9e50f5a5a4e ("netlink: add a start callback for starting a netlink dump")
1137b5e2529a8 ("ipsec: Fix aborted xfrm policy dump crash")

My apologies for the noise if this is already under consideration.

Thanks,
Guenter