From: Sasha Levin <sasha.levin@oracle.com>
To: Jiri Slaby <jslaby@suse.cz>, LKML <linux-kernel@vger.kernel.org>,
stable <stable@vger.kernel.org>
Cc: lwn@lwn.net
Subject: Re: stable-security kernel updates
Date: Thu, 21 Apr 2016 07:11:57 -0400 [thread overview]
Message-ID: <5718B57D.4000504@oracle.com> (raw)
In-Reply-To: <571876AB.2060106@suse.cz>
[-- Attachment #1.1: Type: text/plain, Size: 2237 bytes --]
On 04/21/2016 02:43 AM, Jiri Slaby wrote:
> On 04/20/2016, 09:50 PM, Sasha Levin wrote:
>> Updates for stable-security kernels have been released:
>>
>> - v3.12.58-security
>
> I suggest nobody uses that kernel.
>
> That tree does not make much sense to me. For example, what's the
> purpose of "kernel: Provide READ_ONCE and ASSIGN_ONCE" (commit
> 230fa253df6352af12ad0a16128760b5cb3f92df upstream) without actually
> using the added macros (this commit was only a prerequisite)?
Looking at this, I believe that my scripts failed to merge the
follow up commit, and I missed that. I'll improve this so it won't
happen in the future. Thank you for this report.
> Ok, not that bad, it is only unused code, but why are *not* these in the
> security tree?
> ipr: Fix out-of-bounds null overwrite
Is there a particular way to exploit this that I'm missing?
> Input: powermate - fix oops with malicious USB descriptors
This requires physical access to the machine.
> rapidio/rionet: fix deadlock on SMP
Seemed a bit borderline I suppose. There's nothing specific the
user can do to actually trigger this?
Another thing to note here is that security patch selection database
is shared between versions, so if a given commit gets marked as security
later on (someone figured out it's a CVE or something similar), it'll
get added to the stable-security tree even if it was initially skipped.
So I've also ended up auditing the 3.12 for missing CVE fixes and these
ones ended up being at the top of the list. Could you explain why they
are not in the 3.12 stable tree (and as a result can't get to users of
the corresponding stable-security tree)?
(CVE-2015-7513) 0185604 KVM: x86: Reload pit counters for all channels when restoring state
(CVE-2015-8539) 096fe9e KEYS: Fix handling of stored error in a negatively instantiated user key
(CVE-2016-2085) 613317b EVM: Use crypto_memneq() for digest comparisons
So while the stable-security tree might be missing commits that might
or might not have security impact, it seems the 3.12 tree itself is
missing fixes for privilege escalation CVEs from last year. Should I
be recommending that no one uses 3.12?
Thanks,
Sasha
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
next prev parent reply other threads:[~2016-04-21 11:12 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-20 19:50 stable-security kernel updates Sasha Levin
2016-04-21 6:43 ` Jiri Slaby
2016-04-21 7:11 ` Willy Tarreau
2016-04-21 11:27 ` Sasha Levin
2016-04-21 12:36 ` Greg KH
2016-04-21 14:01 ` Sasha Levin
2016-04-21 14:12 ` Willy Tarreau
2016-04-21 11:11 ` Sasha Levin [this message]
2016-04-21 11:59 ` Jiri Slaby
2016-04-21 12:05 ` Jiri Slaby
2016-04-21 12:39 ` Greg KH
2016-04-21 12:50 ` Willy Tarreau
2016-04-21 13:54 ` Sasha Levin
2016-04-21 14:13 ` Jiri Slaby
2016-04-21 14:19 ` Willy Tarreau
2016-04-21 14:27 ` Sasha Levin
2016-04-21 14:33 ` Willy Tarreau
2016-04-25 23:14 ` Ben Hutchings
2016-04-26 4:40 ` Willy Tarreau
2016-04-21 13:53 ` Sasha Levin
2016-04-21 14:54 ` Jiri Slaby
2016-04-21 15:50 ` Sasha Levin
2016-04-21 19:32 ` Sasha Levin
2016-04-21 12:26 ` Bjørn Mork
2016-04-21 12:56 ` Willy Tarreau
2016-04-21 14:16 ` Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5718B57D.4000504@oracle.com \
--to=sasha.levin@oracle.com \
--cc=jslaby@suse.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=lwn@lwn.net \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).