578060 – sys-kernel/gentoo-sources: arbitrary code execution in usb-midi driver (CVE-2016-2384)

Bug 578060 - sys-kernel/gentoo-sources: arbitrary code execution in usb-midi driver (CVE-2016-2384)

Summary: sys-kernel/gentoo-sources: arbitrary code execution in usb-midi driver (CVE-2...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	Normal major (vote)
Assignee:	Gentoo Kernel Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2016-03-23 09:37 UTC by bugs-gentoo01
Modified:	2022-03-25 22:48 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Ebuild (gentoo-sources-4.1.15-r2.tar.bz2,1.38 KB, application/x-bzip) 2016-03-23 09:37 UTC, bugs-gentoo01	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description bugs-gentoo01 2016-03-23 09:37:00 UTC

Created attachment 428802 [details]
Ebuild

Kernel Vulnerability CVE-2016-2384 [1].
The patch [2] can be applied to to current stable gentoo-sources.
I've attached an updated version of the ebuild.

[1] https://xairy.github.io/blog/2016/cve-2016-2384
[2] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/patch/?id=07d86ca93db7e5cdf4743564d98292042ec21af7

Comment 1 John Helmert III archtester

2022-03-25 22:48:03 UTC

Fix in 4.5.