Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 624770 (CVE-2016-10150) - sys-kernel/gentoo-sources: denial of service (host OS crash) or possibly gain privileges via crafted ioctl calls
Summary: sys-kernel/gentoo-sources: denial of service (host OS crash) or possibly gain...
Status: CONFIRMED
Alias: CVE-2016-10150
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Kernel Security
URL: https://www.cvedetails.com/cve/CVE-20...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-07-12 19:13 UTC by Christopher Díaz Riveros (RETIRED)
Modified: 2017-07-13 15:41 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-07-12 19:13:54 UTC
From $URL:

Use-after-free vulnerability in the kvm_ioctl_create_device function in virt/kvm/kvm_main.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of service (host OS crash) or possibly gain privileges via crafted ioctl calls on the /dev/kvm device.

References:

https://github.com/torvalds/linux/commit/a0f1d21c1ccb1da66629627a74059dd7f5ac9c61
http://www.securityfocus.com/bid/95672
BID 95672 Linux Kernel CVE-2016-10150 Denial of Service Vulnerability 
https://bugzilla.redhat.com/show_bug.cgi?id=1414506 
http://www.openwall.com/lists/oss-security/2017/01/18/10
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a0f1d21c1ccb1da66629627a74059dd7f5ac9c61 
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.13 CONFIRM
Comment 1 dwfreed 2017-07-12 19:50:09 UTC
This bug does not exist in any currently available gentoo-sources version.  The fixed kernel was released 7 months ago, and the only stable branch that contained this bug was EOLed 6 months ago.
Comment 2 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-07-12 20:43:52 UTC
It would be a good idea to clean the metadata from the package, I didn't know wich one of them still stable 

thanks
Comment 3 Kristian Fiskerstrand gentoo-dev Security 2017-07-13 15:41:55 UTC
(In reply to dwfreed from comment #1)
> This bug does not exist in any currently available gentoo-sources version. 
> The fixed kernel was released 7 months ago, and the only stable branch that
> contained this bug was EOLed 6 months ago.

For posterity (it would be helpful if comments like these were specific to begin with); I take it by EOLed you mean upstream? Would you happen to have information in which versions of the various stable branches this is fixed in? and if we still have a branch stable that is EOLed we likely want to consider a package mask, or at least cleaning the versions from the gentoo repository.