2016-03-28 23:53:51

by Jeffrey Vander Stoep

Subject: Patch for CVE-2016-0774 missing from stable 3.4 and 3.10 kernels

https://lkml.org/lkml/2016/2/23/812 "pipe: Fix buffer offset after
partially failed read" is missing from the stable 3.4.y and 3.10.y
kernels. It has been included in 3.2.y and 3.14.y.

I am able to cause a kernel panic without this patch.

Regards,
Jeff Vander Stoep

2016-03-29 08:27:06

by Zefan Li

Subject: Re: Patch for CVE-2016-0774 missing from stable 3.4 and 3.10 kernels

On 2016/3/29 7:53, Jeffrey Vander Stoep wrote:
> https://lkml.org/lkml/2016/2/23/812 "pipe: Fix buffer offset after
> partially failed read" is missing from the stable 3.4.y and 3.10.y
> kernels. It has been included in 3.2.y and 3.14.y.
>
> I am able to cause a kernel panic without this patch.
>

I'll queue it up for 3.4.y. Thanks!

2016-03-29 13:34:38

by Willy Tarreau

Subject: Re: Patch for CVE-2016-0774 missing from stable 3.4 and 3.10 kernels

On Mon, Mar 28, 2016 at 04:53:48PM -0700, Jeffrey Vander Stoep wrote:
> https://lkml.org/lkml/2016/2/23/812 "pipe: Fix buffer offset after
> partially failed read" is missing from the stable 3.4.y and 3.10.y
> kernels. It has been included in 3.2.y and 3.14.y.
>
> I am able to cause a kernel panic without this patch.

Greg, don't bother with it, I'll handle it.

Willy