[Xenial][PATCH 0/9] Fix for CVE-2015-1350
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Thu Dec 7 12:06:00 UTC 2017
On Thu, Dec 07, 2017 at 03:37:48AM -0500, Khalid Elmously wrote:
> The VFS subsystem in the Linux kernel 3.x provides an incomplete set of
> requirements for setattr operations that underspecifies removing extended
> privilege attributes, which allows local users to cause a denial of service
> (capability stripping) via a failed invocation of a system call, as
> demonstrated by using chown to remove a capability from the ping or
> Wireshark dumpcap program.
One other thing: we stopped using bugs for CVEs. So, instead of a
BugLink, you should have a line as the one below all by itself. I
usually put it after the cherry-pick/backport line, right before my
SOB.
CVE-2015-1350
More information about the kernel-team
mailing list