[Trusty SRU][PATCH 0/2] Fix for CVE-2016-10044
Kleber Sacilotto de Souza
kleber.souza at canonical.com
Mon Sep 4 17:54:32 UTC 2017
Fixes for CVE-2016-10044 for Trusty, the only currently supported
series that still needs the fix.
The first patch needed to be backported as well as prerequisite,
since it's where the SB_I_NOEXEC flag and the enforcement for
non-executable files on proc and sysfs was introduced.
The second patch is the one that actually fixes the CVE. It
needed a small change since 8dc4379 (aio: use the macro rather
than the inline magic number) is missing on Trusty, so I just
replaced the inline by the macro on the backport.
The fix was tested with the testcase from the commit message of
the second patch.
Jann Horn (1):
aio: mark AIO pseudo-fs noexec
fs/aio.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
More information about the kernel-team