[Trusty SRU][PATCH 0/2] Fix for CVE-2016-10044

Kleber Sacilotto de Souza kleber.souza at canonical.com
Mon Sep 4 17:54:32 UTC 2017

Fixes for CVE-2016-10044 for Trusty, the only currently supported
series that still needs the fix.

The first patch needed to be backported as well as prerequisite,
since it's where the SB_I_NOEXEC flag and the enforcement for
non-executable files on proc and sysfs was introduced.

The second patch is the one that actually fixes the CVE. It
needed a small change since 8dc4379 (aio: use the macro rather
than the inline magic number) is missing on Trusty, so I just
replaced the inline by the macro on the backport.

The fix was tested with the testcase from the commit message of
the second patch.

Jann Horn (1):
  aio: mark AIO pseudo-fs noexec

 fs/aio.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)


More information about the kernel-team mailing list