ACK: [Trusty SRU][PATCH 0/2] Fix for CVE-2016-10044
po-hsu.lin at canonical.com
Tue Sep 5 11:28:10 UTC 2017
Built a Trusty kernel with these and got positive test result from our regression test suite too (test case: aio-cve-2016-10044)
Acked-by: Po-Hsu Lin <po-hsu.lin at canonical.com>
On Tue, Sep 5, 2017 at 1:54 AM, Kleber Sacilotto de Souza <kleber.souza at canonical.com> wrote:
> Fixes for CVE-2016-10044 for Trusty, the only currently supported
> series that still needs the fix.
> The first patch needed to be backported as well as prerequisite,
> since it's where the SB_I_NOEXEC flag and the enforcement for
> non-executable files on proc and sysfs was introduced.
> The second patch is the one that actually fixes the CVE. It
> needed a small change since 8dc4379 (aio: use the macro rather
> than the inline magic number) is missing on Trusty, so I just
> replaced the inline by the macro on the backport.
> The fix was tested with the testcase from the commit message of
> the second patch.
> Jann Horn (1):
> aio: mark AIO pseudo-fs noexec
> fs/aio.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
More information about the kernel-team