APPLIED[D] / NAK[Unstable]: [PATCH 0/1][SRU][D/Unstable] CVE-2018-16880 - vhost_net out-of-bounds write
Seth Forshee
seth.forshee at canonical.com
Tue Feb 5 20:25:11 UTC 2019
On Tue, Feb 05, 2019 at 12:53:51PM -0600, Tyler Hicks wrote:
> On 2019-02-05 12:50:18, Seth Forshee wrote:
> > On Mon, Feb 04, 2019 at 09:03:35PM +0000, Tyler Hicks wrote:
> > > https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16880.html
> > >
> > > A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net]
> > > driver. A malicious virtual guest, under specific conditions, can trigger an
> > > out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a
> > > kernel memory corruption and a system panic. Due to the nature of the flaw,
> > > privilege escalation cannot be fully ruled out. Versions from v4.16 and newer
> > > are vulnerable.
> > >
> > > This is a clean cherry pick to Disco and Unstable. I've ensured that there are
> > > no new build warnings and smoke tested this patch by boot testing in a VM.
> >
> > Applied to disco/master-next. We've already picked up this fix in
> > unstable when rebasing to 5.0-rc5. Thanks!
>
> Oh, I got confused by the master-next branch of the unstable tree. I now
> see that it is lagging behind the master branch.
Yeah, that got pushed there mistakenly at some point, we don't use a
master-next branch on unstable. I've deleted it to avoid confustion in
the future.
Seth
More information about the kernel-team
mailing list