fix handling of F_OFD_... in oabi_fcntl64() in kernel critical CVE-2015-8966 [released]

Tracked by Jolla (In release)

asked 2017-04-26 11:52:00 +0300

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2017-04-26 11:52:00 +0300

lpr gravatar image

Description

arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 4.4 allows local users to gain privileges via a crafted (1) F_OFD_GETLK, (2) F_OFD_SETLK, or (3) F_OFD_SETLKW command in an fcntl64 system call.

CVSS v3 Base Score: 7.8 High

This patch should fix it.

File affected: kernel-adaptation-sbj-3.4.108.20161101.1/arch/arm/kernel/sys_oabi-compat.c lines 193-244

edit retag flag offensive reopen delete

The question has been closed for the following reason "released in a software update" by lpr
close date 2017-06-14 17:58:35.693802

Comments

released in 2.1.1.12/Jämsänjoki

lpr ( 2017-06-14 17:58:17 +0300 )edit