This bug was fixed in the package linux - 3.13.0-144.193
---------------
linux (3.13.0-144.193) trusty; urgency=medium
* linux: 3.13.0-144.193 -proposed tracker (LP: #1755227)
* CVE-2017-12762
- isdn/i4l: fix buffer overflow
* CVE-2017-17807
- KEYS: add missing permission check for request_key() destination
* bnx2x_attn_int_deasserted3:4323 MC assert! (LP: #1715519) //
CVE-2018-1000026
- net: Add ndo_gso_check
- net: create skb_gso_validate_mac_len()
- bnx2x: disable GSO where gso_size is too big for hardware
* CVE-2017-17448
- netfilter: nfnetlink_cthelper: Add missing permission checks
* CVE-2017-11089
- cfg80211: Define nla_policy for NL80211_ATTR_LOCAL_MESH_POWER_MODE
* CVE-2018-5332
- RDS: Heap OOB write in rds_message_alloc_sgs()
* ppc64el: Do not call ibm,os-term on panic (LP: #1736954)
- powerpc: Do not call ppc_md.panic in fadump panic notifier
* CVE-2017-17805
- crypto: salsa20 - fix blkcipher_walk API usage
* [Hyper-V] storvsc: do not assume SG list is continuous when doing bounce
buffers (LP: #1742480)
- SAUCE: storvsc: do not assume SG list is continuous when doing bounce
buffers
* Shutdown hang on 16.04 with iscsi targets (LP: #1569925)
- scsi: libiscsi: Allow sd_shutdown on bad transport
* CVE-2017-17741
- KVM: Fix stack-out-of-bounds read in write_mmio
* CVE-2017-5715 (Spectre v2 Intel)
- [Packaging] pull in retpoline files
-- Stefan Bader <[email protected]> Thu, 15 Mar 2018 15:08:03
+0100
** Changed in: linux (Ubuntu Trusty)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-11089
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12762
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-17448
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-17741
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-17805
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-17807
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5715
** CVE added: https://cve.mitre.org/cgi-
bin/cvename.cgi?name=2018-1000026
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-5332
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1742480
Title:
[Hyper-V] storvsc: do not assume SG list is continuous when doing
bounce buffers
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Trusty:
Fix Released
Bug description:
All linux kernels 4.1 and prior use bounce buffers, and there is a
data corruption vulnerability on Hyper-V without the following patch.
storvsc checks the SG list for gaps before passing them to Hyper-v device.
If there are gaps, data is copied to a bounce buffer and a continuous data
buffer is passed to Hyper-V.
The check on gaps assumes SG list is continuous, and not chained. This is
not always true. Failing the check may result in incorrect I/O data
passed to the Hyper-v device.
This code path is not used post Linux 4.1.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1742480/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
