Re: Please apply dd83c161fbcc ("kernel/exit.c: avoid undefined behaviour when calling wait4()") to v4.9.y and older

18 May 2018


      On Fri, May 18, 2018 at 04:52:07PM +0200, Greg Kroah-Hartman wrote:
...
On Fri, May 18, 2018 at 06:47:46AM -0700, Guenter Roeck wrote:
...
Hi Greg,
please apply commit dd83c161fbc ("kernel/exit.c: avoid undefined behaviour when calling wait4()")
to v4.9.y and older to fix CVE-2018-10087.
Odd no one asked for that one to be backported before :(
Not entirely surprising. The patch is from July 2017, it wasn't marked
for stable, and the CVE has been created only recently (04/13/2018).
CVE severity and the reference to the upstream commit were added
yesterday, which caused our CVE tracker to barf at me.
Guenter

2024

2023

2022

2021

2020

2019

2018

2017

Re: Please apply dd83c161fbcc ("kernel/exit.c: avoid undefined behaviour when calling wait4()") to v4.9.y and older