lp:~cascardo/ubuntu/+source/linux/+git/yakkety

Get this repository:
git clone https://git.launchpad.net/~cascardo/ubuntu/+source/linux/+git/yakkety
Only Thadeu Lima de Souza Cascardo can upload to this repository. If you are Thadeu Lima de Souza Cascardo please log in for upload directions.

Branches

Name Last Modified Last Commit
raspi2 2017-02-03 15:50:57 UTC 2017-02-03
UBUNTU: Ubuntu-raspi2-4.8.0-1025.28

Author: Thadeu Lima de Souza Cascardo
Author Date: 2017-02-03 15:50:57 UTC

UBUNTU: Ubuntu-raspi2-4.8.0-1025.28

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>

master-next 2017-02-02 13:21:49 UTC 2017-02-02
UBUNTU: Ubuntu-4.8.0-38.40

Author: Thadeu Lima de Souza Cascardo
Author Date: 2017-02-02 13:21:49 UTC

UBUNTU: Ubuntu-4.8.0-38.40

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>

respin 2017-01-25 19:27:02 UTC 2017-01-25
UBUNTU: Ubuntu-4.8.0-37.39

Author: Thadeu Lima de Souza Cascardo
Author Date: 2017-01-25 18:17:17 UTC

UBUNTU: Ubuntu-4.8.0-37.39

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>

cve20169919 2016-12-12 14:57:24 UTC 2016-12-12
net: handle no dst on skb in icmp6_send

Author: David Ahern
Author Date: 2016-11-28 02:52:53 UTC

net: handle no dst on skb in icmp6_send

BugLink: https://launchpad.net/bugs/1648662

Andrey reported the following while fuzzing the kernel with syzkaller:

kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
Modules linked in:
CPU: 0 PID: 3859 Comm: a.out Not tainted 4.9.0-rc6+ #429
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
task: ffff8800666d4200 task.stack: ffff880067348000
RIP: 0010:[<ffffffff833617ec>] [<ffffffff833617ec>]
icmp6_send+0x5fc/0x1e30 net/ipv6/icmp.c:451
RSP: 0018:ffff88006734f2c0 EFLAGS: 00010206
RAX: ffff8800666d4200 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: dffffc0000000000 RDI: 0000000000000018
RBP: ffff88006734f630 R08: ffff880064138418 R09: 0000000000000003
R10: dffffc0000000000 R11: 0000000000000005 R12: 0000000000000000
R13: ffffffff84e7e200 R14: ffff880064138484 R15: ffff8800641383c0
FS: 00007fb3887a07c0(0000) GS:ffff88006cc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000000 CR3: 000000006b040000 CR4: 00000000000006f0
Stack:
 ffff8800666d4200 ffff8800666d49f8 ffff8800666d4200 ffffffff84c02460
 ffff8800666d4a1a 1ffff1000ccdaa2f ffff88006734f498 0000000000000046
 ffff88006734f440 ffffffff832f4269 ffff880064ba7456 0000000000000000
Call Trace:
 [<ffffffff83364ddc>] icmpv6_param_prob+0x2c/0x40 net/ipv6/icmp.c:557
 [< inline >] ip6_tlvopt_unknown net/ipv6/exthdrs.c:88
 [<ffffffff83394405>] ip6_parse_tlv+0x555/0x670 net/ipv6/exthdrs.c:157
 [<ffffffff8339a759>] ipv6_parse_hopopts+0x199/0x460 net/ipv6/exthdrs.c:663
 [<ffffffff832ee773>] ipv6_rcv+0xfa3/0x1dc0 net/ipv6/ip6_input.c:191
 ...

icmp6_send / icmpv6_send is invoked for both rx and tx paths. In both
cases the dst->dev should be preferred for determining the L3 domain
if the dst has been set on the skb. Fallback to the skb->dev if it has
not. This covers the case reported here where icmp6_send is invoked on
Rx before the route lookup.

Fixes: 5d41ce29e ("net: icmp6_send should use dst dev to determine L3 domain")
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 79dc7e3f1cd323be4c81aa1a94faa1b3ed987fb2)
CVE-2016-9919
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>

14 of 4 results
This repository contains Public information 
Everyone can see this information.