2015-10-15, 14:25:03 +0200, Sabrina Dubroca wrote:
> Without this length argument, we can read past the end of the iovec in
> memcpy_toiovec because we have no way of knowing the total length of the
> iovec's buffers.
>
> This is needed for stable kernels where 89c22d8c3b27 ("net: Fix skb
> csum races when peeking") has been backported but that don't have the
> ioviter conversion, which is almost all the stable trees <= 3.18.
>
> This also fixes a kernel crash for NFS servers when the client uses
> -onfsvers=3,proto=udp to mount the export.
>
> Signed-off-by: Sabrina Dubroca <sd@xxxxxxxxxxxxxxx>
> Reviewed-by: Hannes Frederic Sowa <hannes@xxxxxxxxxxxxxxxxxxx>
Fixes CVE-2015-8019.
http://www.openwall.com/lists/oss-security/2015/10/29/1
--
Sabrina
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html