It looks like the following commit:
197c949e7798 ("udp: properly support MSG_PEEK with truncated buffers")
did not get backported to 4.1.y stable. I do see it in 4.4.y. If the
authors of the patch are OK with this can we please get this included in
4.1.y?
FWIW the 4.4.y commit, dfe2042d96065f044a794f684e9f7976a4ca6e24, cherry-picks cleanly on top of 4.1.y.
Here's a link to the CVE info: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10229 Thanks Josh