On Fri, May 18, 2018 at 04:52:07PM +0200, Greg Kroah-Hartman wrote:
> On Fri, May 18, 2018 at 06:47:46AM -0700, Guenter Roeck wrote:
> > Hi Greg,
> >
> > please apply commit dd83c161fbc ("kernel/exit.c: avoid undefined behaviour when calling wait4()")
> > to v4.9.y and older to fix CVE-2018-10087.
>
> Odd no one asked for that one to be backported before :(
>
Not entirely surprising. The patch is from July 2017, it wasn't marked
for stable, and the CVE has been created only recently (04/13/2018).
CVE severity and the reference to the upstream commit were added
yesterday, which caused our CVE tracker to barf at me.
Guenter
