[Kernel-packages] [Bug 1708714] Re: scsi: hisi_sas: add null check before indirect pointer dereference

Wed, 16 Aug 2017 00:56:50 -0700 

This bug was fixed in the package linux - 4.12.0-11.12

---------------
linux (4.12.0-11.12) artful; urgency=low

  * linux: 4.12.0-11.12 -proposed tracker (LP: #1709929)

  * CVE-2017-1000111
    - packet: fix tp_reserve race in packet_set_ring

  * CVE-2017-1000112
    - udp: consistently apply ufo or fragmentation

  * Please only recommend or suggest initramfs-tools | linux-initramfs-tool for
    kernels able to boot without initramfs (LP: #1700972)
    - Revert "UBUNTU: [Debian] Don't depend on initramfs-tools"
    - [Debian] Don't depend on initramfs-tools

  * Miscellaneous Ubuntu changes
    - SAUCE: (noup) Update spl to 0.6.5.11-ubuntu1, zfs to 0.6.5.11-1ubuntu3
    - SAUCE: powerpc: Always initialize input array when calling 
epapr_hypercall()

  * Miscellaneous upstream changes
    - selftests: typo correction for memory-hotplug test
    - selftests: check hot-pluggagble memory for memory-hotplug test
    - selftests: check percentage range for memory-hotplug test
    - selftests: add missing test name in memory-hotplug test
    - selftests: fix memory-hotplug test

 -- Seth Forshee <[email protected]>  Thu, 10 Aug 2017 13:37:00
-0500

** Changed in: linux (Ubuntu)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-1000111

** CVE added: https://cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-1000112

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1708714

Title:
  scsi: hisi_sas: add null check before indirect pointer dereference

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Zesty:
  Fix Committed

Bug description:
  [Impact]
  Coverity scanning discovered a potential NULL dereference in this driver. 
Though I'm unaware of anyone hitting it in practice, it is an obvious bug.

  [Test Case]
  There is no known reproducer for this, so it can only be regression tested.

  [Regression Risk]
  The fix is localized to a driver and is a clean cherry pick from upstream.
  The bug fix looks straightforward - don't dereference the pointer if it is 
NULL. The only regression theory I have would be if this means that, instead of 
crashing, we now execute code that is *worse* than crashing (e.g. resulting in 
corruption, etc).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1708714/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to