This bug was fixed in the package linux - 4.12.0-11.12 --------------- linux (4.12.0-11.12) artful; urgency=low
* linux: 4.12.0-11.12 -proposed tracker (LP: #1709929) * CVE-2017-1000111 - packet: fix tp_reserve race in packet_set_ring * CVE-2017-1000112 - udp: consistently apply ufo or fragmentation * Please only recommend or suggest initramfs-tools | linux-initramfs-tool for kernels able to boot without initramfs (LP: #1700972) - Revert "UBUNTU: [Debian] Don't depend on initramfs-tools" - [Debian] Don't depend on initramfs-tools * Miscellaneous Ubuntu changes - SAUCE: (noup) Update spl to 0.6.5.11-ubuntu1, zfs to 0.6.5.11-1ubuntu3 - SAUCE: powerpc: Always initialize input array when calling epapr_hypercall() * Miscellaneous upstream changes - selftests: typo correction for memory-hotplug test - selftests: check hot-pluggagble memory for memory-hotplug test - selftests: check percentage range for memory-hotplug test - selftests: add missing test name in memory-hotplug test - selftests: fix memory-hotplug test -- Seth Forshee <seth.fors...@canonical.com> Thu, 10 Aug 2017 13:37:00 -0500 ** Changed in: linux (Ubuntu) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi- bin/cvename.cgi?name=2017-1000111 ** CVE added: https://cve.mitre.org/cgi- bin/cvename.cgi?name=2017-1000112 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1708714 Title: scsi: hisi_sas: add null check before indirect pointer dereference Status in linux package in Ubuntu: Fix Released Status in linux source package in Zesty: Fix Committed Bug description: [Impact] Coverity scanning discovered a potential NULL dereference in this driver. Though I'm unaware of anyone hitting it in practice, it is an obvious bug. [Test Case] There is no known reproducer for this, so it can only be regression tested. [Regression Risk] The fix is localized to a driver and is a clean cherry pick from upstream. The bug fix looks straightforward - don't dereference the pointer if it is NULL. The only regression theory I have would be if this means that, instead of crashing, we now execute code that is *worse* than crashing (e.g. resulting in corruption, etc). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1708714/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp