Page MenuHomeVyOS Platform
Create Task
Maniphest T176

Kernel: CVE-2016-5195
Closed, ResolvedPublic
Actions

Description

There is a kernel privilege escalation bug that has been identified in many kernel. Not sure if the current release of VyOS is vulnerable. Can someone check? Thanks.

You can see more here:

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.3

and here:

http://dirtycow.ninja/

Details

Difficulty level
Normal (likely a few hours)
Version
-

Event Timeline

motoak created this task.Oct 21 2016, 4:16 AM
motoak updated the task description. (Show Details)
syncer assigned this task to dmbaturin.Nov 5 2016, 12:21 PM
syncer lowered the priority of this task from Unbreak Now! to High.
syncer added a project: VyOS 1.1.x.
syncer added subscribers: VyOS 1.1.x, syncer.

We should include fix in 1.1.8

syncer reassigned this task from dmbaturin to higebu.Aug 21 2017, 2:35 AM
syncer changed the edit policy from "Public (No Login Required)" to "Custom Policy".
syncer edited projects, added VyOS 1.1.x (1.1.8); removed VyOS 1.1.x.
syncer set Version to -.
syncer added a project: VyOS 1.2 Crux.
syncer edited subscribers, added: Maintainers; removed: syncer, VyOS 1.1.x.
syncer added a subscriber: dmbaturin.

Another CVE considered for 1.1.8

higebu changed the task status from Open to In progress.Aug 21 2017, 5:13 AM

Fix for 1.1.8: https://github.com/vyos/vyos-kernel/commit/b080c57a1f0f005e0b6c20de67fc0add4d4a3294

higebu moved this task from Needs Triage to In Progress on the VyOS 1.1.x (1.1.8) board.Aug 21 2017, 5:13 AM
c-po added a subscriber: c-po.Aug 28 2017, 12:25 PM

Fixed in Kernel 4.4.26. VyOS 1.2.x (development) uses 4.4.47.

syncer moved this task from Need Triage to In Progress on the VyOS 1.2 Crux board.Aug 28 2017, 12:34 PM
c-po added a comment.Sep 3 2017, 9:17 AM

Tag VyOS 1.2.x should be removed as CVE is already fixed.

syncer moved this task from In Progress to Finished on the VyOS 1.2 Crux board.Sep 3 2017, 11:52 AM

Just added Finished Board for 1.2.x project
we likely will keep all there before include it in some milestone release

UnicronNL moved this task from In Progress to Finished on the VyOS 1.1.x (1.1.8) board.Sep 6 2017, 8:12 AM
UnicronNL added subscribers: syncer, UnicronNL.

@syncer can we close this task? see @higebu fix..

UnicronNL moved this task from Finished to In Progress on the VyOS 1.1.x (1.1.8) board.Sep 6 2017, 8:15 AM
syncer closed this task as Resolved.Sep 6 2017, 1:46 PM
syncer moved this task from In Progress to Finished on the VyOS 1.1.x (1.1.8) board.

Resolving this and moving to finished

syncer removed a project: VyOS 1.2 Crux.Oct 15 2018, 11:50 PM