https://source.android.com/security/bulletin/2018-03-01
CVE-2016-8405
CVE-2017-13216
CVE-2017-17770
CVE-2017-15129
CVE-2017-16530
CVE-2017-16525
CVE-2017-5754
CVE-2017-16535
CVE-2017-16533
CVE-2017-16531
CVE-2017-16529

To fix build breaks (not cited in ASB):
36afa7454a553d9fc49074f2911b7c18d4c70b51 ANDROID: power: Provide dummy log_suspend_abort_reason() if SUSPEND is disabled
9a4864858407cbe4894431bfb0fe029822c2d0e1 ANDROID: rfkill: fix unused function warning
b2bcbf0b5d6ff2d53ac2932891449a1d7c6e8792 MIPS: elf2ecoff: Ignore PT_MIPS_ABIFLAGS program headers.
a74ea5f0f04338c78442efd9ad6509077d12d8ba MIPS: elf2ecoff: Fix warning due to dead code.
a85b6e0ce230dd76561211518c2c3d698637c586 PM / Suspend: use time_to_tm for printing timestamps
d618b99951e396b5036faaec01c48a9bfc9af3a2 BACKPORT: ARM: re-implement physical address space switching
4004e21e30f3166cfd76a30b35f4c8812ca379d8 UPSTREAM: ARM: keystone2: move update of the phys-to-virt constants into generic code
6b52e1023e87067c30083c5d7b41a7ab8a9bc359 Revert "ARM: 8457/1: psci-smp is built only for SMP"
packet: fix tp_reserve race in packet_set_ring


[ Upstream commit c27927e372f0785f3303e8fad94b85945e2c97b7 ]

Updates to tp_reserve can race with reads of the field in
packet_set_ring. Avoid this by holding the socket lock during
updates in setsockopt PACKET_RESERVE.

This bug was discovered by syzkaller.

Fixes: 8913336a7e8d ("packet: add PACKET_RESERVE sockopt")
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1 file changed