No public reproduction documentation has been provided for this CVE (that I can find). However, I verified the change is in the 3.13.0-119.166 kernel source.
** Tags removed: verification-needed-trusty ** Tags added: verification-done-trusty ** Tags removed: sts-sru -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1687107 Title: CVE-2016-8645: Linux kernel mishandles socket buffer (skb) truncation Status in linux package in Ubuntu: In Progress Status in linux source package in Trusty: Fix Committed Bug description: [Impact] From CVE description: https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8645.html "The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c." [Test Case] See references in the CVE page. [Regression Potential] This modifies the code that handles all tcp packets, so it could cause problems with network traffic, although unlikely since it's been applied upstream and to various stable kernels (but not the 3.13.y stable branch). [Other Info] The patch appears to have been pulled into xenial through the 4.4.y stable tree, but it doesn't appear that the patch will be applied to the 3.13.y stable tree, so this bug is track manually adding the patch. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1687107/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
