From: Ben Hutchings <b...@decadent.org.uk>
Date: Wed, 20 Apr 2016 23:23:08 +0100
> atl2 includes NETIF_F_SG in hw_features even though it has no support
> for non-linear skbs. This bug was originally harmless since the
> driver does not claim to implement checksum offload and that used to
> be a requirement for SG.
>
> Now that SG and checksum offload are independent features, if you
> explicitly enable SG *and* use one of the rare protocols that can use
> SG without checkusm offload, this potentially leaks sensitive
> information (before you notice that it just isn't working). Therefore
> this obscure bug has been designated CVE-2016-2117.
>
> Reported-by: Justin Yackoski <jyacko...@crypto-nite.com>
> Signed-off-by: Ben Hutchings <b...@decadent.org.uk>
> Fixes: ec5f06156423 ("net: Kill link between CSUM and SG features.")
Applied and queued up for -stable, thanks.
