NACK: [Vivid][Utopic][CVE-2015-400{1,2,3}][PATCH 0/4] ozwpan driver CVEs
Luis Henriques
luis.henriques at canonical.com
Tue Jun 9 19:13:02 UTC 2015
On Tue, Jun 09, 2015 at 11:57:03AM -0700, Kamal Mostafa wrote:
> On Tue, 2015-06-09 at 16:28 +0100, Luis Henriques wrote:
> > Following this email I am sending the fixes for utopic and vivid for 3
> > CVEs in the ozwpan driver: CVE-2015-4001, CVE-2015-4002 and
> > CVE-2015-4003.
> >
> > Jason A. Donenfeld (4):
> > ozwpan: Use unsigned ints to prevent heap overflow
> > ozwpan: divide-by-zero leading to panic
> > ozwpan: Use proper check to prevent heap overflow
> > ozwpan: unchecked signed subtraction leads to DoS
> >
> > drivers/staging/ozwpan/ozhcd.c | 8 ++++----
> > drivers/staging/ozwpan/ozusbif.h | 4 ++--
> > drivers/staging/ozwpan/ozusbsvc1.c | 19 ++++++++++++++-----
> > 3 files changed, 20 insertions(+), 11 deletions(-)
> >
>
> The first patch ("Use unsigned ints") does not apply cleanly to vivid or
> 3.19-stable.
>
> Note that a straight cherry-pick of that upstream commit of all four
> would apply fine to 3.19-based kernels though (and that's what I'll
> queue for 3.19-stable).
>
> please re-send for Vivid and Utopic separately.
>
Thank you for spotting this. I was pretty sure I had verified they
applied cleanly for both series... but I guess I didn't :-)
Anyway, I'll be sending the patches for the two series separately in a
minute.
Cheers,
--
Luís
More information about the kernel-team
mailing list