ACK: [CVE-2016-3951][t,u,v,w][PATCH 0/1] usbnet: memory corruption triggered by invalid USB descriptor
Kamal Mostafa
kamal at canonical.com
Wed Apr 20 15:59:45 UTC 2016
ACK for {t,u,v,w} and also queuing up for 3.19-stable and 4.2-stable.
-Kamal
On Wed, Apr 20, 2016 at 11:04:27AM +0100, Luis Henriques wrote:
> The full fix for CVE-2016-3951 is composed by two commits:
>
> 4d06dd537f95 ("cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind")
> 1666984c8625 ("usbnet: cleanup after bind() in probe()")
>
> The first one is already applied to all the relevant kernel trees (except
> xenial) as it was tagged for stable. The 2nd fix follows this email and
> is a clean cherry-pick.
>
> (xenial fix will be sent separately.)
>
> Oliver Neukum (1):
> usbnet: cleanup after bind() in probe()
>
> drivers/net/usb/usbnet.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
More information about the kernel-team
mailing list