[CVE-2016-5400] memory leak in airspy usb driver

Luis Henriques luis.henriques at canonical.com
Wed Jul 27 14:46:50 UTC 2016

Following this email, I am sending the fix for CVE-2016-5400 for all the
series.  It's a clean cherry-pick for all the series except for Precise, because
a few commits were missing:

 - commit 9a0bf528b4d6 ("[media] move the dvb/frontends to
   drivers/media/dvb-frontends") moved code around, so the files were in
   different places

 - commit dd4493ef34cb ("[media] mb86a20s: Function reorder") restructured the
   code and actually introduced the "if (val < 0)" check.  I've decided to add
   this check to the backport as the fix would be a noop without it.

Colin Ian King (1):
  [media] mb86a20s: apply mask to val after checking for read failure

 drivers/media/dvb/frontends/mb86a20s.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

More information about the kernel-team mailing list