[CVE-2015-7833] [media] usbvision: revert commit 588afcc1

Luis Henriques luis.henriques at canonical.com
Tue Sep 27 09:43:07 UTC 2016


Commit 588afcc1c0e4 ("[media] usbvision fix overflow of interfaces array")
was the initial fix for CVE-2015-7833.  This commit however had several of
issues and was reverted by upstream commit 3f2e1945a01f, which also describes
all the problems the original fix contained.

Xenial only contains the *real* fix (upstream commit fa52bd506f27), but all the
other ubuntu kernels actually include both the 'good' and the 'bad' commits.
Following this email, I am sending patches that revert the bogus commits.

Cheers,
--
Luís

Vladis Dronov (1):
  [media] usbvision: revert commit 588afcc1

 drivers/media/usb/usbvision/usbvision-video.c | 7 -------
 1 file changed, 7 deletions(-)





More information about the kernel-team mailing list