[SRU][Bionic][PATCH 0/1] Fix for CVE-2018-11506
Kleber Sacilotto de Souza
kleber.souza at canonical.com
Fri Jul 20 16:46:36 UTC 2018
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11506.html
Description
The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel
through 4.16.12 allows local users to cause a denial of service
(stack-based buffer overflow) or possibly have unspecified other impact
because sense buffers have different sizes at the CDROM layer and the SCSI
layer, as demonstrated by a CDROMREADMODE2 ioctl call.
Clean cherry-pick for Bionic.
Jens Axboe (1):
sr: pass down correctly sized SCSI sense buffer
drivers/scsi/sr_ioctl.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
--
2.17.1
More information about the kernel-team
mailing list