ACK: [SRU][Trusty][Bionic][PATCH 0/1] Fix for CVE-2018-16276
Tyler Hicks
tyhicks at canonical.com
Fri Nov 9 23:57:01 UTC 2018
On 2018-11-09 15:33:24, Kleber Sacilotto de Souza wrote:
> https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16276.html
>
> It was discovered that the YUREX USB device driver for the Linux kernel did
> not properly restrict user space reads or writes. A physically proximate
> attacker could use this to cause a denial of service (system crash) or
> possibly execute arbitrary code.
>
> Clean cherry-pick for Bionic, simple backport for Trusty only for
> context adjustment.
For both Bionic and Trusty,
Acked-by: Tyler Hicks <tyhicks at canonical.com>
Tyler
>
> Jann Horn (1):
> USB: yurex: fix out-of-bounds uaccess in read handler
>
> drivers/usb/misc/yurex.c | 23 ++++++-----------------
> 1 file changed, 6 insertions(+), 17 deletions(-)
>
> --
> 2.17.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20181109/2395cb56/attachment.sig>
More information about the kernel-team
mailing list