[PATCH 0/2][X] CVE-2017-18174 - Denial of service in AMD GPIO pin control

Tyler Hicks tyhicks at canonical.com
Tue Nov 20 01:47:27 UTC 2018


https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-18174

 In the Linux kernel before 4.7, the amd_gpio_remove function in
 drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function,
 leading to a double free.

Clean cherry pick to Xenial. I had to incorporate a stray build failure fix
from a related patch. I'm unable to test these changes since it requires
specific AMD hardware. The build logs are clean and the changes are fairly
straightforward.

Tyler




More information about the kernel-team mailing list