ACK: [PATCH 1/1][T/X/B/C/D] cdrom: fix improper type cast, which can leat to information leak.
Seth Forshee
seth.forshee at canonical.com
Mon Nov 26 15:07:31 UTC 2018
On Tue, Nov 20, 2018 at 12:48:41AM +0000, Tyler Hicks wrote:
> From: Young_X <YangX92 at hotmail.com>
>
> There is another cast from unsigned long to int which causes
> a bounds check to fail with specially crafted input. The value is
> then used as an index in the slot array in cdrom_slot_status().
>
> This issue is similar to CVE-2018-16658 and CVE-2018-10940.
>
> Signed-off-by: Young_X <YangX92 at hotmail.com>
> Signed-off-by: Jens Axboe <axboe at kernel.dk>
>
> CVE-2018-18710
>
> (cherry picked from commit e4f3aa2e1e67bb48dfbaaf1cad59013d5a5bc276)
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
Acked-by: Seth Forshee <seth.forshee at canonical.com>
This was applied to unstable as part of the 4.19.3 stable update.
More information about the kernel-team
mailing list