ACK: [PATCH 1/1][T/X/B/C/D] cdrom: fix improper type cast, which can leat to information leak.

Seth Forshee seth.forshee at
Mon Nov 26 15:07:31 UTC 2018

On Tue, Nov 20, 2018 at 12:48:41AM +0000, Tyler Hicks wrote:
> From: Young_X <YangX92 at>
> There is another cast from unsigned long to int which causes
> a bounds check to fail with specially crafted input. The value is
> then used as an index in the slot array in cdrom_slot_status().
> This issue is similar to CVE-2018-16658 and CVE-2018-10940.
> Signed-off-by: Young_X <YangX92 at>
> Signed-off-by: Jens Axboe <axboe at>
> CVE-2018-18710
> (cherry picked from commit e4f3aa2e1e67bb48dfbaaf1cad59013d5a5bc276)
> Signed-off-by: Tyler Hicks <tyhicks at>

Acked-by: Seth Forshee <seth.forshee at>

This was applied to unstable as part of the 4.19.3 stable update.

More information about the kernel-team mailing list