ACK: [SRU][Trusty][Bionic][PATCH 1/1] ALSA: rawmidi: Change resized buffers atomically
Tyler Hicks
tyhicks at canonical.com
Tue Nov 27 16:12:56 UTC 2018
On 2018-11-23 02:28:35, Khalid Elmously wrote:
> From: Takashi Iwai <tiwai at suse.de>
>
> CVE-2018-10902
>
> The SNDRV_RAWMIDI_IOCTL_PARAMS ioctl may resize the buffers and the
> current code is racy. For example, the sequencer client may write to
> buffer while it being resized.
>
> As a simple workaround, let's switch to the resized buffer inside the
> stream runtime lock.
>
> Change-Id: I780f33f62670b4ad93cf92513aa4b87ff41bc63e
> Reported-by: syzbot+52f83f0ea8df16932f7f at syzkaller.appspotmail.com
> (cherry picked from commit 39675f7a7c7e7702f7d5341f1e0d01db746543a0)
> Signed-off-by: Khalid Elmously <khalid.elmously at canonical.com>
>
> Cc: <stable at vger.kernel.org>
> Signed-off-by: Takashi Iwai <tiwai at suse.de>
Acked-by: Tyler Hicks <tyhicks at canonical.com>
Thanks!
Tyler
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20181127/09737030/attachment.sig>
More information about the kernel-team
mailing list