APPLIED/cmnt: [PATCH 0/1][T/B] CVE-2018-14734 - Denial of Service in Infiniband core
Khaled Elmously
khalid.elmously at canonical.com
Thu Nov 29 07:06:17 UTC 2018
Applied to T and B.
Tyler, could you please include the [SRU] tag in the subject line to make it easy to identify the message as an SRU patch?
Thanks
On 2018-11-20 01:18:47 , Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2018-14734
>
> drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows
> ucma_leave_multicast to access a certain data structure after a cleanup
> step in ucma_process_join, which allows attackers to cause a denial of
> service (use-after-free).
>
> Clean cherry pick to Bionic and Trusty. Xenial has already been fixed thanks to
> the fix coming in via linux-stable. I was unable to test the affected code due
> to lack of necessary hardware. However, the build logs are clean and the fix is
> easy to review.
>
> Tyler
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list