APPLIED: [PATCH 0/4][T] CVE-2016-7913 - Use-after-free in XCeive xc2028 tuner driver

Stefan Bader stefan.bader at canonical.com
Mon Oct 1 10:07:41 UTC 2018


On 14.09.2018 20:51, Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7913.html
> 
>  It was discovered that a use-after-free vulnerability existed in the device
>  driver for XCeive xc2028/xc3028 tuners in the Linux kernel. A local
>  attacker could use this to cause a denial of service (system crash) or
>  possibly execute arbitrary code.
> 
> Patches 2, 3, and 4 are requird to address CVE-2016-7913. I believe that patch
> 1 is a pre-req in order to get the error handling of xc2028_set_config()
> correct before it can properly handle the error condition addressed in the CVE
> fix. I don't have a way to test these patches since I don't have the tuner
> hardware.
> 
> This issue only needs to be patched in Trusty.
> 
> Tyler
> 
> 
Applied to trusty/master-next. Thanks.

-Stefan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20181001/48a83c80/attachment.sig>


More information about the kernel-team mailing list