APPLIED: [SRU][X/T][PATCH 0/2] irda fixes for CVE-2018-6554 and CVE-2018-6555
Kleber Souza
kleber.souza at canonical.com
Wed Sep 5 10:38:31 UTC 2018
On 09/04/18 17:12, Tyler Hicks wrote:
> Memory leak in the irda_bind function in net/irda/af_irda.c and later
> in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17
> allows local users to cause a denial of service (memory consumption) by
> repeatedly binding an AF_IRDA socket. (CVE-2018-6554)
>
> The irda_setsockopt function in net/irda/af_irda.c and later in
> drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17
> allows local users to cause a denial of service (ias_object
> use-after-free and system crash) or possibly have unspecified other
> impact via an AF_IRDA socket. (CVE-2018-6555)
>
> Tyler
>
Applied to xenial/master-next and trusty/master-next branches.
Thanks,
Kleber
More information about the kernel-team
mailing list