[SRU][CVE-2019-14283][X/B/D][PATCH 0/1] floppy: fix out-of-bounds read in copy_buffer
Connor Kuehl
connor.kuehl at canonical.com
Thu Aug 1 17:45:16 UTC 2019
https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14283.html
>From the link above:
"In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c
does not validate the sect and head fields, as demonstrated by an integer
overflow and out-of-bounds read. It can be triggered by an unprivileged
local user when a floppy disk has been inserted. NOTE: QEMU creates the
floppy device by default."
**NOTE**: CVE-2019-14284 must be applied first for this patch to cherry pick
cleanly. As of this writing, that patch has already been sent to the
mailing list [1] and has enough ACKs to be applied.
[1] https://lists.ubuntu.com/archives/kernel-team/2019-July/102711.html
Denis Efremov (1):
floppy: fix out-of-bounds read in copy_buffer
drivers/block/floppy.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--
2.20.1
More information about the kernel-team
mailing list