APPLIED: [SRU][CVE-2019-14283][X/B/D][PATCH 0/1] floppy: fix out-of-bounds read in copy_buffer
Khaled Elmously
khalid.elmously at canonical.com
Wed Aug 7 04:56:42 UTC 2019
On 2019-08-01 10:45:16 , Connor Kuehl wrote:
> https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14283.html
>
> From the link above:
>
> "In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c
> does not validate the sect and head fields, as demonstrated by an integer
> overflow and out-of-bounds read. It can be triggered by an unprivileged
> local user when a floppy disk has been inserted. NOTE: QEMU creates the
> floppy device by default."
>
> **NOTE**: CVE-2019-14284 must be applied first for this patch to cherry pick
> cleanly. As of this writing, that patch has already been sent to the
> mailing list [1] and has enough ACKs to be applied.
>
> [1] https://lists.ubuntu.com/archives/kernel-team/2019-July/102711.html
>
> Denis Efremov (1):
> floppy: fix out-of-bounds read in copy_buffer
>
> drivers/block/floppy.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> --
> 2.20.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list