[X/D][SRU][CVE-2019-10207] check for missing tty operations
Connor Kuehl
connor.kuehl at canonical.com
Mon Aug 12 23:08:42 UTC 2019
https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10207.html
>From the fix description:
"Certain ttys operations (pty_unix98_ops) lack tiocmget() and tiocmset()
functions which are called by the certain HCI UART protocols (hci_ath,
hci_bcm, hci_intel, hci_mrvl, hci_qca) via hci_uart_set_flow_control()
or directly. This leads to an execution at NULL and can be triggered by
an unprivileged user. Fix this by adding a check for the missing tty
operations to the protocols which use them."
Since the fix required the serdev patch for it to make its checks, I have
included that commit for Xenial as well.
Disco was a clean cherry pick.
Rob Herring (1):
Bluetooth: hci_uart: add serdev driver support library
Vladis Dronov (1):
Bluetooth: hci_uart: check for missing tty operations
drivers/bluetooth/Makefile | 1 +
drivers/bluetooth/hci_ath.c | 3 +
drivers/bluetooth/hci_bcm.c | 3 +
drivers/bluetooth/hci_intel.c | 3 +
drivers/bluetooth/hci_ldisc.c | 13 ++
drivers/bluetooth/hci_qca.c | 3 +
drivers/bluetooth/hci_serdev.c | 361 +++++++++++++++++++++++++++++++++
drivers/bluetooth/hci_uart.h | 5 +
8 files changed, 392 insertions(+)
create mode 100644 drivers/bluetooth/hci_serdev.c
--
2.20.1
More information about the kernel-team
mailing list