[X/D][SRU][CVE-2019-10207] check for missing tty operations

Connor Kuehl connor.kuehl at canonical.com
Mon Aug 12 23:08:42 UTC 2019


>From the fix description:

"Certain ttys operations (pty_unix98_ops) lack tiocmget() and tiocmset()
functions which are called by the certain HCI UART protocols (hci_ath,
hci_bcm, hci_intel, hci_mrvl, hci_qca) via hci_uart_set_flow_control()
or directly. This leads to an execution at NULL and can be triggered by
an unprivileged user. Fix this by adding a check for the missing tty
operations to the protocols which use them."

Since the fix required the serdev patch for it to make its checks, I have
included that commit for Xenial as well.

Disco was a clean cherry pick.

Rob Herring (1):
  Bluetooth: hci_uart: add serdev driver support library

Vladis Dronov (1):
  Bluetooth: hci_uart: check for missing tty operations

 drivers/bluetooth/Makefile     |   1 +
 drivers/bluetooth/hci_ath.c    |   3 +
 drivers/bluetooth/hci_bcm.c    |   3 +
 drivers/bluetooth/hci_intel.c  |   3 +
 drivers/bluetooth/hci_ldisc.c  |  13 ++
 drivers/bluetooth/hci_qca.c    |   3 +
 drivers/bluetooth/hci_serdev.c | 361 +++++++++++++++++++++++++++++++++
 drivers/bluetooth/hci_uart.h   |   5 +
 8 files changed, 392 insertions(+)
 create mode 100644 drivers/bluetooth/hci_serdev.c


More information about the kernel-team mailing list