NACK for Xenial: [X/D][SRU][CVE-2019-10207] check for missing tty operations
Connor Kuehl
connor.kuehl at canonical.com
Tue Aug 13 13:59:19 UTC 2019
On 8/12/19 4:08 PM, Connor Kuehl wrote:
> https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10207.html
>
> From the fix description:
>
> "Certain ttys operations (pty_unix98_ops) lack tiocmget() and tiocmset()
> functions which are called by the certain HCI UART protocols (hci_ath,
> hci_bcm, hci_intel, hci_mrvl, hci_qca) via hci_uart_set_flow_control()
> or directly. This leads to an execution at NULL and can be triggered by
> an unprivileged user. Fix this by adding a check for the missing tty
> operations to the protocols which use them."
>
> Since the fix required the serdev patch for it to make its checks, I have
> included that commit for Xenial as well.
>
> Disco was a clean cherry pick.
>
> Rob Herring (1):
> Bluetooth: hci_uart: add serdev driver support library
>
> Vladis Dronov (1):
> Bluetooth: hci_uart: check for missing tty operations
>
> drivers/bluetooth/Makefile | 1 +
> drivers/bluetooth/hci_ath.c | 3 +
> drivers/bluetooth/hci_bcm.c | 3 +
> drivers/bluetooth/hci_intel.c | 3 +
> drivers/bluetooth/hci_ldisc.c | 13 ++
> drivers/bluetooth/hci_qca.c | 3 +
> drivers/bluetooth/hci_serdev.c | 361 +++++++++++++++++++++++++++++++++
> drivers/bluetooth/hci_uart.h | 5 +
> 8 files changed, 392 insertions(+)
> create mode 100644 drivers/bluetooth/hci_serdev.c
>
I will send a V2.
More information about the kernel-team
mailing list