[Xenial][SRU][CVE-2019-0136][PATCH 0/1] Fix for CVE-2019-0136

Connor Kuehl connor.kuehl at canonical.com
Tue Aug 20 15:19:55 UTC 2019


https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-0136.html

>From the link above:

"Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software
driver before version 21.10 may allow an unauthenticated user to
potentially enable denial of service via adjacent access."

The CVE analysis above shows that Xenial and Disco both require these patches.
I have only sent the 2nd patch (and only for Xenial) because:

In Xenial, the first patch "mac80211: drop robust management frames from unknown TA"
was included in this PR (and it is fix released) that syncs with upstream stable:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1836668

In Disco, both patches are included in a pending upstream stable sync PR:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1840373

Minor backport required due to context adjustments.

Yu Wang (1):
  mac80211: handle deauthentication/disassociation from TDLS peer

 net/mac80211/ieee80211_i.h |  3 +++
 net/mac80211/mlme.c        | 12 +++++++++++-
 net/mac80211/tdls.c        | 23 +++++++++++++++++++++++
 3 files changed, 37 insertions(+), 1 deletion(-)

-- 
2.20.1




More information about the kernel-team mailing list