ACK: [PATCH 0/2][SRU][X] CVE-2018-20961: USB Gadget MIDI Function UAF
Stefan Bader
stefan.bader at canonical.com
Mon Aug 26 14:16:30 UTC 2019
On 15.08.19 01:21, Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20961.html
>
> In the Linux kernel before 4.16.4, a double free vulnerability in the
> f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the
> f_midi driver may allow attackers to cause a denial of service or
> possibly have unspecified other impact.
>
> Clean cherry picks. I'm unable to test without appropriate hardware but
> the the build logs are clean and a test kernel boots without any issues.
>
> The first patch isn't necessarily required for the CVE fix but the error
> path doesn't work correctly without it. I think it is safe and
> worthwhile to bring back with the CVE fix.
>
> Tyler
>
> Felipe F. Tonello (1):
> usb: gadget: f_midi: fail if set_alt fails to allocate requests
>
> Yavuz, Tuba (1):
> USB: gadget: f_midi: fixing a possible double-free in f_midi
>
> drivers/usb/gadget/function/f_midi.c | 6 ++++--
> drivers/usb/gadget/u_f.h | 2 ++
> 2 files changed, 6 insertions(+), 2 deletions(-)
>
Acked-by: Stefan Bader <stefan.bader at canonical.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20190826/ff783e7d/attachment-0001.sig>
More information about the kernel-team
mailing list