ACK / APPLIED[E]: [X/B/D/E][SRU][PATCH 0/4] Fixes for CVE-2019-15117 & CVE-2019-15118
Seth Forshee
seth.forshee at canonical.com
Fri Aug 30 17:05:05 UTC 2019
On Thu, Aug 29, 2019 at 05:13:47PM -0700, Connor Kuehl wrote:
> CVE-2019-15117:
>
> https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15117.html
>
> "parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through
> 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory
> access."
>
> Clean cherry-pick for Disco and Eoan.
>
> Xenial/Bionic required backporting, but those notes are in the patch
> provenance.
>
> CVE-2019-15118:
>
> https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15118.html
>
> "check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9
> mishandles recursion, leading to kernel stack exhaustion."
>
> Clean cherry-pick for Disco and Eoan.
>
> Xenial/Bionic required backporting, but those notes are in the patch
> provenance.
Acked-by: Seth Forshee <seth.forshee at canonical.com>
Applied to eoan/master-next, thanks!
More information about the kernel-team
mailing list