NAK[D]: [X/B/D][SRU] Fix for CVE-2019-18885
Kleber Souza
kleber.souza at canonical.com
Thu Dec 12 10:49:54 UTC 2019
On 2019-12-10 01:48, Connor Kuehl wrote:
> https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18885.html
>
> From the link above:
>
> "fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a
> btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image
> because fs_devices->devices is mishandled within find_device, aka
> CID-09ba3bc9dd15."
>
> The additional commit, "btrfs: refactor btrfs_find_device() take fs_devices as
> argument" was taken to ease the placement of the commit that is specified by the
> CVE as a fix. This enabled a clean cherry-pick into Disco.
>
> Cherry picks straight into Disco.
>
> Minor context adjustments for Bionic.
>
> Xenial required some hand-holding as certain hunks wouldn't apply to a function
> that perhaps has not been added yet, certain function arguments have not been
> refactored but are accessible by accessing members of the enclosing structure
> that *is* passed.
>
Disco will EOL in January and we are not planning to release another
kernel SRU for it. So I'm NAK'ing the patches for D.
Thanks,
Kleber
More information about the kernel-team
mailing list