UN-NAK[D]: [X/B/D][SRU] Fix for CVE-2019-18885
Kleber Souza
kleber.souza at canonical.com
Tue Dec 17 08:35:16 UTC 2019
On 12.12.19 11:49, Kleber Souza wrote:
> On 2019-12-10 01:48, Connor Kuehl wrote:
>> https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18885.html
>>
>> From the link above:
>>
>> "fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a
>> btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image
>> because fs_devices->devices is mishandled within find_device, aka
>> CID-09ba3bc9dd15."
>>
>> The additional commit, "btrfs: refactor btrfs_find_device() take fs_devices as
>> argument" was taken to ease the placement of the commit that is specified by the
>> CVE as a fix. This enabled a clean cherry-pick into Disco.
>>
>> Cherry picks straight into Disco.
>>
>> Minor context adjustments for Bionic.
>>
>> Xenial required some hand-holding as certain hunks wouldn't apply to a function
>> that perhaps has not been added yet, certain function arguments have not been
>> refactored but are accessible by accessing members of the enclosing structure
>> that *is* passed.
>>
>
> Disco will EOL in January and we are not planning to release another
> kernel SRU for it. So I'm NAK'ing the patches for D.
Although Disco support will end in January, our plan is to continue producing
5.0 kernel updates for a yet to be defined period.
So please disregard my NAK to this patch.
Thanks.
More information about the kernel-team
mailing list