[PATCH 0/1][SRU][X] CVE-2018-9517: memory corruption in
AceLan Kao
acelan.kao at canonical.com
Mon Feb 18 15:18:59 UTC 2019
In pppol2tp_connect, there is possible memory corruption due to a use after
free. This could lead to local escalation of privilege with System
execution privileges needed. User interaction is not needed for
exploitation. Product: Android. Versions: Android kernel. Android ID:
A-38159931.
Backported to Xenial, the patch itself doesn't conflict, but the
referenced function that doesn't exist which leads to the conflict.
Build logs are clean, and the kernel boots and dmesg doesn't contain
errors.
Guillaume Nault (1):
l2tp: pass tunnel pointer to ->session_create()
net/l2tp/l2tp_core.h | 4 +++-
net/l2tp/l2tp_eth.c | 11 +++--------
net/l2tp/l2tp_netlink.c | 8 ++++----
net/l2tp/l2tp_ppp.c | 19 +++++++------------
4 files changed, 17 insertions(+), 25 deletions(-)
--
2.17.1
More information about the kernel-team
mailing list