[PATCH 0/1] [B/C] Fix for CVE-2019-12819

Benjamin M Romer benjamin.romer at canonical.com
Fri Jul 5 19:21:20 UTC 2019

One-liner CVE fix, clean cherry-pick for b/c, already pending in x.

An issue was discovered in the Linux kernel before 5.0. The function
__mdiobus_register() in drivers/net/phy/mdio_bus.c calls put_device(),
which will trigger a fixed_mdio_bus_init use-after-free. This will cause a
denial of service.

YueHaibing (1):
  mdio_bus: Fix use-after-free on device_register fails

 drivers/net/phy/mdio_bus.c | 1 -
 1 file changed, 1 deletion(-)


More information about the kernel-team mailing list