[PATCH 0/1][SRU][B] CVE-2019-12818: NFC LLCP DoS

Tyler Hicks tyhicks at canonical.com
Wed Jul 10 06:13:07 UTC 2019

An issue was discovered in the Linux kernel before 4.20.15. The
nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL.
If the caller does not check for this, it will trigger a NULL pointer
dereference. This will cause denial of service. This affects
nfc_llcp_build_gb in net/nfc/llcp_core.c.

 - https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-12818

The patch is a clean cherry pick. Build logs show no related compiler
warnings. I am unable to test the NFC driver.


YueHaibing (1):
  net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails

 net/nfc/llcp_commands.c | 20 ++++++++++++++++++++
 net/nfc/llcp_core.c     | 24 ++++++++++++++++++++----
 2 files changed, 40 insertions(+), 4 deletions(-)


More information about the kernel-team mailing list