[PATCH 0/1][SRU][E/D/B/X] CVE-2019-12614: POWER DoS
Tyler Hicks
tyhicks at canonical.com
Mon Jul 15 19:53:38 UTC 2019
An issue was discovered in dlpar_parse_cc_property in
arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through
5.1.6. There is an unchecked kstrdup of prop->name, which might allow an
attacker to cause a denial of service (NULL pointer dereference and
system crash).
https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12614.html
IMO, this issue has a questionable security impact but the fix is simple
so we should apply it.
I've compile tested this change on all four releases. The fix is
straightforward and it is a clean cherry-pick to all releases.
Tyler
Gen Zhang (1):
powerpc/pseries/dlpar: Fix a missing check in
dlpar_parse_cc_property()
arch/powerpc/platforms/pseries/dlpar.c | 4 ++++
1 file changed, 4 insertions(+)
--
2.7.4
More information about the kernel-team
mailing list