APPLIED[X/B/D]: [PATCH 0/1][SRU][E/D/B/X] CVE-2019-12614: POWER DoS
Kleber Souza
kleber.souza at canonical.com
Tue Jul 16 11:02:11 UTC 2019
On 15.07.19 21:53, Tyler Hicks wrote:
> An issue was discovered in dlpar_parse_cc_property in
> arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through
> 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an
> attacker to cause a denial of service (NULL pointer dereference and
> system crash).
>
> https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12614.html
>
> IMO, this issue has a questionable security impact but the fix is simple
> so we should apply it.
>
> I've compile tested this change on all four releases. The fix is
> straightforward and it is a clean cherry-pick to all releases.
>
> Tyler
>
> Gen Zhang (1):
> powerpc/pseries/dlpar: Fix a missing check in
> dlpar_parse_cc_property()
>
> arch/powerpc/platforms/pseries/dlpar.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
Applied to xenial, bionic and disco master-next branches.
Thanks,
Kleber
More information about the kernel-team
mailing list