[PATCH 0/1] [SRU][B/master] CVE-2019-2101: USB Video Class info
Paolo Pisati
p.pisati at gmail.com
Thu Jul 18 09:27:06 UTC 2019
In uvc_parse_standard_control of uvc_driver.c, there is a possible
out-of-bound read due to improper input validation. This could lead to
local information disclosure with no additional execution privileges
needed. User interaction is not needed for exploitation.
https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2101.html
Clean cherry-pick, compile tested.
Alistair Strachan (1):
media: uvcvideo: Fix 'type' check leading to overflow
drivers/media/usb/uvc/uvc_driver.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
--
2.17.1
More information about the kernel-team
mailing list