APPLIED: [PATCH 0/1] [SRU][B/master] CVE-2019-2101: USB Video Class info
Kleber Souza
kleber.souza at canonical.com
Tue Jul 23 14:04:00 UTC 2019
On 7/18/19 11:27 AM, Paolo Pisati wrote:
> In uvc_parse_standard_control of uvc_driver.c, there is a possible
> out-of-bound read due to improper input validation. This could lead to
> local information disclosure with no additional execution privileges
> needed. User interaction is not needed for exploitation.
>
> https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2101.html
>
> Clean cherry-pick, compile tested.
>
> Alistair Strachan (1):
> media: uvcvideo: Fix 'type' check leading to overflow
>
> drivers/media/usb/uvc/uvc_driver.c | 14 +++++++++++---
> 1 file changed, 11 insertions(+), 3 deletions(-)
>
Applied to bionic/master-next branch.
Thanks,
Kleber
More information about the kernel-team
mailing list