[PATCH 0/1][SRU][C] CVE-2019-9003 - IPMI use-after-free

Tyler Hicks tyhicks at canonical.com
Tue Mar 5 15:15:30 UTC 2019


 In the Linux kernel before 4.20.5, attackers can trigger a
 drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging
 for certain simultaneous execution of the code, as demonstrated by a
 "service ipmievd restart" loop.

Clean cherry pick. Build logs are clean. Smoke tested by booting the Cosmic
kernel and loading the ipmi_msghandler module.


Yang Yingliang (1):
  ipmi: fix use-after-free of user->release_barrier.rda

 drivers/char/ipmi/ipmi_msghandler.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


More information about the kernel-team mailing list