[X/B/D/E][SRU][PATCH 0/4] Fixes for CVE-2019-15117 & CVE-2019-15118
Connor Kuehl
connor.kuehl at canonical.com
Fri Sep 20 08:15:45 UTC 2019
On 8/30/19 2:13 AM, Connor Kuehl wrote:
> CVE-2019-15117:
>
> https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15117.html
>
> "parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through
> 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory
> access."
>
> Clean cherry-pick for Disco and Eoan.
>
> Xenial/Bionic required backporting, but those notes are in the patch
> provenance.
>
> CVE-2019-15118:
>
> https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15118.html
>
> "check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9
> mishandles recursion, leading to kernel stack exhaustion."
>
> Clean cherry-pick for Disco and Eoan.
>
> Xenial/Bionic required backporting, but those notes are in the patch
> provenance.
>
Pinging this for X/B/D.
More information about the kernel-team
mailing list