ACK [X/B] / NACK [D]: [X/B/D/E][SRU][PATCH 0/4] Fixes for CVE-2019-15117 & CVE-2019-15118
Tyler Hicks
tyhicks at canonical.com
Mon Sep 23 15:36:04 UTC 2019
On 2019-08-29 17:13:47, Connor Kuehl wrote:
> CVE-2019-15117:
>
> https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15117.html
>
> "parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through
> 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory
> access."
>
> Clean cherry-pick for Disco and Eoan.
>
> Xenial/Bionic required backporting, but those notes are in the patch
> provenance.
>
> CVE-2019-15118:
>
> https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15118.html
>
> "check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9
> mishandles recursion, leading to kernel stack exhaustion."
>
> Clean cherry-pick for Disco and Eoan.
>
> Xenial/Bionic required backporting, but those notes are in the patch
> provenance.
For Xenial and Bionic:
Acked-by: Tyler Hicks <tyhicks at canonical.com>
Disco has since picked up the fixes via upstream linux-stable. The fixes
are present in 5.0.0-30.32, currently in disco-proposed, so there's no
longer a need to apply these to Disco.
Tyler
>
> --
> 2.17.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list