NAK[X/B/D]: [X/B/D/E][SRU][PATCH 0/4] Fixes for CVE-2019-15117 & CVE-2019-15118
Kleber Souza
kleber.souza at canonical.com
Fri Sep 27 10:25:18 UTC 2019
On 30.08.19 02:13, Connor Kuehl wrote:
> CVE-2019-15117:
>
> https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15117.html
>
> "parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through
> 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory
> access."
>
> Clean cherry-pick for Disco and Eoan.
>
> Xenial/Bionic required backporting, but those notes are in the patch
> provenance.
>
> CVE-2019-15118:
>
> https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15118.html
>
> "check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9
> mishandles recursion, leading to kernel stack exhaustion."
>
> Clean cherry-pick for Disco and Eoan.
>
> Xenial/Bionic required backporting, but those notes are in the patch
> provenance.
>
As mentioned by Tyler, these fixes had already been applied to Disco.
For Xenial and Bionic they have been applied as well as stable update
to 4.4.191 and stable patchset 2019-09-09 for Bionic.
Thanks,
Kleber
More information about the kernel-team
mailing list