[xenial 4.4.0-188.218][PATCH 0/2] CVE-2020-0067 and CVE-2019-9453
Benjamin M Romer
benjamin.romer at canonical.com
Mon Aug 10 14:57:22 UTC 2020
The patch for CVE-2020-0067 requires the patch for CVE-2019-9453.
CVE-2019-9453:
In the Android kernel in F2FS touch driver there is a possible out of
bounds read due to improper input validation. This could lead to local
information disclosure with system execution privileges needed. User
interaction is not needed for exploitation.
CVE-2020-0067:
In f2fs_xattr_generic_list of xattr.c, there is a possible out of
bounds read due to a missing bounds check. This could lead to local
information disclosure with System execution privileges needed. User
interaction is not required for exploitation.Product: Android.
Versions: Android kernel. Android ID: A-120551147.
Randall Huang (2):
f2fs: fix to avoid accessing xattr across the boundary
f2fs: fix to avoid memory leakage in f2fs_listxattr
fs/f2fs/xattr.c | 43 ++++++++++++++++++++++++++++++++++++-------
fs/f2fs/xattr.h | 4 +++-
2 files changed, 39 insertions(+), 8 deletions(-)
--
2.25.1
More information about the kernel-team
mailing list