ACK: [xenial 4.4.0-188.218][PATCH 0/2] CVE-2020-0067 and CVE-2019-9453
Marcelo Henrique Cerri
marcelo.cerri at canonical.com
Mon Aug 10 17:59:57 UTC 2020
lgtm
Acked-by: Marcelo Henrique Cerri <marcelo.cerri at canonical.com>
On Mon, Aug 10, 2020 at 10:57:22AM -0400, Benjamin M Romer wrote:
> The patch for CVE-2020-0067 requires the patch for CVE-2019-9453.
>
> CVE-2019-9453:
>
> In the Android kernel in F2FS touch driver there is a possible out of
> bounds read due to improper input validation. This could lead to local
> information disclosure with system execution privileges needed. User
> interaction is not needed for exploitation.
>
> CVE-2020-0067:
>
> In f2fs_xattr_generic_list of xattr.c, there is a possible out of
> bounds read due to a missing bounds check. This could lead to local
> information disclosure with System execution privileges needed. User
> interaction is not required for exploitation.Product: Android.
> Versions: Android kernel. Android ID: A-120551147.
>
> Randall Huang (2):
> f2fs: fix to avoid accessing xattr across the boundary
> f2fs: fix to avoid memory leakage in f2fs_listxattr
>
> fs/f2fs/xattr.c | 43 ++++++++++++++++++++++++++++++++++++-------
> fs/f2fs/xattr.h | 4 +++-
> 2 files changed, 39 insertions(+), 8 deletions(-)
>
> --
> 2.25.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
--
Regards,
Marcelo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20200810/9e527b25/attachment.sig>
More information about the kernel-team
mailing list