ACK: [xenial 4.4.0-188.218][PATCH 0/2] CVE-2020-0067 and CVE-2019-9453
Kamal Mostafa
kamal at canonical.com
Mon Aug 10 18:18:10 UTC 2020
LGTM.
Acked-by: Kamal Mostafa <kamal at canonical.com>
-Kamal
On Mon, Aug 10, 2020 at 10:57:22AM -0400, Benjamin M Romer wrote:
> The patch for CVE-2020-0067 requires the patch for CVE-2019-9453.
>
> CVE-2019-9453:
>
> In the Android kernel in F2FS touch driver there is a possible out of
> bounds read due to improper input validation. This could lead to local
> information disclosure with system execution privileges needed. User
> interaction is not needed for exploitation.
>
> CVE-2020-0067:
>
> In f2fs_xattr_generic_list of xattr.c, there is a possible out of
> bounds read due to a missing bounds check. This could lead to local
> information disclosure with System execution privileges needed. User
> interaction is not required for exploitation.Product: Android.
> Versions: Android kernel. Android ID: A-120551147.
>
> Randall Huang (2):
> f2fs: fix to avoid accessing xattr across the boundary
> f2fs: fix to avoid memory leakage in f2fs_listxattr
>
> fs/f2fs/xattr.c | 43 ++++++++++++++++++++++++++++++++++++-------
> fs/f2fs/xattr.h | 4 +++-
> 2 files changed, 39 insertions(+), 8 deletions(-)
>
> --
> 2.25.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list