ACK: [SRU Xenial 0/3] CVE-2021-37159

Tim Gardner tim.gardner at canonical.com
Mon Mar 21 11:51:24 UTC 2022


Acked-by: Tim Gardner <tim.gardner at canonical.com>

Seems like this should have been on the ESM list.

On 3/17/22 12:00, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> On some error paths during USB HSO probe, the driver would do a
> use-after-free or double-free. This could allow malicous devices to
> cause a DoS on the system or possibly execute arbritary code.
> 
> [Fix]
> The first commit removes some error messages, making the backport easier
> and less error prone. The second commit also helps with backports, but
> also fix a secondary issue. The final commit had a small change due to
> hso_free_net_device being changed.
> 
> [Potential regression]
> USB HSO devices could fail to be correctly probe or function adequately.
> 
> Andreas Kemnade (1):
>    net: hso: register netdev later to avoid a race condition
> 
> Dongliang Mu (1):
>    usb: hso: fix error handling code of hso_create_net_device
> 
> Wolfram Sang (1):
>    net: usb: hso: don't print error when allocating urb fails
> 
>   drivers/net/usb/hso.c | 65 ++++++++++++++++++++++---------------------
>   1 file changed, 34 insertions(+), 31 deletions(-)
> 

-- 
-----------
Tim Gardner
Canonical, Inc



More information about the kernel-team mailing list