APPLIED: [SRU Bionic 0/1] CVE-2022-3239
Stefan Bader
stefan.bader at canonical.com
Wed Nov 9 11:09:33 UTC 2022
On 11.10.22 15:35, Cengiz Can wrote:
> [Impact]
> A flaw use after free in the Linux kernel video4linux driver was found
> in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV
> cards. A local user could use this flaw to crash the system or
> potentially escalate their privileges on the system.
>
> [Fix]
> Fix was cherry picked from the upstream stable 4.14.y backport.
>
> [Test case]
> Since the driver requires a hardware TV card, only compile and boot
> tested on KVM.
>
> [Potential regression]
> Unknown.
>
> Dongliang Mu (1):
> media: em28xx: initialize refcount before kref_get
>
> drivers/media/usb/em28xx/em28xx-cards.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
Applied to bionic:linux/master-next. Thanks.
-Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20221109/73241127/attachment.sig>
More information about the kernel-team
mailing list