[SRU Bionic 0/1] CVE-2022-3239
Cengiz Can
cengiz.can at canonical.com
Tue Oct 11 13:35:10 UTC 2022
[Impact]
A flaw use after free in the Linux kernel video4linux driver was found
in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV
cards. A local user could use this flaw to crash the system or
potentially escalate their privileges on the system.
[Fix]
Fix was cherry picked from the upstream stable 4.14.y backport.
[Test case]
Since the driver requires a hardware TV card, only compile and boot
tested on KVM.
[Potential regression]
Unknown.
Dongliang Mu (1):
media: em28xx: initialize refcount before kref_get
drivers/media/usb/em28xx/em28xx-cards.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list