ACK: [SRU Bionic 0/1] CVE-2022-3239
Tim Gardner
tim.gardner at canonical.com
Tue Oct 11 14:06:31 UTC 2022
On 10/11/22 7:35 AM, Cengiz Can wrote:
> [Impact]
> A flaw use after free in the Linux kernel video4linux driver was found
> in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV
> cards. A local user could use this flaw to crash the system or
> potentially escalate their privileges on the system.
>
> [Fix]
> Fix was cherry picked from the upstream stable 4.14.y backport.
>
> [Test case]
> Since the driver requires a hardware TV card, only compile and boot
> tested on KVM.
>
> [Potential regression]
> Unknown.
>
> Dongliang Mu (1):
> media: em28xx: initialize refcount before kref_get
>
> drivers/media/usb/em28xx/em28xx-cards.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
Acked-by: Tim Gardner <tim.gardner at canonical.com>
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list