ACK: [SRU Bionic 0/1] CVE-2022-3239
Andrea Righi
andrea.righi at canonical.com
Wed Oct 12 05:38:22 UTC 2022
On Tue, Oct 11, 2022 at 04:35:10PM +0300, Cengiz Can wrote:
> [Impact]
> A flaw use after free in the Linux kernel video4linux driver was found
> in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV
> cards. A local user could use this flaw to crash the system or
> potentially escalate their privileges on the system.
>
> [Fix]
> Fix was cherry picked from the upstream stable 4.14.y backport.
>
> [Test case]
> Since the driver requires a hardware TV card, only compile and boot
> tested on KVM.
>
> [Potential regression]
> Unknown.
Looks good to me.
Acked-by: Andrea Righi <andrea.righi at canonical.com>
More information about the kernel-team
mailing list