[SRU][Jammy-OEM-5.17/OEM-6.0][PATCH 0/1] CVE-2023-28328

Yuxuan Luo yuxuan.luo at canonical.com
Mon Jul 31 16:00:51 UTC 2023

Wei Chen discovered that the DVB USB AZ6027 driver in the Linux kernel
contained a null pointer dereference when handling certain messages from
user space. A local attacker could use this to cause a denial of service
(system crash).

It's a clean cherry pick.

Smoked tested via modprobe and rmmod dvb-usb-az6027.

[Potential Regression]
Expecting very low potential.

Baisong Zhong (1):
  media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()

 drivers/media/usb/dvb-usb/az6027.c | 4 ++++
 1 file changed, 4 insertions(+)


More information about the kernel-team mailing list