[SRU][OEM-5.17][PATCH 0/1] CVE-2022-3903
Magali Lemes
magali.lemes.do.sacramento at canonical.com
Mon Mar 27 19:36:31 UTC 2023
[Impact]
An incorrect read request flaw was found in the Infrared Transceiver USB
driver in the Linux kernel. This issue occurs when a user attaches a
malicious USB device. A local user could use this flaw to starve the
resources, causing denial of service or potentially crashing the system.
[Backport]
Clean cherry-pick.
[Test]
Compiled.
[Regression potential]
We expect minimal regression, since we're only updating the usb_control_msg()
calls with usb_control_msg_recv() and usb_control_msg_send(). Also it would
impact just users of the Windows Media Center Edition eHome Infrared
Transceiver.
Alan Stern (1):
media: mceusb: Use new usb_control_msg_*() routines
drivers/media/rc/mceusb.c | 35 ++++++++++++++---------------------
1 file changed, 14 insertions(+), 21 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list