ACK: [SRU][N][PATCH 0/1] CVE-2024-42301
ivanhu
ivan.hu at canonical.com
Tue Oct 1 00:59:41 UTC 2024
Acked-by: Ivan Hu <ivan.hu at canonical.com>
On 10/1/24 05:39, Yuxuan Luo wrote:
> [Impact]
> A potential array out-of-bound read is found in driver/parport subsytem
> when users accessing its procfs file because of the insecure nature of
> sprintf() function. This vulnerability might cause kernel panic and thus
> leads to denial of service.
>
> [Backport]
> Clean cherry pick.
>
> [Test]
> Compile tested.
>
> [Where problems might occur]
> Parport procfs file might experience format inconsistency or unstable.
>
> tuhaowen (1):
> dev/parport: fix the array out-of-bounds risk
>
> drivers/parport/procfs.c | 24 ++++++++++++------------
> 1 file changed, 12 insertions(+), 12 deletions(-)
>
More information about the kernel-team
mailing list