ACK: [SRU][N][PATCH 0/1] CVE-2024-42301
Chris Chiu
chris.chiu at canonical.com
Tue Oct 1 02:29:50 UTC 2024
On Tue, Oct 1, 2024 at 5:40 AM Yuxuan Luo <yuxuan.luo at canonical.com> wrote:
>
> [Impact]
> A potential array out-of-bound read is found in driver/parport subsytem
> when users accessing its procfs file because of the insecure nature of
> sprintf() function. This vulnerability might cause kernel panic and thus
> leads to denial of service.
>
> [Backport]
> Clean cherry pick.
>
> [Test]
> Compile tested.
>
> [Where problems might occur]
> Parport procfs file might experience format inconsistency or unstable.
>
> tuhaowen (1):
> dev/parport: fix the array out-of-bounds risk
>
> drivers/parport/procfs.c | 24 ++++++++++++------------
> 1 file changed, 12 insertions(+), 12 deletions(-)
>
> --
> 2.43.0
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
Acked-by: Chris Chiu <chris.chiu at canonical.com>
More information about the kernel-team
mailing list