APPLIED: [SRU][N][PATCH 0/1] CVE-2024-42301
Roxana Nicolescu
roxana.nicolescu at canonical.com
Mon Oct 7 07:22:46 UTC 2024
On 30/09/2024 23:39, Yuxuan Luo wrote:
> [Impact]
> A potential array out-of-bound read is found in driver/parport subsytem
> when users accessing its procfs file because of the insecure nature of
> sprintf() function. This vulnerability might cause kernel panic and thus
> leads to denial of service.
>
> [Backport]
> Clean cherry pick.
>
> [Test]
> Compile tested.
>
> [Where problems might occur]
> Parport procfs file might experience format inconsistency or unstable.
>
> tuhaowen (1):
> dev/parport: fix the array out-of-bounds risk
>
> drivers/parport/procfs.c | 24 ++++++++++++------------
> 1 file changed, 12 insertions(+), 12 deletions(-)
>
Applied to noble:linux master-next branch. Thanks!
More information about the kernel-team
mailing list