APPLIED: [SRU][N][PATCH 0/1] CVE-2024-42301
Roxana Nicolescu
roxana.nicolescu at canonical.com
Mon Oct 7 07:58:04 UTC 2024
On 07/10/2024 09:22, Roxana Nicolescu wrote:
>
> On 30/09/2024 23:39, Yuxuan Luo wrote:
>> [Impact]
>> A potential array out-of-bound read is found in driver/parport subsytem
>> when users accessing its procfs file because of the insecure nature of
>> sprintf() function. This vulnerability might cause kernel panic and thus
>> leads to denial of service.
>>
>> [Backport]
>> Clean cherry pick.
>>
>> [Test]
>> Compile tested.
>>
>> [Where problems might occur]
>> Parport procfs file might experience format inconsistency or unstable.
>>
>> tuhaowen (1):
>> dev/parport: fix the array out-of-bounds risk
>>
>> drivers/parport/procfs.c | 24 ++++++++++++------------
>> 1 file changed, 12 insertions(+), 12 deletions(-)
>>
> Applied to noble:linux master-next branch. Thanks!
Forgot to mention the patch does not have the CVE number...I added it
More information about the kernel-team
mailing list