mbox series

[SRU,Trusty,Bionic,0/1] Fix for CVE-2018-16276

Message ID 20181109143326.31048-1-kleber.souza@canonical.com
Headers show
Series Fix for CVE-2018-16276 | expand

Message

Kleber Sacilotto de Souza Nov. 9, 2018, 2:33 p.m. UTC 
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16276.html

 It was discovered that the YUREX USB device driver for the Linux kernel did
 not properly restrict user space reads or writes. A physically proximate
 attacker could use this to cause a denial of service (system crash) or
 possibly execute arbitrary code.

Clean cherry-pick for Bionic, simple backport for Trusty only for
context adjustment.

Jann Horn (1):
  USB: yurex: fix out-of-bounds uaccess in read handler

 drivers/usb/misc/yurex.c | 23 ++++++-----------------
 1 file changed, 6 insertions(+), 17 deletions(-)

Comments

Tyler Hicks Nov. 9, 2018, 11:57 p.m. UTC | #1 
On 2018-11-09 15:33:24, Kleber Sacilotto de Souza wrote:
> https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16276.html
> 
>  It was discovered that the YUREX USB device driver for the Linux kernel did
>  not properly restrict user space reads or writes. A physically proximate
>  attacker could use this to cause a denial of service (system crash) or
>  possibly execute arbitrary code.
> 
> Clean cherry-pick for Bionic, simple backport for Trusty only for
> context adjustment.

For both Bionic and Trusty,

  Acked-by: Tyler Hicks <tyhicks@canonical.com>

Tyler

> 
> Jann Horn (1):
>   USB: yurex: fix out-of-bounds uaccess in read handler
> 
>  drivers/usb/misc/yurex.c | 23 ++++++-----------------
>  1 file changed, 6 insertions(+), 17 deletions(-)
> 
> -- 
> 2.17.1
> 
> 
> -- 
> kernel-team mailing list
> kernel-team@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
Khalid Elmously Nov. 30, 2018, 4:29 a.m. UTC | #2 
On 2018-11-09 15:33:24 , Kleber Souza wrote:
> https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16276.html
> 
>  It was discovered that the YUREX USB device driver for the Linux kernel did
>  not properly restrict user space reads or writes. A physically proximate
>  attacker could use this to cause a denial of service (system crash) or
>  possibly execute arbitrary code.
> 
> Clean cherry-pick for Bionic, simple backport for Trusty only for
> context adjustment.
> 
> Jann Horn (1):
>   USB: yurex: fix out-of-bounds uaccess in read handler
> 
>  drivers/usb/misc/yurex.c | 23 ++++++-----------------
>  1 file changed, 6 insertions(+), 17 deletions(-)
> 

Acked-by: Khalid Elmously <khalid.elmously@canonical.com>
Khalid Elmously Nov. 30, 2018, 4:33 a.m. UTC | #3 
On 2018-11-09 15:33:24 , Kleber Souza wrote:
> https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16276.html
> 
>  It was discovered that the YUREX USB device driver for the Linux kernel did
>  not properly restrict user space reads or writes. A physically proximate
>  attacker could use this to cause a denial of service (system crash) or
>  possibly execute arbitrary code.
> 
> Clean cherry-pick for Bionic, simple backport for Trusty only for
> context adjustment.
> 
> Jann Horn (1):
>   USB: yurex: fix out-of-bounds uaccess in read handler
> 
>  drivers/usb/misc/yurex.c | 23 ++++++-----------------
>  1 file changed, 6 insertions(+), 17 deletions(-)
> 
> -- 
> 2.17.1
> 
> 
> -- 
> kernel-team mailing list
> kernel-team@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team