NAK: [CVE-2016-5400] memory leak in airspy usb driver

[Colin Ian King]

On 27/07/16 23:28, Luis Henriques wrote:
> On Wed, Jul 27, 2016 at 03:46:50PM +0100, Luis Henriques wrote:
>> Following this email, I am sending the fix for CVE-2016-5400 for all the
> 
> Ok, this is quite confusing.  I assumed the fix for this CVE was Colin's commit:
> 
>   eca2d34b9d2c ("[media] mb86a20s: apply mask to val after checking for read failure")
> 
> because of this thread in the oss-security mailing list:
> 
>   http://seclists.org/oss-sec/2016/q3/139
> 
> Now, I've just saw commit aa93d1fee85c ("media: fix airspy usb probe error
> path") hitting mainline which is supposed to fix this CVE.  So, please ignore
> this patchset.
> 
> Colin, does this patch fix have a CVE assigned at all?

My patch has no CVE assigned, I think there is confusion on the
oss-security discussion thread. The CVE worthy fix is the one you
referenced aa93d1fee85c890a34f2510a310e55ee76a27848

Colin

> 
> Cheers,
> --
> Luís
> 
> 
>> series.  It's a clean cherry-pick for all the series except for Precise, because
>> a few commits were missing:
>>
>>  - commit 9a0bf528b4d6 ("[media] move the dvb/frontends to
>>    drivers/media/dvb-frontends") moved code around, so the files were in
>>    different places
>>
>>  - commit dd4493ef34cb ("[media] mb86a20s: Function reorder") restructured the
>>    code and actually introduced the "if (val < 0)" check.  I've decided to add
>>    this check to the backport as the fix would be a noop without it.
>>
>> Colin Ian King (1):
>>   [media] mb86a20s: apply mask to val after checking for read failure
>>
>>  drivers/media/dvb/frontends/mb86a20s.c | 5 ++++-
>>  1 file changed, 4 insertions(+), 1 deletion(-)
>>
>>
>> -- 
>> kernel-team mailing list
>> kernel-team at lists.ubuntu.com
>> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>