APPLIED/cmnt: [PATCH][SRU][TRUSTY] Fix for CVE-2017-16912
Khaled Elmously
khalid.elmously at canonical.com
Fri Jul 27 05:26:10 UTC 2018
Applied to trusty master-next
Note that I had to modify the patch a little. I changed the line:
dev_err(&sdev->udev->dev, "get pipe() invalid epnum %d\n", epnum);
to
dev_err(&sdev->udev->dev, "CMD_SUBMIT: invalid epnum %d\n", epnum);
...because the code had shifted due to
20c32587ada5 usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input
On 2018-07-19 18:17:30 , Colin King wrote:
> From: Colin Ian King <colin.king at canonical.com>
>
> https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16912.html
>
> Backport of upstream commit 635f545a7e8be7596b9b2b6a43cab6bbd5a88e43
> required a little bit of wiggling and change in path name as this
> driver in Trusty is in staging and not under usb.
>
> Colin Ian King (1):
> usbip: fix stub_rx: get_pipe() to validate endpoint number
>
> drivers/staging/usbip/stub_rx.c | 17 ++++++++++-------
> 1 file changed, 10 insertions(+), 7 deletions(-)
>
> --
> 2.7.4
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list