APPLIED: [xenial 4.4.0-188.218][PATCH 0/2] CVE-2020-0067 and CVE-2019-9453
Ian May
ian.may at canonical.com
Thu Aug 27 20:26:50 UTC 2020
Applied to Xenial/master-next. Thanks!
Thanks!
Ian
On 2020-08-10 10:57:22 , Benjamin M Romer wrote:
> The patch for CVE-2020-0067 requires the patch for CVE-2019-9453.
>
> CVE-2019-9453:
>
> In the Android kernel in F2FS touch driver there is a possible out of
> bounds read due to improper input validation. This could lead to local
> information disclosure with system execution privileges needed. User
> interaction is not needed for exploitation.
>
> CVE-2020-0067:
>
> In f2fs_xattr_generic_list of xattr.c, there is a possible out of
> bounds read due to a missing bounds check. This could lead to local
> information disclosure with System execution privileges needed. User
> interaction is not required for exploitation.Product: Android.
> Versions: Android kernel. Android ID: A-120551147.
>
> Randall Huang (2):
> f2fs: fix to avoid accessing xattr across the boundary
> f2fs: fix to avoid memory leakage in f2fs_listxattr
>
> fs/f2fs/xattr.c | 43 ++++++++++++++++++++++++++++++++++++-------
> fs/f2fs/xattr.h | 4 +++-
> 2 files changed, 39 insertions(+), 8 deletions(-)
>
> --
> 2.25.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list