ACK: [X/B/D][SRU] Fix for CVE-2019-18885
Stefan Bader
stefan.bader at canonical.com
Tue Jan 7 14:55:39 UTC 2020
On 10.12.19 01:48, Connor Kuehl wrote:
> https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18885.html
>
> From the link above:
>
> "fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a
> btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image
> because fs_devices->devices is mishandled within find_device, aka
> CID-09ba3bc9dd15."
>
> The additional commit, "btrfs: refactor btrfs_find_device() take fs_devices as
> argument" was taken to ease the placement of the commit that is specified by the
> CVE as a fix. This enabled a clean cherry-pick into Disco.
>
> Cherry picks straight into Disco.
>
> Minor context adjustments for Bionic.
>
> Xenial required some hand-holding as certain hunks wouldn't apply to a function
> that perhaps has not been added yet, certain function arguments have not been
> refactored but are accessible by accessing members of the enclosing structure
> that *is* passed.
>
Acked-by: Stefan Bader <stefan.bader at canonical.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20200107/4e5e2d13/attachment.sig>
More information about the kernel-team
mailing list