APPLIED: [SRU][OEM-5.17][PATCH 0/1] CVE-2022-3903
Manuel Diewald
manuel.diewald at canonical.com
Tue Apr 4 07:50:31 UTC 2023
On Mon, Mar 27, 2023 at 04:36:31PM -0300, Magali Lemes wrote:
> [Impact]
> An incorrect read request flaw was found in the Infrared Transceiver USB
> driver in the Linux kernel. This issue occurs when a user attaches a
> malicious USB device. A local user could use this flaw to starve the
> resources, causing denial of service or potentially crashing the system.
>
> [Backport]
> Clean cherry-pick.
>
> [Test]
> Compiled.
>
> [Regression potential]
> We expect minimal regression, since we're only updating the usb_control_msg()
> calls with usb_control_msg_recv() and usb_control_msg_send(). Also it would
> impact just users of the Windows Media Center Edition eHome Infrared
> Transceiver.
>
> Alan Stern (1):
> media: mceusb: Use new usb_control_msg_*() routines
>
> drivers/media/rc/mceusb.c | 35 ++++++++++++++---------------------
> 1 file changed, 14 insertions(+), 21 deletions(-)
>
> --
> 2.34.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
Applied to jammy:linux-oem-5.17. Thank you!
More information about the kernel-team
mailing list