| Message ID | 20190814232145.5623-1-tyhicks@canonical.com |
|---|---|
| Headers | show |
| Series | CVE-2018-20961: USB Gadget MIDI Function UAF | expand |
On 8/14/19 4:21 PM, Tyler Hicks wrote: > https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20961.html > > In the Linux kernel before 4.16.4, a double free vulnerability in the > f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the > f_midi driver may allow attackers to cause a denial of service or > possibly have unspecified other impact. > > Clean cherry picks. I'm unable to test without appropriate hardware but > the the build logs are clean and a test kernel boots without any issues. > > The first patch isn't necessarily required for the CVE fix but the error > path doesn't work correctly without it. I think it is safe and > worthwhile to bring back with the CVE fix. > > Tyler > > Felipe F. Tonello (1): > usb: gadget: f_midi: fail if set_alt fails to allocate requests > > Yavuz, Tuba (1): > USB: gadget: f_midi: fixing a possible double-free in f_midi > > drivers/usb/gadget/function/f_midi.c | 6 ++++-- > drivers/usb/gadget/u_f.h | 2 ++ > 2 files changed, 6 insertions(+), 2 deletions(-) > Acked-by: Connor Kuehl <connor.kuehl@canonical.com>
On 15.08.19 01:21, Tyler Hicks wrote: > https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20961.html > > In the Linux kernel before 4.16.4, a double free vulnerability in the > f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the > f_midi driver may allow attackers to cause a denial of service or > possibly have unspecified other impact. > > Clean cherry picks. I'm unable to test without appropriate hardware but > the the build logs are clean and a test kernel boots without any issues. > > The first patch isn't necessarily required for the CVE fix but the error > path doesn't work correctly without it. I think it is safe and > worthwhile to bring back with the CVE fix. > > Tyler > > Felipe F. Tonello (1): > usb: gadget: f_midi: fail if set_alt fails to allocate requests > > Yavuz, Tuba (1): > USB: gadget: f_midi: fixing a possible double-free in f_midi > > drivers/usb/gadget/function/f_midi.c | 6 ++++-- > drivers/usb/gadget/u_f.h | 2 ++ > 2 files changed, 6 insertions(+), 2 deletions(-) > Acked-by: Stefan Bader <stefan.bader@canonical.com>
On 8/15/19 1:21 AM, Tyler Hicks wrote: > https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20961.html > > In the Linux kernel before 4.16.4, a double free vulnerability in the > f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the > f_midi driver may allow attackers to cause a denial of service or > possibly have unspecified other impact. > > Clean cherry picks. I'm unable to test without appropriate hardware but > the the build logs are clean and a test kernel boots without any issues. > > The first patch isn't necessarily required for the CVE fix but the error > path doesn't work correctly without it. I think it is safe and > worthwhile to bring back with the CVE fix. > > Tyler > > Felipe F. Tonello (1): > usb: gadget: f_midi: fail if set_alt fails to allocate requests > > Yavuz, Tuba (1): > USB: gadget: f_midi: fixing a possible double-free in f_midi > > drivers/usb/gadget/function/f_midi.c | 6 ++++-- > drivers/usb/gadget/u_f.h | 2 ++ > 2 files changed, 6 insertions(+), 2 deletions(-) > Applied to xenial/master-next branch. Thanks, Kleber