Message ID | 1542676728-15881-1-git-send-email-tyhicks@canonical.com |
---|---|
Headers | show |
Series | CVE-2018-14734 - Denial of Service in Infiniband core | expand |
Clean cherry-pick.
Acked-by: Po-Hsu Lin <po-hsu.lin@canonical.com>
Applied to T and B. Tyler, could you please include the [SRU] tag in the subject line to make it easy to identify the message as an SRU patch? Thanks On 2018-11-20 01:18:47 , Tyler Hicks wrote: > https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2018-14734 > > drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows > ucma_leave_multicast to access a certain data structure after a cleanup > step in ucma_process_join, which allows attackers to cause a denial of > service (use-after-free). > > Clean cherry pick to Bionic and Trusty. Xenial has already been fixed thanks to > the fix coming in via linux-stable. I was unable to test the affected code due > to lack of necessary hardware. However, the build logs are clean and the fix is > easy to review. > > Tyler > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
On 2018-11-29 02:06:17, Khaled Elmously wrote: > Applied to T and B. Thanks! > Tyler, could you please include the [SRU] tag in the subject line to > make it easy to identify the message as an SRU patch? Sure. I was talking to someone at the Brussels sprint about how the [SRU] tag doesn't make much sense when [T/B] already indicates that it is a patch for the SRU cycle. However, I hadn't thought about the fact that searching through mail folders is much easier when [SRU] is present. Thanks for pointing that out. Tyler