mbox series

[0/1,SRU,C] CVE-2019-9003 - IPMI use-after-free

Message ID 1551798931-28747-1-git-send-email-tyhicks@canonical.com
Headers show
Series CVE-2019-9003 - IPMI use-after-free | expand

Message

Tyler Hicks March 5, 2019, 3:15 p.m. UTC 
https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9003.html

 In the Linux kernel before 4.20.5, attackers can trigger a
 drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging
 for certain simultaneous execution of the code, as demonstrated by a
 "service ipmievd restart" loop.

Clean cherry pick. Build logs are clean. Smoke tested by booting the Cosmic
kernel and loading the ipmi_msghandler module.

Tyler

Yang Yingliang (1):
  ipmi: fix use-after-free of user->release_barrier.rda

 drivers/char/ipmi/ipmi_msghandler.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Kleber Sacilotto de Souza March 12, 2019, 12:31 p.m. UTC | #1 
On 3/5/19 4:15 PM, Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9003.html
>
>  In the Linux kernel before 4.20.5, attackers can trigger a
>  drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging
>  for certain simultaneous execution of the code, as demonstrated by a
>  "service ipmievd restart" loop.
>
> Clean cherry pick. Build logs are clean. Smoke tested by booting the Cosmic
> kernel and loading the ipmi_msghandler module.
>
> Tyler
>
> Yang Yingliang (1):
>   ipmi: fix use-after-free of user->release_barrier.rda
>
>  drivers/char/ipmi/ipmi_msghandler.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>

Applied to cosmic/master-next branch.

Thanks,
Kleber