Message ID | 1563442027-12388-1-git-send-email-paolo.pisati@canonical.com |
---|---|
Headers | show |
Series | CVE-2019-2101: USB Video Class info | expand |
On 7/18/19 11:27 AM, Paolo Pisati wrote: > In uvc_parse_standard_control of uvc_driver.c, there is a possible > out-of-bound read due to improper input validation. This could lead to > local information disclosure with no additional execution privileges > needed. User interaction is not needed for exploitation. > > https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2101.html > > Clean cherry-pick, compile tested. > > Alistair Strachan (1): > media: uvcvideo: Fix 'type' check leading to overflow > > drivers/media/usb/uvc/uvc_driver.c | 14 +++++++++++--- > 1 file changed, 11 insertions(+), 3 deletions(-) > Applied to bionic/master-next branch. Thanks, Kleber