mbox series

[Trusty,SRU,0/1] Fix for CVE-2017-0627

Message ID 20180508075747.13319-1-po-hsu.lin@canonical.com
Headers show
Series Fix for CVE-2017-0627 | expand

Message

Po-Hsu Lin May 8, 2018, 7:57 a.m. UTC 
According to our CVE matrix, only Trusty needs this patch.

An extra check to validate the user-provided bit-size and offset was added in
this patch to fix this CVE issue.

Guenter Roeck (1):
  media: uvcvideo: Prevent heap overflow when accessing mapped controls

 drivers/media/usb/uvc/uvc_ctrl.c | 7 +++++++
 1 file changed, 7 insertions(+)

Comments

Stefan Bader May 23, 2018, 2:53 p.m. UTC | #1 
On 08.05.2018 09:57, Po-Hsu Lin wrote:
> According to our CVE matrix, only Trusty needs this patch.
> 
> An extra check to validate the user-provided bit-size and offset was added in
> this patch to fix this CVE issue.
> 
> Guenter Roeck (1):
>   media: uvcvideo: Prevent heap overflow when accessing mapped controls
> 
>  drivers/media/usb/uvc/uvc_ctrl.c | 7 +++++++
>  1 file changed, 7 insertions(+)
> 
Applied to trusty master-next.

-Stefan