Message ID | 20190801174517.24507-1-connor.kuehl@canonical.com |
---|---|
Headers | show |
Series | floppy: fix out-of-bounds read in copy_buffer | expand |
On 2019-08-01 10:45:16 , Connor Kuehl wrote: > https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14283.html > > From the link above: > > "In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c > does not validate the sect and head fields, as demonstrated by an integer > overflow and out-of-bounds read. It can be triggered by an unprivileged > local user when a floppy disk has been inserted. NOTE: QEMU creates the > floppy device by default." > > **NOTE**: CVE-2019-14284 must be applied first for this patch to cherry pick > cleanly. As of this writing, that patch has already been sent to the > mailing list [1] and has enough ACKs to be applied. > > [1] https://lists.ubuntu.com/archives/kernel-team/2019-July/102711.html > > Denis Efremov (1): > floppy: fix out-of-bounds read in copy_buffer > > drivers/block/floppy.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > -- > 2.20.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team