[SRU,Trusty,0/1] Fix for CVE-2017-16649

Message ID	20181012114735.8366-1-kleber.souza@canonical.com
Headers	show Return-Path: <kernel-team-bounces@lists.ubuntu.com> From: Kleber Sacilotto de Souza <kleber.souza@canonical.com> To: kernel-team@lists.ubuntu.com Subject: [SRU][Trusty][PATCH 0/1] Fix for CVE-2017-16649 Date: Fri, 12 Oct 2018 13:47:34 +0200 Message-Id: <20181012114735.8366-1-kleber.souza@canonical.com> MIME-Version: 1.0 Precedence: list Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>
Series	Fix for CVE-2017-16649 \| expand [SRU,Trusty,0/1] Fix for CVE-2017-16649 [SRU,Trusty,1/1] net: cdc_ether: fix divide by 0 on bad descriptors

Message ID

20181012114735.8366-1-kleber.souza@canonical.com

Headers

From: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][Trusty][PATCH 0/1] Fix for CVE-2017-16649
Date: Fri, 12 Oct 2018 13:47:34 +0200
Message-Id: <20181012114735.8366-1-kleber.souza@canonical.com>
MIME-Version: 1.0
Precedence: list
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

Series

Fix for CVE-2017-16649 | expand

Message

Kleber Sacilotto de Souza Oct. 12, 2018, 11:47 a.m. UTC

https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16649.html

  Andrey Konovalov discovered that the CDC USB Ethernet driver did not
  properly validate device descriptors. A physically proximate attacker could
  use this to cause a denial of service (system crash).

Backport needed given that the parsion function was organises
differently. Checked against the backport done for 3.16-stable. Compile
tested.

Already fixed for Xenial and later series.

Bjørn Mork (1):
  net: cdc_ether: fix divide by 0 on bad descriptors

 drivers/net/usb/cdc_ether.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

Comments

Khalid Elmously Oct. 12, 2018, 12:08 p.m. UTC | #1

On 2018-10-12 13:47:34 , Kleber Souza wrote:
> https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16649.html
> 
>   Andrey Konovalov discovered that the CDC USB Ethernet driver did not
>   properly validate device descriptors. A physically proximate attacker could
>   use this to cause a denial of service (system crash).
> 
> Backport needed given that the parsion function was organises
> differently. Checked against the backport done for 3.16-stable. Compile
> tested.
> 
> Already fixed for Xenial and later series.
> 
> Bjørn Mork (1):
>   net: cdc_ether: fix divide by 0 on bad descriptors
> 
>  drivers/net/usb/cdc_ether.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
>

Acked-by: Khalid Elmously <khalid.elmously@canonical.com>

The backport makes sense to me

Khalid Elmously Oct. 22, 2018, 7:24 a.m. UTC | #2

On 2018-10-12 13:47:34 , Kleber Souza wrote:
> https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16649.html
> 
>   Andrey Konovalov discovered that the CDC USB Ethernet driver did not
>   properly validate device descriptors. A physically proximate attacker could
>   use this to cause a denial of service (system crash).
> 
> Backport needed given that the parsion function was organises
> differently. Checked against the backport done for 3.16-stable. Compile
> tested.
> 
> Already fixed for Xenial and later series.
> 
> Bjørn Mork (1):
>   net: cdc_ether: fix divide by 0 on bad descriptors
> 
>  drivers/net/usb/cdc_ether.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
> 
> -- 
> 2.17.1
> 
> 
> -- 
> kernel-team mailing list
> kernel-team@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team