Message ID | 20181012114735.8366-1-kleber.souza@canonical.com |
---|---|
Headers | show |
Series | Fix for CVE-2017-16649 | expand |
On 2018-10-12 13:47:34 , Kleber Souza wrote: > https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16649.html > > Andrey Konovalov discovered that the CDC USB Ethernet driver did not > properly validate device descriptors. A physically proximate attacker could > use this to cause a denial of service (system crash). > > Backport needed given that the parsion function was organises > differently. Checked against the backport done for 3.16-stable. Compile > tested. > > Already fixed for Xenial and later series. > > Bjørn Mork (1): > net: cdc_ether: fix divide by 0 on bad descriptors > > drivers/net/usb/cdc_ether.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > Acked-by: Khalid Elmously <khalid.elmously@canonical.com> The backport makes sense to me
On 2018-10-12 13:47:34 , Kleber Souza wrote: > https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16649.html > > Andrey Konovalov discovered that the CDC USB Ethernet driver did not > properly validate device descriptors. A physically proximate attacker could > use this to cause a denial of service (system crash). > > Backport needed given that the parsion function was organises > differently. Checked against the backport done for 3.16-stable. Compile > tested. > > Already fixed for Xenial and later series. > > Bjørn Mork (1): > net: cdc_ether: fix divide by 0 on bad descriptors > > drivers/net/usb/cdc_ether.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > -- > 2.17.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team