| Message ID | 20190806100633.26677-1-jesse.sung@canonical.com |
|---|---|
| Headers | show |
| Series | Fix for CVE-2019-0136 | expand |
On 2019-08-06 18:06:31, Wen-chien Jesse Sung wrote: > BugLink: https://launchpad.net/bugs/1839105 > > == SRU Justification == > > * Impact: > A potential security vulnerability in Intel® PROSet/Wireless WiFi Software > may allow denial of service. > https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00232.html > > * Fix: > 588f7d39b359 mac80211: drop robust management frames from unknown TA > 79c92ca42b5a mac80211: handle deauthentication/disassociation from TDLS peer How were you able to determine that they are the fix for CVE-2019-0136? I can't find any public info that correlates CVE-2019-0136 with the two fixes you mentioned. I've left this CVE as untriaged in the Ubuntu CVE Tracker and was about to reach out to Intel to get more info. Tyler > > * Risk of Regression: > Low. These commits are already in 4.14.130 and 4.19.56 so will eventually > land in an SRU release or two. We just need them to be included in this cycle > for Bionic to meet project schedule. > > > Johannes Berg (1): > mac80211: drop robust management frames from unknown TA > > Yu Wang (1): > mac80211: handle deauthentication/disassociation from TDLS peer > > net/mac80211/ieee80211_i.h | 3 +++ > net/mac80211/mlme.c | 12 +++++++++++- > net/mac80211/rx.c | 2 ++ > net/mac80211/tdls.c | 23 +++++++++++++++++++++++ > 4 files changed, 39 insertions(+), 1 deletion(-) > > -- > 2.20.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
On 2019-08-06 10:48:47, Tyler Hicks wrote: > On 2019-08-06 18:06:31, Wen-chien Jesse Sung wrote: > > BugLink: https://launchpad.net/bugs/1839105 > > > > == SRU Justification == > > > > * Impact: > > A potential security vulnerability in Intel® PROSet/Wireless WiFi Software > > may allow denial of service. > > https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00232.html > > > > * Fix: > > 588f7d39b359 mac80211: drop robust management frames from unknown TA > > 79c92ca42b5a mac80211: handle deauthentication/disassociation from TDLS peer > > How were you able to determine that they are the fix for CVE-2019-0136? > I can't find any public info that correlates CVE-2019-0136 with the two > fixes you mentioned. I've left this CVE as untriaged in the Ubuntu CVE > Tracker and was about to reach out to Intel to get more info. To update this list, I did reach out to Intel last week but have not heard back from them yet. In the meantime, the Bionic branch has received these two commits via pulling in new upstream linux-stable releases. The Bionic commits are: 3c8fe31b7686309a4b09eed5ba78d88ba85f89bf 01d899052fcc05f90e45bd5fce2383abd69d017d There's no longer a need to apply these patches to Bionic so I'm NACK'ing them in order for the stable team to know that there's nothing else needed here. Tyler > > Tyler > > > > > * Risk of Regression: > > Low. These commits are already in 4.14.130 and 4.19.56 so will eventually > > land in an SRU release or two. We just need them to be included in this cycle > > for Bionic to meet project schedule. > > > > > > Johannes Berg (1): > > mac80211: drop robust management frames from unknown TA > > > > Yu Wang (1): > > mac80211: handle deauthentication/disassociation from TDLS peer > > > > net/mac80211/ieee80211_i.h | 3 +++ > > net/mac80211/mlme.c | 12 +++++++++++- > > net/mac80211/rx.c | 2 ++ > > net/mac80211/tdls.c | 23 +++++++++++++++++++++++ > > 4 files changed, 39 insertions(+), 1 deletion(-) > > > > -- > > 2.20.1 > > > > > > -- > > kernel-team mailing list > > kernel-team@lists.ubuntu.com > > https://lists.ubuntu.com/mailman/listinfo/kernel-team > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team