Skip to content
Snippets Groups Projects

Update data

Merged Update data
(removed):master into master
All threads resolved!
Merged Chen-Yu Tsai requested to merge (removed):master into master
All threads resolved!

This likely overlaps with @szlin's MR !26 (closed).

Adding this one to hold information I already gathered.

New CVEs:

  • CVE-2019-5108

    mac80211 layer 2 update frame sent out before authorization. Fixed in mainline.

  • CVE-2019-19241

    Possible incorrect permissions when executing io_uring actions. Fixed in mainline and 5.4.y. Doesn't apply to LTS branches since io_uring is relatively new.

  • CVE-2019-19807

    use-after-free in sound/core/timer.c. Fixed in all branches.

  • CVE-2019-19813

  • CVE-2019-19814

  • CVE-2019-19815

  • CVE-2019-19816

  • CVE-2019-19927

    Crafted FS image related issues found by fuzzing.

  • CVE-2019-19922

    Incorrect CFS throttling. Fixed in mainline, 5.4.y, 4.19.y, and 4.14.y.

  • CVE-2019-19947

    Info-leaks from CAN_KVASER_USB. Fixed in mainline, 5.4.y and 4.19.y.

  • CVE-2019-19965

    Possible NULL pointer derefernece in libsas sas port discovery. Fixed in mainline.

  • CVE-2019-19966

    Use-after-free in VIDEO_CPIA2. Fixed in all branches.

  • CVE-2019-20054

    NULL pointer dereference in drop_sysctl_table(). Fixed in all branches.

  • CVE-2019-20095

    Memory leak and DoS in net/wireless/marvell/mwifiex. Fixed in all branches except 4.4.y. Maybe it doesn't apply?

  • CVE-2019-20096

    Memory leak in dccp. Fixed in mainline and 3.16.y.

Edited by Chen-Yu Tsai

Merge request reports

Merged by Ben HutchingsBen Hutchings 5 years ago (Jan 13, 2020 7:38pm UTC)

Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Chen-Yu Tsai
    Chen-Yu Tsai @wenst ·
    Author Contributor

    Looks like use of kmalloc instead of kzalloc goes all the way back to when the driver was introduced, in commit 080f40a6fa28dab299da7a652e444b1e2d9231e7

  • Chen-Yu Tsai changed the description

    changed the description

  • SZ Lin (林上智)
    SZ Lin (林上智) @szlin ·
    Developer

    I've closed the MR, and thus we can focus here.

  • Chen-Yu Tsai added 3 commits

    added 3 commits

    • e8b365df - Fill in data for new CVEs
    • 7b16b942 - Update data from stable branches
    • 61c1883e - Mark CVE-2019-18680 as never fixed in mainline

    Compare with previous version

  • Chen-Yu Tsai changed title from [HOLD] Update data to Update data

    changed title from [HOLD] Update data to Update data

  • Ben Hutchings resolved all threads

    resolved all threads

  • Ben Hutchings mentioned in commit 520b51f2

    mentioned in commit 520b51f2

  • Ben Hutchings merged

    merged

    • Please register or sign in to reply