|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-1: CVE-2019-15504: kernel-source: double Free via crafted USB device traffic in rivers/net/wireless/rsi/rsi_91x_usb.c | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE Tumbleweed | Reporter: | Alexandros Toptsoglou <atoptsoglou> |
| Component: | Security | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Minor | ||
| Priority: | P4 - Low | CC: | bpetkov, bpoirier, meissner, mkubecek, oneukum, tiwai |
| Version: | Current | ||
| Target Milestone: | Current | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/241022/ | ||
| Whiteboard: | |||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Bug Depends on: | |||
| Bug Blocks: | 1185852 | ||
|
Description
Alexandros Toptsoglou
2019-08-23 13:14:53 UTC
The vulnerable code can be find only in TW Will wait for the upstream acceptance. Oh, actually I've already submitted the pending patch. I reviewed the change and it seems correct to me. Introduced in a1854fae1414 rsi: improve RX packet handling in USB interface (v4.17-rc1) Fix submitted http://patchwork.ozlabs.org/patch/1149623/ master : 5.3.0-rc6 pushed to 8ae43d11b8f stable : 5.2.10 pushed to 50095550675 OK, thanks, then reassigned back to security team. FYI, merged upstream as 8b51dc729147 rsi: fix a double free bug in rsi_91x_deinit() (v5.3) Done |