Bugzilla – Bug 1143038
VUL-1: CVE-2018-20854: kernel-source: out-of-bounds read on array ctrl->phys, once variable i reaches the maximum array size
Last modified: 2020-05-12 11:20:52 UTC
An issue was discovered in the Linux kernel before 4.20.
drivers/phy/mscc/phy-ocelot-serdes.c has an off-by-one error with a resultant
ctrl->phys out-of-bounds read.
Only versions above 4.20 are affected. The fix had already been pushed upstream last year
Right, it was only about TW, and it's done. SLE15-SPx don't contain the driver.
Reassigned back to security team.