On Thu, Oct 12, 2017 at 11:54:12AM +0200, Arend van Spriel wrote: > commit 17df6453d4be17910456e99c5a85025aa1b7a246 upstream. > > Upon handling the firmware notification for scans the length was > checked properly and may result in corrupting kernel heap memory > due to buffer overruns. This fix addresses CVE-2017-0786. > > Cc: Kevin Cernekee <[email protected]> > Reviewed-by: Hante Meuleman <[email protected]> > Reviewed-by: Pieter-Paul Giesberts <[email protected]> > Reviewed-by: Franky Lin <[email protected]> > Signed-off-by: Arend van Spriel <[email protected]> > --- > Hi, Greg > > This backport for stable-4.4 has been compile tested on x86_64 on > linux-4.4.y branch in the stable repo. Apparently I only checked > that the patch applied on 4.4. Lesson learned.
No worries, thanks for the patch. greg k-h
