blob: 1e15d16b3387ef3623aba32151b290edc0aca336 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
Description: buffer over write in vgacon_scrollback_update
References:
https://www.openwall.com/lists/oss-security/2020/07/28/2
https://lists.openwall.net/linux-kernel/2020/07/29/234
Notes:
carnil> Issue is only exploitable when CONFIG_VGACON_SOFT_SCROLLBACK is
carnil> set which is not the case in Debian kernel config. So it is
carnil> enough to handle tracking of fixes accordingly when upstream
carnil> applies them.
carnil> Source-wise fixed in 5.7.15 as well.
Bugs:
upstream: released (5.9-rc1) [ebfdfeeae8c01fcb2b3b74ffaf03876e20835d2d]
4.19-upstream-stable: released (4.19.139) [61219546f3036d2b4a1898be7a38da22e97a3b62]
4.9-upstream-stable: released (4.9.233) [8c19b606e78a2b08e1ea69eebd5c290913c89612]
sid: pending (5.7.16-1)
4.19-buster-security: needed
4.9-stretch-security: needed
|
