Mailinglist Archive: opensuse-bugs (6588 mails)

< Previous Next >
[Bug 1143038] New: VUL-1: CVE-2018-20854: kernel-source: out-of-bounds read on array ctrl->phys, once variable i reaches the maximum array size
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Fri, 26 Jul 2019 13:12:51 +0000
  • Message-id: <bug-1143038-21960@http.bugzilla.opensuse.org/>
http://bugzilla.opensuse.org/show_bug.cgi?id=1143038


Bug ID: 1143038
Summary: VUL-1: CVE-2018-20854: kernel-source: out-of-bounds
read on array ctrl->phys, once variable i reaches the
maximum array size
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 15.1
Hardware: Other
URL: https://smash.suse.de/issue/238066/
OS: Other
Status: NEW
Severity: Minor
Priority: P5 - None
Component: Security
Assignee: kernel-maintainers@xxxxxxxxxxxxxxxxxxxxxx
Reporter: atoptsoglou@xxxxxxxx
QA Contact: security-team@xxxxxxx
Found By: Security Response Team
Blocker: ---

CVE-2018-20854

An issue was discovered in the Linux kernel before 4.20.
drivers/phy/mscc/phy-ocelot-serdes.c has an off-by-one error with a resultant
ctrl->phys out-of-bounds read.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20854
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20854
https://github.com/torvalds/linux/commit/6acb47d1a318e5b3b7115354ebc4ea060c59d3a1
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6acb47d1a318e5b3b7115354ebc4ea060c59d3a1

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >