From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
Received: from out1-smtp.messagingengine.com ([66.111.4.25]:37273 "EHLO
        out1-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1728031AbeIMAlh (ORCPT
        <rfc822;stable@vger.kernel.org>); Wed, 12 Sep 2018 20:41:37 -0400
Date: Wed, 12 Sep 2018 21:35:33 +0200
From: Greg KH <greg@kroah.com>
To: Tyler Hicks <tyhicks@canonical.com>
Cc: stable@vger.kernel.org
Subject: Re: [PATCH 1/2] irda: Fix memory leak caused by repeated binds of
 irda socket
Message-ID: <20180912193533.GC21563@kroah.com>
References: <1536074645-14160-1-git-send-email-tyhicks@canonical.com>
 <1536074645-14160-2-git-send-email-tyhicks@canonical.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1536074645-14160-2-git-send-email-tyhicks@canonical.com>
Sender: stable-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>

On Tue, Sep 04, 2018 at 03:24:04PM +0000, Tyler Hicks wrote:
> The irda_bind() function allocates memory for self->ias_obj without
> checking to see if the socket is already bound. A userspace process
> could repeatedly bind the socket, have each new object added into the
> LM-IAS database, and lose the reference to the old object assigned to
> the socket to exhaust memory resources. This patch errors out of the
> bind operation when self->ias_obj is already assigned.
> 
> CVE-2018-6554
> 
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
> Reviewed-by: Seth Arnold <seth.arnold@canonical.com>
> Reviewed-by: Stefan Bader <stefan.bader@canonical.com>
> ---

No "Reported-by:" lines?

And agin, how can you trigger any of this given the code doesn't even
work?  Can you load irda modules as a "normal" user?

thanks,

greg k-h