On 10/3/18 6:54 AM, Yang Xiao wrote:
> From: Young_X <[email protected]>
>
> There is another cast from unsigned long to int which causes
> a bounds check to fail with specially crafted input. The value is
> then used as an index in the slot array in cdrom_slot_status().
>
> This issue is similar to CVE-2018-16658 and CVE-2018-10940.
Applied, thanks.
--
Jens Axboe