ACK: [SRU HWE-5.17 0/1] CVE-2022-2318
Tim Gardner
tim.gardner at canonical.com
Wed Sep 28 14:39:56 UTC 2022
On 9/27/22 12:41, Cengiz Can wrote:
> [Impact]
> There are use-after-free vulnerabilities caused by timer handler in
> net/rose/rose_timer.c of linux that allow attackers to crash linux
> kernel without any privileges.
>
> [Fix]
> Cherry picked from upstream.
>
> [Test case]
> Boot tested on KVM only.
>
> [Potential regressions]
> Unknown but highly unlikely since the fix is released with other
> kernels months ago.
>
> Duoming Zhou (1):
> net: rose: fix UAF bugs caused by timer handler
>
> net/rose/rose_timer.c | 34 +++++++++++++++++++---------------
> 1 file changed, 19 insertions(+), 15 deletions(-)
>
Acked-by: Tim Gardner <tim.gardner at canonical.com>
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list