APPLIED: [SRU][OEM-6.0][PATCH 0/1] CVE-2023-26605
Manuel Diewald
manuel.diewald at canonical.com
Tue Apr 4 07:41:04 UTC 2023
On Mon, Mar 27, 2023 at 02:14:42PM -0400, Yuxuan Luo wrote:
> [Impact]
> It was discovered that the file system writeback functionality in the Linux
> kernel contained a user-after-free vulnerability. A local attacker could
> possibly use this to cause a denial of service (system crash) or execute
> arbitrary code.
>
> [Backport]
> Clean cherry pick.
>
> [Test]
> Compile and boot tested.
>
> [Potential Regression]
> Very low, since the change was about wrapping an additional condition check
> around existing code.
>
> Svyatoslav Feldsherov (1):
> fs: do not update freeing inode i_io_list
>
> fs/fs-writeback.c | 30 +++++++++++++++++++-----------
> 1 file changed, 19 insertions(+), 11 deletions(-)
>
> --
> 2.34.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
Applied to jammy:linux-oem-6.0. Thank you!
More information about the kernel-team
mailing list