APPLIED [OEM-5.17]: [SRU][OEM-5.14/OEM-5.17][PATCH 0/1] CVE-2022-41849
Manuel Diewald
manuel.diewald at canonical.com
Tue Apr 4 07:45:50 UTC 2023
On Wed, Mar 15, 2023 at 04:35:23PM -0400, Yuxuan Luo wrote:
> [Impact]
> It was discovered that a race condition existed in the SMSC UFX USB driver
> implementation in the Linux kernel when physically removing the USB device
> while calling open() for this device node, leading to a use-after-free
> vulnerability. A physically proximate attacker could use this to cause a
> denial of service (system crash) or possibly execute arbitrary code.
>
> [Backport]
> It is a clean cherry pick.
>
> [Test]
> Compile and boot tested.
>
> [Potential Regression]
> Relatively low because it only adds a mutex in open() and disconnect() function
>
> Hyunwoo Kim (1):
> fbdev: smscufx: Fix use-after-free in ufx_ops_open()
>
> drivers/video/fbdev/smscufx.c | 14 +++++++++++++-
> 1 file changed, 13 insertions(+), 1 deletion(-)
>
> --
> 2.34.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
Applied to jammy:linux-oem-5.17. Thank you!
More information about the kernel-team
mailing list