[SRU][OEM-5.17][PATCH 0/1] CVE-2022-40307
Yuxuan Luo
yuxuan.luo at canonical.com
Tue Apr 4 20:23:32 UTC 2023
[Impact]
There is a race condition that occurs in drivers/firmware/efi, between the
efi_capsule_write() and efi_capsule_flush() functions of efi_capsule_fops,
which ultimately results in UAF.
[Backport]
It is a clean cherry pick.
[Test]
Compile and boot tested.
There is a proof of concept for this CVE, though, the prerequisite command,
installing the efi_capsule_loader, fails as "No such device", indicating a
requirement for physical hardware.
The link to the PoC: https://lore.kernel.org/all/20220907102920.GA88602@ubuntu/
[Potential Regression]
Should be trivial.
Hyunwoo Kim (1):
efi: capsule-loader: Fix use-after-free in efi_capsule_write
drivers/firmware/efi/capsule-loader.c | 31 ++++++---------------------
1 file changed, 7 insertions(+), 24 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list