APPLIED[J,K]: [Jammy,Kinetic,OEM-5.17,OEM-6.0 0/1] CVE-2023-0386
Luke Nowakowski-Krijger
luke.nowakowskikrijger at canonical.com
Wed Apr 12 19:22:16 UTC 2023
This patch has already been applied via stable updates to both Jammy and
Kinetic.
Also is it better to send an APPLIED tag vs a NACK on a patch if it's
already been applied somewhere? I think APPLIED is probably better.
Couldn't find any recent examples of someone doing that thought.
- Luke
On Tue, Apr 11, 2023 at 5:26 AM Thadeu Lima de Souza Cascardo <
cascardo at canonical.com> wrote:
> [Impact]
> Unprivileged user may copy a suid binary from a nosuid mount.
>
> [Backport]
> Applying to all kernels that have not been released with the fix yet.
> This is mitigated on older kernels with different SAUCE changes.
>
> [Test case]
> Touching a suid binary on an overlayfs mount does not copy it to the upper
> directory any longer after applying this fix.
>
> [Potential regression]
> Some copy ups on overlayfs will fail, preventing certain operations.
>
> Miklos Szeredi (1):
> ovl: fail on invalid uid/gid mapping at copy up
>
> fs/overlayfs/copy_up.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> --
> 2.34.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230412/5f41f37a/attachment.html>
More information about the kernel-team
mailing list