ACK/Cmnt: [SRU OEM-5.17 0/1] CVE-2022-3303
Cengiz Can
cengiz.can at canonical.com
Thu Apr 13 15:24:52 UTC 2023
On Thu Apr 13, 2023 at 5:52 PM +03, Andrei Gherzan wrote:
> On 23/04/13 05:17PM, Cengiz Can wrote:
> > [Impact]
> > It was discovered that the sound subsystem in the Linux kernel contained a race
> > condition in some situations. A local attacker could use this to cause a denial
> > of service (system crash).
> >
> > [Fix]
> > Cherry picked from upstream.
> >
> > [Test case]
> > Compile and boot tested only.
> >
> > [Potential regression]
> > Low. Changes a call to use a locked version instead. Unlock label already exists
> > so very unlikely to cause deadlocks.
> >
> > Takashi Iwai (1):
> > ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC
>
> The patch looks good and was backported upstream in a good couple
> versions too.
Good catch! Although we have already triaged them, with the exception of
Bionic because CONFIG_SND_PCM_OSS has been disabled starting with yakkety, so
cannot load the module with our 4.15 kernels.
https://ubuntu.com/security/CVE-2022-3303
>
> >
> > sound/core/oss/pcm_oss.c | 6 +++---
> > 1 file changed, 3 insertions(+), 3 deletions(-)
> >
> > --
> > 2.37.2
>
> Acked-by: Andrei Gherzan <andrei.gherzan at canonical.com>
More information about the kernel-team
mailing list