APPLIED Re: [SRU OEM-5.17 0/1] CVE-2022-3586
Timo Aaltonen
tjaalton at ubuntu.com
Tue Apr 18 06:47:17 UTC 2023
Cengiz Can kirjoitti 6.4.2023 klo 4.09:
> [Impact]
> A flaw was found in the Linux kernel’s networking code. A use-after-free was
> found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb
> field after the same SKB had been enqueued (and freed) into a child qdisc.
> This flaw allows a local, unprivileged user to crash the system, causing a
> denial of service.
>
> [Fix]
> Cherry picked from upstream.
>
> [Test case]
> Boot and basic network functionality tested with ntopng and wget.
>
> [Potential regression]
> Low. Fix has been in other kernels for quite a while now.
>
> Toke Høiland-Jørgensen (1):
> sch_sfb: Don't assume the skb is still around after enqueueing to
> child
>
> net/sched/sch_sfb.c | 10 ++++++----
> 1 file changed, 6 insertions(+), 4 deletions(-)
>
applied to oem-5.17, thanks
--
t
More information about the kernel-team
mailing list