ACK/Cmnt: [SRU][Bionic, Focal, Jammy, Kinetic, OEM-5.14, OEM-5.17, OEM-6.0, OEM-6.1][PATCH 0/1] CVE-2023-1859

[Stefan Bader]

On 17.04.23 20:08, John Cabaj wrote:
> [Impact]
> * A use-after-free vulnerability could exist in xen/9pfs, whereupon after removal of a xen_9pfs device, an attempt to service a response could access a struct that has been freed.
> * Perform requisite clean-up upon removal so further requests cannot be serviced.
> 
> [Fix]
> * Clean cherry-picks for all affected kernels
> 
> [Test Case]
> * Compile tested
> * Boot tested
> 
> [Potential regression]
> * Low risk. Potentially could take longer to remove xen_9pfs device as cancel waits for work to finish.
> 
> Zheng Wang (1):
>    9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race
>      condition
> 
>   net/9p/trans_xen.c | 4 ++++
>   1 file changed, 4 insertions(+)
> 

Except for focal:linux-oem-5.14. This kernel is now EOL. Users get 
migrated to focal:linux-hwe-5.15.

Acked-by: Stefan Bader <stefan.bader at canonical.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 44613 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230418/9456d18a/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230418/9456d18a/attachment-0001.sig>