ACK: [SRU OEM-5.14 0/2, OEM-5.17 0/1] CVE-2022-3586
Andrei Gherzan
andrei.gherzan at canonical.com
Fri Apr 21 11:06:03 UTC 2023
On 23/04/21 04:29AM, Cengiz Can wrote:
> [Impact]
> A flaw was found in the Linux kernel’s networking code. A use-after-free was
> found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb
> field after the same SKB had been enqueued (and freed) into a child qdisc.
> This flaw allows a local, unprivileged user to crash the system, causing a
> denial of service.
>
> [Fix]
> Clean cherry picks from upstream.
>
> Please do note that OEM-5.17 already has commit 9efd23297cca ("sch_sfb: Don't
> assume the skb is still around after enqueueing to child") thus excluded from
> patchset.
>
> [Test case]
> Boot and basic network functionality tested with ntop and wget.
>
> [Potential regression]
> Low. Fix has been in other kernels for quite a while now.
>
> Toke Høiland-Jørgensen (2):
> sch_sfb: Don't assume the skb is still around after enqueueing to
> child
> sch_sfb: Also store skb len before calling child enqueue
>
> net/sched/sch_sfb.c | 13 ++++++++-----
> 1 file changed, 8 insertions(+), 5 deletions(-)
>
> --
> 2.37.2
Acked-by: Andrei Gherzan <andrei.gherzan at canonical.com>
--
Andrei Gherzan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230421/37c0dcbc/attachment.sig>
More information about the kernel-team
mailing list