[SRU Jammy 0/4] CVE-2023-3439
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Tue Jul 4 14:21:09 UTC 2023
[Impact]
There is a race condition which might trigger a use-after-free on MCTP
mdev->addrs.
[Backport]
mctp_dev refcount had to be introduced and some fixes related to it require
some backporting due to not having extended address support. One of the
pre-req commits actually adds some extra support for MCTP over tunnels.
[Potential regression]
MCTP users might regress.
Jeremy Kerr (1):
mctp: Add refcounts to mctp_dev
Lin Ma (1):
mctp: defer the kfree of object mdev->addrs
Matt Johnston (2):
mctp: Allow MCTP on tun devices
mctp: make __mctp_dev_get() take a refcount hold
include/net/mctpdevice.h | 5 ++++
net/mctp/device.c | 53 +++++++++++++++++++++++++++++-----------
net/mctp/neigh.c | 4 +--
net/mctp/route.c | 19 ++++++++------
4 files changed, 58 insertions(+), 23 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list