ACK: [SRU Jammy 0/4] CVE-2023-3439
Cengiz Can
cengiz.can at canonical.com
Wed Jul 5 12:52:22 UTC 2023
On 23-07-04 11:21:09, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> There is a race condition which might trigger a use-after-free on MCTP
> mdev->addrs.
>
> [Backport]
> mctp_dev refcount had to be introduced and some fixes related to it require
> some backporting due to not having extended address support. One of the
> pre-req commits actually adds some extra support for MCTP over tunnels.
>
> [Potential regression]
> MCTP users might regress.
>
> Jeremy Kerr (1):
> mctp: Add refcounts to mctp_dev
>
> Lin Ma (1):
> mctp: defer the kfree of object mdev->addrs
>
> Matt Johnston (2):
> mctp: Allow MCTP on tun devices
> mctp: make __mctp_dev_get() take a refcount hold
Acked-by: Cengiz Can <cengiz.can at canonical.com>
>
> include/net/mctpdevice.h | 5 ++++
> net/mctp/device.c | 53 +++++++++++++++++++++++++++++-----------
> net/mctp/neigh.c | 4 +--
> net/mctp/route.c | 19 ++++++++------
> 4 files changed, 58 insertions(+), 23 deletions(-)
>
> --
> 2.34.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list