APPLIED Re: [SRU OEM-5.17, OEM-6.0 PATCH 0/1] CVE-2022-47929
Timo Aaltonen
tjaalton at ubuntu.com
Thu Jul 6 05:22:54 UTC 2023
Cengiz Can kirjoitti 21.6.2023 klo 17.15:
> [Impact]
> In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic
> control subsystem allows an unprivileged user to trigger a denial of service
> (system crash) via a crafted traffic control configuration that is set up with
> "tc qdisc" and "tc class" commands. This affects qdisc_graft in
> net/sched/sch_api.c.
>
> [Fix]
> Clean cherry pick froom upstream.
>
> [Test case]
> Compile, boot and PoC tested under KVM.
>
> [Potential regression]
> Low. All users who utilize network traffic control might be affected.
>
> Frederick Lawler (1):
> net: sched: disallow noqueue for qdisc classes
>
> net/sched/sch_api.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> --
> 2.39.2
applied to oem-5.17 & -6.0, thanks
--
t
More information about the kernel-team
mailing list