[SRU][K/J/F][PATCH 0/3] CVE-2022-4269
Yuxuan Luo
yuxuan.luo at canonical.com
Tue May 9 23:50:38 UTC 2023
[Impact]
A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using
a specific networking configuration (redirecting egress packets to ingress
using TC action "mirred") a local unprivileged user could trigger a CPU
soft lockup (ABBA deadlock) when the transport protocol in use (TCP or
SCTP) does a retransmission, resulting in a denial of service condition.
[Backport]
For Kinetic and Jammy, the fix commit is a clean cherry pick, but build error
occurs at `mirred_nest_level` not found. In order to fix this problem, backport
78dcdffe0418 (“net/sched: act_mirred: better wording on protection against
excessive stack growth”), this commit renamed some variables, which solves
the error of the fix commit.
For Focal, in addition to the commits above, three commits have to be backported
to solve a conflict, 1d14b30b5a5e, fa6d639930ee, and ef816f3c49c1. Then,
backport the part that affects `act_mirred.c` in the 26b537a88ca5 commit to
introduce the required `tcf_action_inc_overlimit_qstats()` function.
[Test]
Compile and smoke tested.
[Potential Regression]
Expecting really low potential regression for Kinetic and Jammy as the two
commits only refactor and add some checks.
For Focal, the additional four commits mainly aim at refactoring and introduce
a function that only has one caller, so the regression potential should not be
higher by a significant amount.
Davide Caratti (1):
act_mirred: use the backlog for nested calls to mirred ingress
net/sched/act_mirred.c | 7 +++
.../selftests/net/forwarding/tc_actions.sh | 49 ++++++++++++++++++-
2 files changed, 55 insertions(+), 1 deletion(-)
--
2.34.1
More information about the kernel-team
mailing list