[SRU][F/J/L][PATCH 0/1] CVE-2023-4622
Yuxuan Luo
yuxuan.luo at canonical.com
Wed Sep 13 21:43:59 UTC 2023
[Impact]
A use-after-free vulnerability in the Linux kernel's af_unix component can
be exploited to achieve local privilege escalation. The
unix_stream_sendpage() function tries to add data to the last skb in the
peer's recv queue without locking the queue. Thus there is a race where
unix_stream_sendpage() could access an skb locklessly that is being
released by garbage collection, resulting in use-after-free. We recommend
upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.
[Backport]
Backported from stable/linux-6.1.y tree; it is a clean cherry pick.
[Test]
Smoke tested via building an AF_UNIX echo server and connecting to it.
[Potential Regression]
Expect very low regression.
Kuniyuki Iwashima (1):
af_unix: Fix null-ptr-deref in unix_stream_sendpage().
net/unix/af_unix.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list