APPLIED: [SRU][L][PATCH v2 0/1] CVE-2023-6932
Roxana Nicolescu
roxana.nicolescu at canonical.com
Thu Jan 4 19:18:33 UTC 2024
On 04/01/2024 18:45, Magali Lemes wrote:
> [Impact]
> A use-after-free vulnerability in the Linux kernel's ipv4 igmp component can
> be exploited to achieve local privilege escalation. A race condition can be
> exploited to cause a timer to be mistakenly registered on an RCU read locked
> object which is freed by another thread.
>
> [Backport]
> Clean cherry-pick.
>
> [Test]
> Compile and boot tested.
>
> [Regression potential]
> This affects IGMP.
>
> [Other Info]
> Change in v2:
> - Cherry-pick fix commit directly on top of the Lunar linux repo to ensure the
> patch applies cleanly.
>
> Zhengchao Shao (1):
> ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet
>
> net/ipv4/igmp.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
I went ahead and applied the acks from v1.
Applied to lunar master-next branch. Thanks!
More information about the kernel-team
mailing list