APPLIED: [SRU][N/J][PATCH 0/1] CVE-2024-39292
Stefan Bader
stefan.bader at canonical.com
Fri Jul 19 09:11:39 UTC 2024
On 12.07.24 18:29, Bethany Jamison wrote:
> [Impact]
>
> um: Add winch to winch_handlers before registering winch IRQ
>
> Registering a winch IRQ is racy, an interrupt may occur before the winch is
> added to the winch_handlers list.
>
> If that happens, register_winch_irq() adds to that list a winch that is
> scheduled to be (or has already been) freed, causing a panic later in
> winch_cleanup().
>
> Avoid the race by adding the winch to the winch_handlers list before
> registering the IRQ, and rolling back if um_request_irq() fails.
>
> [Fix]
>
> Noble: Clean cherry-pick from linux-6.9.y
> Jammy: Noble patch applied cleanly
> Focal: pending (5.4.0-192.212)
> Bionic: fix sent to esm ML
> Xenial: fix sent to esm ML
> Trusty: not going to be fixed by us
>
> [Test Case]
>
> Compile and boot tested.
>
> [Where problems could occur]
>
> This fix affects those who use User-Mode Linux, an issue with
> this fix would be visible to the user via unpredicted system
> behavior.
>
> Roberto Sassu (1):
> um: Add winch to winch_handlers before registering winch IRQ
>
> arch/um/drivers/line.c | 14 ++++++++------
> 1 file changed, 8 insertions(+), 6 deletions(-)
>
Applied to noble,jammy:linux/master-next. Thanks.
-Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 48643 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240719/be0998e3/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240719/be0998e3/attachment-0001.sig>
More information about the kernel-team
mailing list