Cmnt: APPLIED/Cmnt: [SRU][F/J/M][PATCH 0/2] CVE-2024-26624

Roxana Nicolescu roxana.nicolescu at canonical.com
Fri May 24 14:03:20 UTC 2024 

On 27/03/2024 17:14, Yuxuan Luo wrote:
> CVE-2024-26624 has been rejected: 
> https://lore.kernel.org/linux-cve-announce/2024032747-REJECTED-f2cf@gregkh/
What does this mean? Shall we revert them?

>
> On 3/27/24 11:43, Stefan Bader wrote:
>> On 27.03.24 01:18, Yuxuan Luo wrote:
>>> [Impact]
>>> A potential deadlock is found in the AF_UNIX subsystem, the scenario is
>>> shown below:
>>>
>>>        CPU0                    CPU1
>>>        ----                    ----
>>>   lock(&u->lock/1);
>>>                                lock(rlock-AF_UNIX);
>>>                                lock(&u->lock/1);
>>>   lock(rlock-AF_UNIX);
>>>
>>> *** DEADLOCK ***
>>> Such deadlock could lead to serious denial of service and system crash.
>>>
>>> [Backport]
>>> The fix is a clean cherry pick.
>>>
>>> However, the modified function has been copied to our own trees
>>> (security/apparmor/af_unix.c), therefore, a sauce patch is needed to
>>> synchronize the change.
>>>
>>> [Test]
>>> Compile and boot tested.
>>>
>>> [Where things could go wrong]
>>> The fix touches af_unix.c which means most of the use case are 
>>> affected.
>>> However, what this fix does is to add "an identifier" to the locks to
>>> avoid potential deadlock without touching working logic; plus, this fix
>>> has been backported to multiple stable trees, expect very low 
>>> regression
>>> potential. If such happens, it is probably a denial of service.
>>>
>>> Eric Dumazet (1):
>>>    af_unix: fix lockdep positive in sk_diag_dump_icons()
>>>
>>> Yuxuan Luo (1):
>>>    UBUNTU: SAUCE: af_unix: fix lockdep positive in sk_diag_dump_icons()
>>>
>>>   include/net/af_unix.h       | 20 ++++++++++++++------
>>>   net/unix/af_unix.c          | 14 ++++++--------
>>>   net/unix/diag.c             |  2 +-
>>>   security/apparmor/af_unix.c | 12 +++++-------
>>>   4 files changed, 26 insertions(+), 22 deletions(-)
>>>
>> As stated in Manuel's reply this already was applied to Jammy and 
>> Focal. I applied the modified commit message of #2 to Mantic and 
>> reworded the respective change in Jammy and Focal accordingly. Also 
>> added the CVE number there. And also to patch #1 in Mantic.
>>
>> Applied to mantic,jammy,focal:linux/master-next. Thanks.
>>
>> -Stefan
>>
>

More information about the kernel-team mailing list