ACK: [SRU][F/J/N/O][PATCH 0/1] CVE-2024-50264
Yuxuan Luo
yuxuan.luo at canonical.com
Mon Nov 25 16:41:04 UTC 2024
On Mon, Nov 25, 2024 at 12:38:32PM -0300, Magali Lemes wrote:
Acked-by: Yuxuan Luo <yuxuan.luo at canonical.com>
> [Impact]
> During loopback communication, a dangling pointer can be created in
> vsk->trans, potentially leading to a Use-After-Free condition. This
> issue is resolved by initializing vsk->trans to NULL.
>
> [Fix]
> Oracular: Clean cherry-pick
> Noble: Clean cherry-pick
> Jammy: Clean cherry-pick
> Focal: Clean cherry-pick
> Bionic: Fix sent to ESM ML
> Xenial: Not affected
> Trusty: Not affected
>
> [Test Case]
> Compile tested.
>
> [Where problems could occur]
> This patch touches virtio transport for vsock, but due to its limited
> scope issues here are unlikely to happen.
>
> Hyunwoo Kim (1):
> vsock/virtio: Initialization of the dangling pointer occurring in
> vsk->trans
>
> net/vmw_vsock/virtio_transport_common.c | 1 +
> 1 file changed, 1 insertion(+)
>
> --
> 2.34.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list