ACK: [SRU][O/N/J/F][PATCH 0/1] CVE-2025-21971
Massimiliano Pellizzer
massimiliano.pellizzer at canonical.com
Mon Apr 7 07:56:20 UTC 2025
On Sun, 6 Apr 2025 at 11:03, Kuba Pawlak <kuba.pawlak at canonical.com> wrote:
>
> On 4.04.2025 20:40, Tim Whisonant wrote:
> > SRU Justification:
> >
> > [Impact]
> >
> > net_sched: Prevent creation of classes with TC_H_ROOT
> >
> > The function qdisc_tree_reduce_backlog() uses TC_H_ROOT as a termination
> > condition when traversing up the qdisc tree to update parent backlog
> > counters. However, if a class is created with classid TC_H_ROOT, the
> > traversal terminates prematurely at this class instead of reaching the
> > actual root qdisc, causing parent statistics to be incorrectly maintained.
> > In case of DRR, this could lead to a crash as reported by Mingi Cho.
> >
> > Prevent the creation of any Qdisc class with classid TC_H_ROOT
> > (0xFFFFFFFF) across all qdisc types, as suggested by Jamal.
> >
> > [Fix]
> >
> > Oracular: cherry picked from upstream
> > Noble: cherry picked from upstream
> > Jammy: cherry picked from upstream
> > Focal: cherry picked from upstream
> > Bionic: patch sent to ESM ML
> > Xenial: patch sent to ESM ML
> > Trusty: out of scope (medium CVE)
> >
> > [Test Plan]
> >
> > Compile and boot tested.
> >
> > [Where problems could occur]
> >
> > The change affects the core network scheduling code in the traffic
> > class creation logic. Errors may concern failure to create certain
> > types of queueing discipline objects (Qdisc).
> >
> > Cong Wang (1):
> > net_sched: Prevent creation of classes with TC_H_ROOT
> >
> > net/sched/sch_api.c | 4 ++++
> > 1 file changed, 4 insertions(+)
> >
> Acked-by: Kuba Pawlak <kuba.pawlak at canonical.com>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
Acked-by: Massimiliano Pellizzer <massimiliano.pellizzer at canonical.com>
--
Massimiliano Pellizzer
More information about the kernel-team
mailing list