APPLIED: [SRU][J/F][PATCH 0/2] CVE-2023-52664

Mehmet Basaran mehmet.basaran at canonical.com
Fri Apr 11 10:06:08 UTC 2025 

Applied to jammy:linux, focal:linux master-next branches. Thanks.

-------------- next part --------------
Massimiliano Pellizzer <massimiliano.pellizzer at canonical.com> writes:

> https://ubuntu.com/security/CVE-2023-52664
>
> [ Impact ]
>
> net: atlantic: eliminate double free in error handling logic
>
> Driver has a logic leak in ring data allocation/free,
> where aq_ring_free could be called multiple times on same ring,
> if system is under stress and got memory allocation error.
>
> Ring pointer was used as an indicator of failure, but this is
> not correct since only ring data is allocated/deallocated.
> Ring itself is an array member.
>
> Changing ring allocation functions to return error code directly.
> This simplifies error handling and eliminates aq_ring_free
> on higher layer.
>
> [ Fix ]
>
> Oracular: not affected
> Noble: not affected
> Jammy: backported from mainline
> Focal: backported from mainline
>
> [ Test Plan ]
>
> Compile and boot tested.
> Loaded the atlantic module without errors:
>
> Jammy:
> $ sudo modprobe atlantic
> $ lsmod | grep atlantic
> atlantic              229376  0
> macsec                 61440  1 atlantic
> $ sudo dmesg | tail -n 1
> [   44.137724] MACsec IEEE 802.1AE
>
> Focal:
> $ sudo modprobe atlantic
> $ lsmod | grep atlantic
> atlantic               94208  0
>
> [ Where Problems Could Occur ]
>
> The fix affects the Aquantia Atlantic Ethernet driver.
> An issue with this fix may lead to incorrect assumptions about
> memory allocation success or failure, potentially resulting in
> memory leaks, missed error detection, or unintended deallocation
> sequences. A user might experience problems such as degraded
> network performance, connectivity loss, or kernel crashes
> under high load conditions.
>
>
> -- 
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 873 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20250411/8210b14b/attachment-0001.sig>

More information about the kernel-team mailing list