[SRU][N][PATCH 0/1] CVE-2024-53166
Massimiliano Pellizzer
massimiliano.pellizzer at canonical.com
Mon Feb 10 11:23:36 UTC 2025
[Impact]
block, bfq: fix bfqq uaf in bfq_limit_depth()
Set new allocated bfqq to bic or remove freed bfqq from bic are both
protected by bfqd->lock, however bfq_limit_depth() is deferencing bfqq
from bic without the lock, this can lead to UAF if the io_context is
shared by multiple tasks.
Fix the problem by protecting bic_to_bfqq() with bfqd->lock.
[Fix]
Oracular: Fixed via upstream stable updates (LP: #2091655)
Noble: Clean cherry pick from mainline
Jammy: Not affected
Focal: Not affected
[Test case]
Compile and boot tested.
[Where problems could occur]
The fix affects the BFQ I/O scheduler. An issue with this fix may lead
to instability in the block I/O scheduling process. A user might
experience degraded disk perfromance or system freezes during high I/O
workloads.
Yu Kuai (1):
block, bfq: fix bfqq uaf in bfq_limit_depth()
block/bfq-iosched.c | 37 ++++++++++++++++++++++++-------------
1 file changed, 24 insertions(+), 13 deletions(-)
--
2.43.0
More information about the kernel-team
mailing list