NACK: [SRU][O][PATCH 0/1] CVE-2024-56766
Koichiro Den
koichiro.den at canonical.com
Tue Feb 11 11:26:27 UTC 2025
On Tue, Feb 04, 2025 at 12:00:48PM GMT, Massimiliano Pellizzer wrote:
> [Impact]
>
> mtd: rawnand: fix double free in atmel_pmecc_create_user()
>
> The "user" pointer was converted from being allocated with kzalloc() to
> being allocated by devm_kzalloc(). Calling kfree(user) will lead to a
> double free.
>
> [Fix]
>
> Oracular: Cherry picked from mainline
> Noble: Not affected
> Jammy: Fixed via upstream stable updates (LP: #2095327)
> Focal: Fixed via upstream stable updates (LP: #2095437)
>
> [Test Case]
>
> Compile tested only.
>
> [Where problems could occur]
>
> A regression here is unlikely due to the very limited scope of the
> patch
>
> Dan Carpenter (1):
> mtd: rawnand: fix double free in atmel_pmecc_create_user()
>
> drivers/mtd/nand/raw/atmel/pmecc.c | 4 +---
> 1 file changed, 1 insertion(+), 3 deletions(-)
>
The backport itself looks good, but since the fix commit has already been
applied through upstream stable updates (LP: #2097531), let me NACK this
for ML clean-up.
Thanks.
More information about the kernel-team
mailing list