[SRU][F/J/N][PATCH 0/1] CVE-2024-56651
Massimiliano Pellizzer
massimiliano.pellizzer at canonical.com
Wed Feb 12 18:03:12 UTC 2025
[Impact]
can: hi311x: hi3110_can_ist(): fix potential use-after-free
The commit a22bd630cfff ("can: hi311x: do not report txerr and rxerr
during bus-off") removed the reporting of rxerr and txerr even in case
of correct operation (i. e. not bus-off).
The error count information added to the CAN frame after netif_rx() is
a potential use after free, since there is no guarantee that the skb
is in the same state. It might be freed or reused.
Fix the issue by postponing the netif_rx() call in case of txerr and
rxerr reporting.
[Fix]
Oracular: Fixed via upstream stable updates (LP: #2096827)
Noble: Cherry picked from mainline
Jammy: Backported from mainline
Focal: Applied Jammy patch
[Test case]
Compile tested only.
[Where problems could occur]
A regression here is unlikely due to the very limited scope of the
patch
Dario Binacchi (1):
can: hi311x: hi3110_can_ist(): fix potential use-after-free
drivers/net/can/spi/hi311x.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--
2.43.0
More information about the kernel-team
mailing list