ACK: [SRU][J][PATCH 0/1] CVE-2022-0995 followup
Stewart Hore
stewart.hore at canonical.com
Fri Feb 14 08:57:54 UTC 2025
On Thu, Feb 13, 2025 at 05:04:34PM +0300, Cengiz Can wrote:
> [ Impact ]
>
> An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s
> watch_queue event notification subsystem. This flaw can overwrite parts of
> the kernel state, potentially allowing a local user to gain privileged
> access or cause a denial of service on the system.
>
> Followup reason: One of the improvement patches was missing from Jammy.
> Although it looks like an unrelated patch, it's still relevant to the
> CVE fix.
>
> [ Test Plan ]
>
> Compile and boot tested.
>
> [ Where problems could occur ]
>
> Watch queues are used to send notifications between userspace and kernel.
> Users might encounter corrupt kernel notifications.
>
> Christophe JAILLET (1):
> watch_queue: Use the bitmap API when applicable
>
> kernel/watch_queue.c | 7 ++-----
> 1 file changed, 2 insertions(+), 5 deletions(-)
>
> --
> 2.43.0
Acked-by: Stewart Hore <stewart.hore at canonical.com>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list