ACK: [SRU][N][PATCH 0/1] CVE-2024-53166
Thibault Ferrante
thibault.ferrante at canonical.com
Fri Feb 21 11:11:19 UTC 2025
Acked-by: Thibault Ferrante <thibault.ferrante at canonical.com>
On 10-02-2025 12:23, Massimiliano Pellizzer wrote:
> [Impact]
>
> block, bfq: fix bfqq uaf in bfq_limit_depth()
>
> Set new allocated bfqq to bic or remove freed bfqq from bic are both
> protected by bfqd->lock, however bfq_limit_depth() is deferencing bfqq
> from bic without the lock, this can lead to UAF if the io_context is
> shared by multiple tasks.
>
> Fix the problem by protecting bic_to_bfqq() with bfqd->lock.
>
> [Fix]
>
> Oracular: Fixed via upstream stable updates (LP: #2091655)
> Noble: Clean cherry pick from mainline
> Jammy: Not affected
> Focal: Not affected
>
> [Test case]
>
> Compile and boot tested.
>
> [Where problems could occur]
>
> The fix affects the BFQ I/O scheduler. An issue with this fix may lead
> to instability in the block I/O scheduling process. A user might
> experience degraded disk perfromance or system freezes during high I/O
> workloads.
>
> Yu Kuai (1):
> block, bfq: fix bfqq uaf in bfq_limit_depth()
>
> block/bfq-iosched.c | 37 ++++++++++++++++++++++++-------------
> 1 file changed, 24 insertions(+), 13 deletions(-)
>
More information about the kernel-team
mailing list