APPLIED: [SRU][N][PATCH 0/1] CVE-2024-53166
Koichiro Den
koichiro.den at canonical.com
Fri Feb 28 03:13:24 UTC 2025
On Mon, Feb 10, 2025 at 12:23:36PM GMT, Massimiliano Pellizzer wrote:
> [Impact]
>
> block, bfq: fix bfqq uaf in bfq_limit_depth()
>
> Set new allocated bfqq to bic or remove freed bfqq from bic are both
> protected by bfqd->lock, however bfq_limit_depth() is deferencing bfqq
> from bic without the lock, this can lead to UAF if the io_context is
> shared by multiple tasks.
>
> Fix the problem by protecting bic_to_bfqq() with bfqd->lock.
>
> [Fix]
>
> Oracular: Fixed via upstream stable updates (LP: #2091655)
> Noble: Clean cherry pick from mainline
> Jammy: Not affected
> Focal: Not affected
>
> [Test case]
>
> Compile and boot tested.
>
> [Where problems could occur]
>
> The fix affects the BFQ I/O scheduler. An issue with this fix may lead
> to instability in the block I/O scheduling process. A user might
> experience degraded disk perfromance or system freezes during high I/O
> workloads.
>
> Yu Kuai (1):
> block, bfq: fix bfqq uaf in bfq_limit_depth()
>
> block/bfq-iosched.c | 37 ++++++++++++++++++++++++-------------
> 1 file changed, 24 insertions(+), 13 deletions(-)
>
Applied to noble:linux master-next branch. Thanks!
More information about the kernel-team
mailing list