APPLIED: [SRU][J][PATCH 0/1] CVE-2024-50073
Stefan Bader
stefan.bader at canonical.com
Thu Jul 10 07:02:56 UTC 2025
On 21.06.25 15:15, Massimiliano Pellizzer wrote:
> https://ubuntu.com/security/CVE-2024-50073
>
> [ Impact ]
>
> tty: n_gsm: Fix use-after-free in gsm_cleanup_mux
>
> gsm_msg on the tx_ctrl_list or tx_data_list of gsm_mux
> can be freed by multi threads through ioctl,which leads
> to the occurrence of uaf. Protect it by gsm tx lock.
>
> [ Fix ]
>
> Plucky: not affected
> Noble: fixed via upstream stable updates (LP: #2097393)
> Jammy: fix backported from mainline
>
> [ Test Plan ]
>
> Compile tested only.
>
> [ Where Problems Could Occur ]
>
> The fix affects the GSM 07.10 multiplexer line discipline in the TTY subsystem.
> An issue with this fix may introduce problems such as improper acquisition
> or release of the tx_lock spinlock, potentially resulting in deadlocks during
> multiplexer teardown or data transmission.
> As a consequence, regular users may experience hangs or stalls in applications
> communicating over GSM virtual TTYs.
>
>
Applied to jammy:linux/master-next. Thanks.
-Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 47863 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20250710/bff75c7b/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20250710/bff75c7b/attachment-0001.sig>
More information about the kernel-team
mailing list