Cmnt: [N:linux][PATCH 0/1] netlink: terminate outstanding dump on socket close
Stewart Hore
stewart.hore at canonical.com
Mon Mar 3 23:06:13 UTC 2025
On Fri, Feb 28, 2025 at 03:52:02PM -0500, Philip Cox wrote:
> CVE-2024-53140
>
> SRU Justification:
Stable kernel patches must have a subject line starting with "[SRU]".
>
> [Impact]
>
> A local user can potentially cause a use-after-free by winning a race condition in the netlink code path.
>
> [Backport]
> The Fix was cherry-picked from upstream commit 1904fb9ebf911441f90a68e96b22aa73e4410505
>
>
> [Test]
> compile and boot tested.
>
> [Where problems could occur]
> If any back ports are added that assume the old behaviour, it could cause them to fail, but the risk is very low, and the window of change is fairly narrow.
>
>
> --
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list