NACK/Cmnt: [N:linux][PATCH 0/1] netlink: terminate outstanding dump on socket close
Stefan Bader
stefan.bader at canonical.com
Thu Mar 13 13:27:11 UTC 2025
On 28.02.25 21:52, Philip Cox wrote:
> CVE-2024-53140
>
> SRU Justification:
>
> [Impact]
>
> A local user can potentially cause a use-after-free by winning a race condition in the netlink code path.
>
> [Backport]
> The Fix was cherry-picked from upstream commit 1904fb9ebf911441f90a68e96b22aa73e4410505
>
>
> [Test]
> compile and boot tested.
>
> [Where problems could occur]
> If any back ports are added that assume the old behaviour, it could cause them to fail, but the risk is very low, and the window of change is fairly narrow.
>
>
> --
>
Rejected for the following reasons:
As Stewart pointed out this should have been "[SRU][N][PATCH 0/1]" but
also (since this seems to be part of pulling CVE fixes) the commonly
used subject for the cover email is just the CVE-XXXX-YYYY number. The
helps to recognize them immediately and also tells reviewers that they
should not expect a "BugLink" but the CVE mentioned in the patch.
I believe the reply from Stewart was a NACK already but as it did not
explicitly say so I am repeating it.
-Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 47863 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20250313/c0528185/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20250313/c0528185/attachment-0001.sig>
More information about the kernel-team
mailing list