APPLIED/Cmnt: [SRU][J][PATCH v2 0/1] CVE-2024-50061

Edoardo Canepa edoardo.canepa at canonical.com
Fri Oct 10 12:10:09 UTC 2025 

Applied to jammy/master-next. Thanks.

Patch did not apply cleanly from mailing list, has to be redone

Applying: i3c: master: cdns: Fix use after free vulnerability in 
cdns_i3c_master Driver Due to Race Condition Using index info to 
reconstruct a base tree... error: patch failed: 
drivers/i3c/master/i3c-master-cdns.c:1668 error: 
drivers/i3c/master/i3c-master-cdns.c: patch does not apply error: Did 
you hand edit your patch? It does not apply to blobs recorded in its 
index. Patch failed at 0001 i3c: master: cdns: Fix use after free 
vulnerability in cdns_i3c_master Driver Due to Race Condition

On 9/26/25 16:03, Alice C. Munduruca wrote:
> v2 -> Changed the formatting for the backport notes
>
> [ Impact ]
>
> A use-after-free is possible if two functions in `i3c/master`
> enter a race condition. In order to ensure that this can no longer
> occur, we invalidate any related work when unregistering a `i3c`
> device so that it cannot then be used to access the underlying
> freed value.
>
> [ Fix ]
>
> jammy: backported from upstream, simply applying the change despite
>         a missing commit which caused contextual differences.
>
> [ Tests ]
>
> Compile and boot tested.
>
> [ Where problems could occur ]
>
> One-line change with limited backport-related regression potential.
> Since the scope is limited to i3c, the most that could happen is a
> denial of that specific service. (although this is quite unlikely)
>
> Kaixin Wang (1):
>    i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master
>      Driver Due to Race Condition
>
>   drivers/i3c/master/i3c-master-cdns.c | 1 +
>   1 file changed, 1 insertion(+)
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20251010/09b1a53e/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x20F88172E14F6784.asc
Type: application/pgp-keys
Size: 3167 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20251010/09b1a53e/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20251010/09b1a53e/attachment-0001.sig>

More information about the kernel-team mailing list