| Message ID | 20230704142113.581071-1-cascardo@canonical.com |
|---|---|
| Headers | show |
| Series | CVE-2023-3439 | expand |
On 23-07-04 11:21:09, Thadeu Lima de Souza Cascardo wrote: > [Impact] > There is a race condition which might trigger a use-after-free on MCTP > mdev->addrs. > > [Backport] > mctp_dev refcount had to be introduced and some fixes related to it require > some backporting due to not having extended address support. One of the > pre-req commits actually adds some extra support for MCTP over tunnels. > > [Potential regression] > MCTP users might regress. > > Jeremy Kerr (1): > mctp: Add refcounts to mctp_dev > > Lin Ma (1): > mctp: defer the kfree of object mdev->addrs > > Matt Johnston (2): > mctp: Allow MCTP on tun devices > mctp: make __mctp_dev_get() take a refcount hold Acked-by: Cengiz Can <cengiz.can@canonical.com> > > include/net/mctpdevice.h | 5 ++++ > net/mctp/device.c | 53 +++++++++++++++++++++++++++++----------- > net/mctp/neigh.c | 4 +-- > net/mctp/route.c | 19 ++++++++------ > 4 files changed, 58 insertions(+), 23 deletions(-) > > -- > 2.34.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
On 7/4/23 8:21 AM, Thadeu Lima de Souza Cascardo wrote: > [Impact] > There is a race condition which might trigger a use-after-free on MCTP > mdev->addrs. > > [Backport] > mctp_dev refcount had to be introduced and some fixes related to it require > some backporting due to not having extended address support. One of the > pre-req commits actually adds some extra support for MCTP over tunnels. > > [Potential regression] > MCTP users might regress. > > Jeremy Kerr (1): > mctp: Add refcounts to mctp_dev > > Lin Ma (1): > mctp: defer the kfree of object mdev->addrs > > Matt Johnston (2): > mctp: Allow MCTP on tun devices > mctp: make __mctp_dev_get() take a refcount hold > > include/net/mctpdevice.h | 5 ++++ > net/mctp/device.c | 53 +++++++++++++++++++++++++++++----------- > net/mctp/neigh.c | 4 +-- > net/mctp/route.c | 19 ++++++++------ > 4 files changed, 58 insertions(+), 23 deletions(-) > Acked-by: Tim Gardner <tim.gardner@canonical.com>
Applied to jammy:linux master-next Thanks! - Luke On Tue, Jul 4, 2023 at 7:22 AM Thadeu Lima de Souza Cascardo < cascardo@canonical.com> wrote: > [Impact] > There is a race condition which might trigger a use-after-free on MCTP > mdev->addrs. > > [Backport] > mctp_dev refcount had to be introduced and some fixes related to it require > some backporting due to not having extended address support. One of the > pre-req commits actually adds some extra support for MCTP over tunnels. > > [Potential regression] > MCTP users might regress. > > Jeremy Kerr (1): > mctp: Add refcounts to mctp_dev > > Lin Ma (1): > mctp: defer the kfree of object mdev->addrs > > Matt Johnston (2): > mctp: Allow MCTP on tun devices > mctp: make __mctp_dev_get() take a refcount hold > > include/net/mctpdevice.h | 5 ++++ > net/mctp/device.c | 53 +++++++++++++++++++++++++++++----------- > net/mctp/neigh.c | 4 +-- > net/mctp/route.c | 19 ++++++++------ > 4 files changed, 58 insertions(+), 23 deletions(-) > > -- > 2.34.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team >