| Message ID | 20240628082347.3176650-1-juerg.haefliger@canonical.com |
|---|---|
| Headers | show |
| Series | CVE-2022-48674 | expand |
On 28-06-2024 10:23, Juerg Haefliger wrote: > https://ubuntu.com/security/CVE-2022-48674 > > [ Impact ] > > During stress testing with CONFIG_SMP disabled, KASAN reports as below: > > ================================================================== > BUG: KASAN: use-after-free in __mutex_lock+0xe5/0xc30 > Read of size 8 at addr ffff8881094223f8 by task stress/7789 > > > [ Test Case ] > > Compile tested only. > > > [ Where Problems Could Occur ] > > Isolated to the erofs driver. Only users of that filesystem may encounter issue. But > CONFIG_SMP is enabled in Ubuntu so this change should not make any difference at all. Shouldn't the CVE in this case reclassified as `Not vulnerable` ? > > > Gao Xiang (1): > erofs: fix pcluster use-after-free on UP platforms > > fs/erofs/internal.h | 29 ----------------------------- > 1 file changed, 29 deletions(-) >
On Fri, Jun 28, 2024 at 10:23:46AM +0200, Juerg Haefliger wrote: > https://ubuntu.com/security/CVE-2022-48674 > > [ Impact ] > > During stress testing with CONFIG_SMP disabled, KASAN reports as below: > > ================================================================== > BUG: KASAN: use-after-free in __mutex_lock+0xe5/0xc30 > Read of size 8 at addr ffff8881094223f8 by task stress/7789 > > > [ Test Case ] > > Compile tested only. > > > [ Where Problems Could Occur ] > > Isolated to the erofs driver. Only users of that filesystem may encounter issue. But > CONFIG_SMP is enabled in Ubuntu so this change should not make any difference at all. > > > Gao Xiang (1): > erofs: fix pcluster use-after-free on UP platforms > > fs/erofs/internal.h | 29 ----------------------------- > 1 file changed, 29 deletions(-) > > -- > 2.40.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team Acked-by: Manuel Diewald <manuel.diewald@canonical.com>
On 28.06.24 10:23, Juerg Haefliger wrote: > https://ubuntu.com/security/CVE-2022-48674 > > [ Impact ] > > During stress testing with CONFIG_SMP disabled, KASAN reports as below: > > ================================================================== > BUG: KASAN: use-after-free in __mutex_lock+0xe5/0xc30 > Read of size 8 at addr ffff8881094223f8 by task stress/7789 > > > [ Test Case ] > > Compile tested only. > > > [ Where Problems Could Occur ] > > Isolated to the erofs driver. Only users of that filesystem may encounter issue. But > CONFIG_SMP is enabled in Ubuntu so this change should not make any difference at all. > > > Gao Xiang (1): > erofs: fix pcluster use-after-free on UP platforms > > fs/erofs/internal.h | 29 ----------------------------- > 1 file changed, 29 deletions(-) > Acked-by: Stefan Bader <stefan.bader@canonical.com>
On 28.06.24 10:23, Juerg Haefliger wrote: > https://ubuntu.com/security/CVE-2022-48674 > > [ Impact ] > > During stress testing with CONFIG_SMP disabled, KASAN reports as below: > > ================================================================== > BUG: KASAN: use-after-free in __mutex_lock+0xe5/0xc30 > Read of size 8 at addr ffff8881094223f8 by task stress/7789 > > > [ Test Case ] > > Compile tested only. > > > [ Where Problems Could Occur ] > > Isolated to the erofs driver. Only users of that filesystem may encounter issue. But > CONFIG_SMP is enabled in Ubuntu so this change should not make any difference at all. > > > Gao Xiang (1): > erofs: fix pcluster use-after-free on UP platforms > > fs/erofs/internal.h | 29 ----------------------------- > 1 file changed, 29 deletions(-) > Applied to focal:linux/master-next. Thanks. -Stefan