| Message ID | 20221116205940.20586-1-yuxuan.luo@canonical.com |
|---|---|
| Headers | show |
| Series | CVE-2022-3565 | expand |
On Wed, 2022-11-16 at 15:59 -0500, Yuxuan Luo wrote: > [Impact] > A vulnerability is found at l1oip: when a timer handler is still running after > the card is released, a use-after-free occurs. > > [Backport] > It is a clean cherry pick. > > [Test] > Compile tested. Is there a specific reason for skipping smoke testing? > > [Potential Regression] > No potential regression since it only adds a few conditional statement as > protection. > > Duoming Zhou (1): > mISDN: fix use-after-free bugs in l1oip timer handlers > > drivers/isdn/mISDN/l1oip.h | 1 + > drivers/isdn/mISDN/l1oip_core.c | 13 +++++++------ > 2 files changed, 8 insertions(+), 6 deletions(-) > > -- > 2.34.1 > >
On Fri, Nov 18, 2022 at 03:38:24AM +0300, Cengiz Can wrote: > On Wed, 2022-11-16 at 15:59 -0500, Yuxuan Luo wrote: > > [Impact] > > A vulnerability is found at l1oip: when a timer handler is still running after > > the card is released, a use-after-free occurs. > > > > [Backport] > > It is a clean cherry pick. > > > > [Test] > > Compile tested. > > Is there a specific reason for skipping smoke testing? > I will own 2 reviews to the person who can show that they have setup an l1oip device and manually smoke tested this fix. I will own 10 reviews to the person who pushes to our RT repo a l1oip test suite that passes. Cascardo. > > > > [Potential Regression] > > No potential regression since it only adds a few conditional statement as > > protection. > > > > Duoming Zhou (1): > > mISDN: fix use-after-free bugs in l1oip timer handlers > > > > drivers/isdn/mISDN/l1oip.h | 1 + > > drivers/isdn/mISDN/l1oip_core.c | 13 +++++++------ > > 2 files changed, 8 insertions(+), 6 deletions(-) > > > > -- > > 2.34.1 > > > > > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
On Wed, Nov 16, 2022 at 03:59:37PM -0500, Yuxuan Luo wrote: > [Impact] > A vulnerability is found at l1oip: when a timer handler is still running after > the card is released, a use-after-free occurs. > > [Backport] > It is a clean cherry pick. > > [Test] > Compile tested. > > [Potential Regression] > No potential regression since it only adds a few conditional statement as > protection. > The potential regression is for any users of l1oip. We have this field not to tell how much confident we are about the fix, but the scope we believe it has over our users. Also, notice that despite the changes in lines in the patches, git-am would apply the Bionic patch on Kinetic, or the Jammy patch on Bionic, etc. So a single patch would have worked here and produced the same results. So, you can send a single patch for cases like this. Acked-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Cascardo. > Duoming Zhou (1): > mISDN: fix use-after-free bugs in l1oip timer handlers > > drivers/isdn/mISDN/l1oip.h | 1 + > drivers/isdn/mISDN/l1oip_core.c | 13 +++++++------ > 2 files changed, 8 insertions(+), 6 deletions(-) > > -- > 2.34.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
On 11/17/22 19:38, Cengiz Can wrote: > On Wed, 2022-11-16 at 15:59 -0500, Yuxuan Luo wrote: >> [Impact] >> A vulnerability is found at l1oip: when a timer handler is still running after >> the card is released, a use-after-free occurs. >> >> [Backport] >> It is a clean cherry pick. >> >> [Test] >> Compile tested. > Is there a specific reason for skipping smoke testing? l1oip module can be loaded and unloaded without error, tested on kvm. > >> [Potential Regression] >> No potential regression since it only adds a few conditional statement as >> protection. >> >> Duoming Zhou (1): >> mISDN: fix use-after-free bugs in l1oip timer handlers >> >> drivers/isdn/mISDN/l1oip.h | 1 + >> drivers/isdn/mISDN/l1oip_core.c | 13 +++++++------ >> 2 files changed, 8 insertions(+), 6 deletions(-) >> >> -- >> 2.34.1 >> >>
On 16.11.22 21:59, Yuxuan Luo wrote: > [Impact] > A vulnerability is found at l1oip: when a timer handler is still running after > the card is released, a use-after-free occurs. > > [Backport] > It is a clean cherry pick. > > [Test] > Compile tested. > > [Potential Regression] > No potential regression since it only adds a few conditional statement as > protection. > > Duoming Zhou (1): > mISDN: fix use-after-free bugs in l1oip timer handlers > > drivers/isdn/mISDN/l1oip.h | 1 + > drivers/isdn/mISDN/l1oip_core.c | 13 +++++++------ > 2 files changed, 8 insertions(+), 6 deletions(-) > Acked-by: Stefan Bader <stefan.bader@canonical.com>
On 16.11.22 21:59, Yuxuan Luo wrote: > [Impact] > A vulnerability is found at l1oip: when a timer handler is still running after > the card is released, a use-after-free occurs. > > [Backport] > It is a clean cherry pick. > > [Test] > Compile tested. > > [Potential Regression] > No potential regression since it only adds a few conditional statement as > protection. > > Duoming Zhou (1): > mISDN: fix use-after-free bugs in l1oip timer handlers > > drivers/isdn/mISDN/l1oip.h | 1 + > drivers/isdn/mISDN/l1oip_core.c | 13 +++++++------ > 2 files changed, 8 insertions(+), 6 deletions(-) > Applied to jammy,focal,bionic:linux/master-next (via stable). Thanks. -Stefan