From patchwork Wed Nov 16 20:59:37 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yuxuan Luo X-Patchwork-Id: 1704825 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.a=rsa-sha256 header.s=20210705 header.b=NJ8YVVQK; dkim-atps=neutral Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4NCFmX6vm7z23mL for ; Thu, 17 Nov 2022 07:59:56 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1ovPVd-00085W-Ni; Wed, 16 Nov 2022 20:59:49 +0000 Received: from smtp-relay-internal-0.internal ([10.131.114.225] helo=smtp-relay-internal-0.canonical.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1ovPVc-00085G-Hm for kernel-team@lists.ubuntu.com; Wed, 16 Nov 2022 20:59:48 +0000 Received: from mail-qt1-f199.google.com (mail-qt1-f199.google.com [209.85.160.199]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 02A013F120 for ; Wed, 16 Nov 2022 20:59:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1668632387; bh=RMq2x9LcCqrMU9r5VEFSaWWNXKZ2xyh2t6kYcLn53qU=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=NJ8YVVQK37qraH6a8rca3o8EgqSdOx07deG5OyqUpO3gNsPwlTaI9/6D+DKorAP6t b1y3E1utYCt5CGX9HiV1OuRO40yn6sUwQ/BYl5B1q62WFuXEV24tnCYpR7zqCGCfuh yCQ7P4EPJuf/Js7KxsA+Gb9dGAfungcVylUQZEBlEgJFFtNQn04ZUAS16cParPDxK+ QmSRN1m7LlVmYqNRpgysQ8YabFv+wTpeDbi8RpwEpZ0JgQuCpBFb4k3oe96ltL6KSk gQilpx57ZIYPVZ2SPxbyXLD5XEb0M8YDl8wVszt0u5xQurnTrXTtgsezUNNvIHN4wf 0THYJeNPDTwbg== Received: by mail-qt1-f199.google.com with SMTP id f4-20020a05622a114400b003a57f828277so14252777qty.22 for ; Wed, 16 Nov 2022 12:59:46 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=RMq2x9LcCqrMU9r5VEFSaWWNXKZ2xyh2t6kYcLn53qU=; b=1ef7W2lJ7iZAflowOT0tkrNhV58ednNO6ffQyQz+1WhlfGPe5CIOKkIs6R1ABZksUL XbSUKcQvHQ4/J0xZnSuGvvRqU+PGRe9jmija+l0EYnUdwBP76ZnO1MHgSwhn779oYWuT cULgOsqFbI+AljMAv173qor6dckjJsPM/YhYMXrFaLMbSJUAY1SUh8exG69mDApPIYa0 Yq5DDCTzi8SN5H3izTTDnmZJ6Fco+dlhrvY7OVOm7f5SSHlFJj1joKzM7G8/lAgHgTyI 4rrX0nkTzFSQU5CVkdGcuf04lTig2CAca78Vn1iygGBpelb89bYxoKaDTuurCuh2hL3y CSHQ== X-Gm-Message-State: ANoB5pnr571yItds1ro1h2cNRQ3Uha24RMVED0xrd+nJp1oY3ZaecHUT 7jQ/Rb1EXJp0qwDwzWLpv53HgdU2eUjiC1OhnuD+X4uBmVHq+9FA6m29EMczyQRG6OC5p1BFM/k 3XR8W6QlyZfNclyob+8KoTnbRC7x85gH3p+20vU/KJw== X-Received: by 2002:ac8:7dc1:0:b0:3a5:211f:1f2c with SMTP id c1-20020ac87dc1000000b003a5211f1f2cmr23248026qte.241.1668632385649; Wed, 16 Nov 2022 12:59:45 -0800 (PST) X-Google-Smtp-Source: AA0mqf73VX8/s4UaZi3dArCTUFgYZ8rDWKmrg+B+P0rhzZx61GphXqxER/pLcq6WMmIPQxVW/3WT+A== X-Received: by 2002:ac8:7dc1:0:b0:3a5:211f:1f2c with SMTP id c1-20020ac87dc1000000b003a5211f1f2cmr23248012qte.241.1668632385406; Wed, 16 Nov 2022 12:59:45 -0800 (PST) Received: from cache-ubuntu.hsd1.nj.comcast.net ([2601:86:200:98b0:ad63:7d49:828c:930f]) by smtp.gmail.com with ESMTPSA id h2-20020ac85042000000b003a606428a59sm1909983qtm.91.2022.11.16.12.59.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Nov 2022 12:59:44 -0800 (PST) From: Yuxuan Luo To: kernel-team@lists.ubuntu.com Subject: [SRU][J/F/B][PATCH 0/1] CVE-2022-3565 Date: Wed, 16 Nov 2022 15:59:37 -0500 Message-Id: <20221116205940.20586-1-yuxuan.luo@canonical.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" [Impact] A vulnerability is found at l1oip: when a timer handler is still running after the card is released, a use-after-free occurs. [Backport] It is a clean cherry pick. [Test] Compile tested. [Potential Regression] No potential regression since it only adds a few conditional statement as protection. Duoming Zhou (1): mISDN: fix use-after-free bugs in l1oip timer handlers drivers/isdn/mISDN/l1oip.h | 1 + drivers/isdn/mISDN/l1oip_core.c | 13 +++++++------ 2 files changed, 8 insertions(+), 6 deletions(-) Acked-by: Thadeu Lima de Souza Cascardo Acked-by: Stefan Bader