| Message ID | 20230315152103.767189-1-cascardo@canonical.com |
|---|---|
| Headers | show |
| Series | CVE-2023-1281 | expand |
On 15.03.23 16:20, Thadeu Lima de Souza Cascardo wrote: > [Impact] > An unprivileged user may exploit a use-after-free condition with the tcindex > classifier, leading to possible local escalation of privilege. > > [Backport] > The fix uses rcu_replace_pointer, which was not available on 4.15 and 5.4. > A backport to add it was done on those branches. > > The tcindex classifier was removed on 6.1 and 6.2 kernels. > > [Potential regression] > Only tcindex classifiers are under risk of regressions. > > > Paul E. McKenney (1): > rcu: Upgrade rcu_swap_protected() to rcu_replace_pointer() > > Pedro Tammela (1): > net/sched: tcindex: update imperfect hash filters respecting rcu > > include/linux/rcupdate.h | 18 ++++++++++++++++++ > net/sched/cls_tcindex.c | 34 ++++++++++++++++++++++++++++++---- > 2 files changed, 48 insertions(+), 4 deletions(-) > Acked-by: Stefan Bader <stefan.bader@canonical.com>
On Wed, 2023-03-15 at 12:20 -0300, Thadeu Lima de Souza Cascardo wrote: > [Impact] > An unprivileged user may exploit a use-after-free condition with the tcindex > classifier, leading to possible local escalation of privilege. > > [Backport] > The fix uses rcu_replace_pointer, which was not available on 4.15 and 5.4. > A backport to add it was done on those branches. > > The tcindex classifier was removed on 6.1 and 6.2 kernels. > > [Potential regression] > Only tcindex classifiers are under risk of regressions. > > Acked-by: Cengiz Can <cengiz.can@canonical.com> > Paul E. McKenney (1): > rcu: Upgrade rcu_swap_protected() to rcu_replace_pointer() > > Pedro Tammela (1): > net/sched: tcindex: update imperfect hash filters respecting rcu > > include/linux/rcupdate.h | 18 ++++++++++++++++++ > net/sched/cls_tcindex.c | 34 ++++++++++++++++++++++++++++++---- > 2 files changed, 48 insertions(+), 4 deletions(-) > > -- > 2.34.1 > >
Thadeu Lima de Souza Cascardo kirjoitti 15.3.2023 klo 17.20: > [Impact] > An unprivileged user may exploit a use-after-free condition with the tcindex > classifier, leading to possible local escalation of privilege. > > [Backport] > The fix uses rcu_replace_pointer, which was not available on 4.15 and 5.4. > A backport to add it was done on those branches. > > The tcindex classifier was removed on 6.1 and 6.2 kernels. > > [Potential regression] > Only tcindex classifiers are under risk of regressions. > > > Paul E. McKenney (1): > rcu: Upgrade rcu_swap_protected() to rcu_replace_pointer() > > Pedro Tammela (1): > net/sched: tcindex: update imperfect hash filters respecting rcu > > include/linux/rcupdate.h | 18 ++++++++++++++++++ > net/sched/cls_tcindex.c | 34 ++++++++++++++++++++++++++++++---- > 2 files changed, 48 insertions(+), 4 deletions(-) > applied to oem kernels, thanks
Applied to bionic, focal, jammy, kinetic linux master-next Thanks!~ - Luke On Wed, Mar 15, 2023 at 8:22 AM Thadeu Lima de Souza Cascardo < cascardo@canonical.com> wrote: > [Impact] > An unprivileged user may exploit a use-after-free condition with the > tcindex > classifier, leading to possible local escalation of privilege. > > [Backport] > The fix uses rcu_replace_pointer, which was not available on 4.15 and 5.4. > A backport to add it was done on those branches. > > The tcindex classifier was removed on 6.1 and 6.2 kernels. > > [Potential regression] > Only tcindex classifiers are under risk of regressions. > > > Paul E. McKenney (1): > rcu: Upgrade rcu_swap_protected() to rcu_replace_pointer() > > Pedro Tammela (1): > net/sched: tcindex: update imperfect hash filters respecting rcu > > include/linux/rcupdate.h | 18 ++++++++++++++++++ > net/sched/cls_tcindex.c | 34 ++++++++++++++++++++++++++++++---- > 2 files changed, 48 insertions(+), 4 deletions(-) > > -- > 2.34.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team >