[SRU,OEM-5.17,OEM-6.0,0/1] CVE-2023-26545

Message ID	20230411225512.211644-1-cengiz.can@canonical.com
Headers	show Return-Path: <kernel-team-bounces@lists.ubuntu.com> From: Cengiz Can <cengiz.can@canonical.com> To: kernel-team@lists.ubuntu.com Subject: [SRU OEM-5.17, OEM-6.0 0/1] CVE-2023-26545 Date: Wed, 12 Apr 2023 01:55:11 +0300 Message-Id: <20230411225512.211644-1-cengiz.can@canonical.com> MIME-Version: 1.0 Precedence: list Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>
Series	CVE-2023-26545 \| expand [SRU,OEM-5.17,OEM-6.0,0/1] CVE-2023-26545 [SRU,OEM-5.17,OEM-6.0,1/1] net: mpls: fix stale pointer if allocation fails during device rename

Message ID

20230411225512.211644-1-cengiz.can@canonical.com

Headers

From: Cengiz Can <cengiz.can@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU OEM-5.17, OEM-6.0 0/1] CVE-2023-26545
Date: Wed, 12 Apr 2023 01:55:11 +0300
Message-Id: <20230411225512.211644-1-cengiz.can@canonical.com>
MIME-Version: 1.0
Precedence: list
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

Series

CVE-2023-26545 | expand

Message

Cengiz Can April 11, 2023, 10:55 p.m. UTC

[Impact]
In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c
upon an allocation failure (for registering the sysctl table under a new
location) during the renaming of a device.

[Fix]
Cherry picked from upstream.

[Test case]
Compile and boot tested only.

[Potential regression]
Low. Fix only adds a null check to prevent a double free.

Jakub Kicinski (1):
  net: mpls: fix stale pointer if allocation fails during device rename

 net/mpls/af_mpls.c | 4 ++++
 1 file changed, 4 insertions(+)

Comments

Andrei Gherzan April 12, 2023, 10:05 a.m. UTC | #1

On 23/04/12 01:55AM, Cengiz Can wrote:
> [Impact]
> In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c
> upon an allocation failure (for registering the sysctl table under a new
> location) during the renaming of a device.
> 
> [Fix]
> Cherry picked from upstream.
> 
> [Test case]
> Compile and boot tested only.
> 
> [Potential regression]
> Low. Fix only adds a null check to prevent a double free.
> 
> Jakub Kicinski (1):
>   net: mpls: fix stale pointer if allocation fails during device rename
> 
>  net/mpls/af_mpls.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> -- 
> 2.37.2

Acked-by: Andrei Gherzan <andrei.gherzan@canonical.com>

Timo Aaltonen April 18, 2023, 8 a.m. UTC | #2

Cengiz Can kirjoitti 12.4.2023 klo 1.55:
> [Impact]
> In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c
> upon an allocation failure (for registering the sysctl table under a new
> location) during the renaming of a device.
> 
> [Fix]
> Cherry picked from upstream.
> 
> [Test case]
> Compile and boot tested only.
> 
> [Potential regression]
> Low. Fix only adds a null check to prevent a double free.
> 
> Jakub Kicinski (1):
>    net: mpls: fix stale pointer if allocation fails during device rename
> 
>   net/mpls/af_mpls.c | 4 ++++
>   1 file changed, 4 insertions(+)
> 

applied to oem-5.17 & -6.0, thanks