| Message ID | 20230809160222.13668-1-yuxuan.luo@canonical.com |
|---|---|
| Headers | show |
| Series | CVE-2023-3863 | expand |
On 8/9/23 10:02, Yuxuan Luo wrote: > [Impact] > It was discovered that the NFC implementation in the Linux kernel > contained a use-after-free vulnerability when performing peer-to-peer > communication in certain conditions. A privileged attacker could use > this to cause a denial of service (system crash) or possibly expose > sensitive information (kernel memory). > > [Backport] > The fix commit requires ec10fd154d93 (“nfc: llcp: simplify > llcp_sock_connect() error paths”) as its prerequisite to be applied > cleanly. > > [Test] > Tested against libnfc/test: > > ```bash > # Install required packages > apt-get -y install git autoconf gcc make libusb-dev libtool > # Install dependency CUTTER > apt-get -y install software-properties-common > add-apt-repository -y ppa:cutter-testing-framework/ppa > apt-get update > apt-get -y install cutter-testing-framework > # Get test suite > git clone https://github.com/nfc-tools/libnfc.git > cd libnfc/ > # Setup > autoreconf -vis > # Run test suite > ./configure > make check > ``` > > Expected result: > ``` > ... > PASS: run-test.sh > ============================================================================ > Testsuite summary for libnfc 1.8.0 > ============================================================================ > # TOTAL: 1 > # PASS: 1 > # SKIP: 0 > # XFAIL: 0 > # FAIL: 0 > # XPASS: 0 > # ERROR: 0 > ============================================================================ > make[3]: Leaving directory '/home/ubuntu/test/libnfc/test' > ``` > > [Potential Regression] > Although there are multiple modified files, the patches have been tested > against the regression test suite. Expect moderate regression potential. > > > Krzysztof Kozlowski (1): > nfc: llcp: simplify llcp_sock_connect() error paths > > Lin Ma (1): > net: nfc: Fix use-after-free caused by nfc_llcp_find_local > > net/nfc/llcp.h | 1 - > net/nfc/llcp_commands.c | 12 +++++++--- > net/nfc/llcp_core.c | 49 +++++++++++++++++++++++++++++++++++------ > net/nfc/llcp_sock.c | 21 ++++++++++-------- > net/nfc/netlink.c | 20 ++++++++++++----- > net/nfc/nfc.h | 1 + > 6 files changed, 79 insertions(+), 25 deletions(-) > Acked-by: Tim Gardner <tim.gardner@canonical.com>
Yuxuan Luo kirjoitti 9.8.2023 klo 19.02: > [Impact] > It was discovered that the NFC implementation in the Linux kernel > contained a use-after-free vulnerability when performing peer-to-peer > communication in certain conditions. A privileged attacker could use > this to cause a denial of service (system crash) or possibly expose > sensitive information (kernel memory). > > [Backport] > The fix commit requires ec10fd154d93 (“nfc: llcp: simplify > llcp_sock_connect() error paths”) as its prerequisite to be applied > cleanly. > > [Test] > Tested against libnfc/test: > > ```bash > # Install required packages > apt-get -y install git autoconf gcc make libusb-dev libtool > # Install dependency CUTTER > apt-get -y install software-properties-common > add-apt-repository -y ppa:cutter-testing-framework/ppa > apt-get update > apt-get -y install cutter-testing-framework > # Get test suite > git clone https://github.com/nfc-tools/libnfc.git > cd libnfc/ > # Setup > autoreconf -vis > # Run test suite > ./configure > make check > ``` > > Expected result: > ``` > ... > PASS: run-test.sh > ============================================================================ > Testsuite summary for libnfc 1.8.0 > ============================================================================ > # TOTAL: 1 > # PASS: 1 > # SKIP: 0 > # XFAIL: 0 > # FAIL: 0 > # XPASS: 0 > # ERROR: 0 > ============================================================================ > make[3]: Leaving directory '/home/ubuntu/test/libnfc/test' > ``` > > [Potential Regression] > Although there are multiple modified files, the patches have been tested > against the regression test suite. Expect moderate regression potential. > > > Krzysztof Kozlowski (1): > nfc: llcp: simplify llcp_sock_connect() error paths > > Lin Ma (1): > net: nfc: Fix use-after-free caused by nfc_llcp_find_local > > net/nfc/llcp.h | 1 - > net/nfc/llcp_commands.c | 12 +++++++--- > net/nfc/llcp_core.c | 49 +++++++++++++++++++++++++++++++++++------ > net/nfc/llcp_sock.c | 21 ++++++++++-------- > net/nfc/netlink.c | 20 ++++++++++++----- > net/nfc/nfc.h | 1 + > 6 files changed, 79 insertions(+), 25 deletions(-) > applied to oem kernels, thanks