Message ID | 20240117222555.51460-1-yuxuan.luo@canonical.com |
---|---|
Headers | show |
Series | CVE-2023-51782 | expand |
On 01/17, Yuxuan Luo wrote: > [Impact] > Due to lack of proper locking, a potential use-after-free caused by race > condition may occur in ROSE while accepting socket, leading to local > privilege escalation. > > [Backport] > It is a clean cherry pick. > > [Test] > Compile and boot tested. > > [Potential Regression] > Regression should be limited to AF_ROSE socket. > > Hyunwoo Kim (1): > net/rose: Fix Use-After-Free in rose_ioctl > > net/rose/af_rose.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > -- > 2.34.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
On 17.01.24 23:25, Yuxuan Luo wrote: > [Impact] > Due to lack of proper locking, a potential use-after-free caused by race > condition may occur in ROSE while accepting socket, leading to local > privilege escalation. > > [Backport] > It is a clean cherry pick. > > [Test] > Compile and boot tested. > > [Potential Regression] > Regression should be limited to AF_ROSE socket. > > Hyunwoo Kim (1): > net/rose: Fix Use-After-Free in rose_ioctl > > net/rose/af_rose.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > For Lunar there is no further SRU cycle planned. The other series: Acked-by: Stefan Bader <stefan.bader@canonical.com> - Stefan
On 17.01.24 23:25, Yuxuan Luo wrote: > [Impact] > Due to lack of proper locking, a potential use-after-free caused by race > condition may occur in ROSE while accepting socket, leading to local > privilege escalation. > > [Backport] > It is a clean cherry pick. > > [Test] > Compile and boot tested. > > [Potential Regression] > Regression should be limited to AF_ROSE socket. > > Hyunwoo Kim (1): > net/rose: Fix Use-After-Free in rose_ioctl > > net/rose/af_rose.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > Applied to mantic,jammy,focal:linux/master-next. Thanks. -Stefan