APPLIED[B/C]: [PATCH 0/1][B] Fix for CVE-2019-11815o
Kleber Souza
kleber.souza at canonical.com
Mon Jul 1 14:08:18 UTC 2019
On 6/4/19 8:47 AM, Thomas Lamprecht wrote:
>> An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux
>> kernel before 5.0.8. There is a race condition leading to a use-after-free,
>> related to net namespace cleanup.
> -- https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11815.html
>
> While the RDS protocol is blacklisted by default in Ubuntu this may be still
> useful for people using the module manually, especially in container
> environments where some should be able to use it without security implications
> for others or even the host. But still, priority for this is low, as the note
> in the Ubuntu CVE link above, IMO, correctly argues.
>
> Clean cherry pick, build and boot tested on amd64.
>
> Regression potential: Low. This patch touches a by default blacklisted module
> only, so all those not manually loading, or removing the default blacklist,
> cannot run into regressions. Further, upstream has taken this in over two
> months ago with no report of breakage regarding this, AFAIS.
>
> Mao Wenan (1):
> net: rds: force to destroy connection if t_sock is NULL in
> rds_tcp_kill_sock().
>
> net/rds/tcp.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
Applied to {bionic,cosmic}/master-next branch.
Thanks,
Kleber
More information about the kernel-team
mailing list