ACK/Cmnt: [SRU][Impish][PATCH 0/1] CVE-2022-28356
Tim Gardner
tim.gardner at canonical.com
Mon Jun 13 11:54:43 UTC 2022
Acked-by: Tim Gardner <tim.gardner at canonical.com>
I feel like the upstream stable patch should have come from 5.15.y, but
since the 5.10.y patch is virtually identical, I'm not caring that much.
On 6/12/22 17:49, Cengiz Can wrote:
> [Impact]
> In the Linux kernel before 5.17.1, a refcount leak bug was found in
> net/llc/af_llc.c.
>
> [Fix]
> Upstream fix for this uses a function introduced with 5.17-rc1
> `dev_put_track`.
> (commit 4d92b95ff2f9 "net: add net device refcount tracker
> infrastructure").
>
> There's a stable backport of this fix that doesn't require net device
> refcount tracker functionality.
>
> So, this was cherry-picked from the fix on linux-5.10-y.
>
> [Test case]
> Author publicly shared a PoC which renders the targeted network
> interface non-removable. This prevents the instance from rebooting
> properly. (Not the actual exploit but an enabler to it).
>
> Verified that impish and xenial are both vulnerable to this, compiled
> and booted both of them with this patch and made sure that PoC is no
> longer causing any lockups.
>
> [Potential regression]
> Logical Link Control interface is pretty critical. But the changes are
> miniscule and probably won't cause any regressions.
>
> Eric Dumazet (1):
> llc: fix netdevice reference leaks in llc_ui_bind()
>
> net/llc/af_llc.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list