APPLIED: [SRU][Impish][PATCH 0/1] CVE-2022-28356
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Tue Jun 21 17:00:19 UTC 2022
On Tue, Jun 21, 2022 at 05:36:05PM +0200, Stefan Bader wrote:
> On 13.06.22 01:49, Cengiz Can wrote:
> > [Impact]
> > In the Linux kernel before 5.17.1, a refcount leak bug was found in
> > net/llc/af_llc.c.
> >
> > [Fix]
> > Upstream fix for this uses a function introduced with 5.17-rc1
> > `dev_put_track`.
> > (commit 4d92b95ff2f9 "net: add net device refcount tracker
> > infrastructure").
> >
> > There's a stable backport of this fix that doesn't require net device
> > refcount tracker functionality.
> >
> > So, this was cherry-picked from the fix on linux-5.10-y.
> >
> > [Test case]
> > Author publicly shared a PoC which renders the targeted network
> > interface non-removable. This prevents the instance from rebooting
> > properly. (Not the actual exploit but an enabler to it).
> >
> > Verified that impish and xenial are both vulnerable to this, compiled
> > and booted both of them with this patch and made sure that PoC is no
> > longer causing any lockups.
> >
> > [Potential regression]
> > Logical Link Control interface is pretty critical. But the changes are
> > miniscule and probably won't cause any regressions.
> >
> > Eric Dumazet (1):
> > llc: fix netdevice reference leaks in llc_ui_bind()
> >
> > net/llc/af_llc.c | 8 ++++++++
> > 1 file changed, 8 insertions(+)
> >
>
> Applied to impish:linux/master-next. Thanks.
>
> -Stefan
>
Notice that this has a followup fix, commit
2d327a79ee176930dc72c131a970c891d367c1dc. And the situation with this commit
but not its followup fix is a bit worse than before.
I have a backport ready, but still building and testing it here. We should not
ship this as is, specially given this might be the last impish kernel.
Cascardo.
More information about the kernel-team
mailing list