APPLIED: [SRU][Impish][PATCH 0/1] CVE-2022-28356
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Tue Jun 21 17:00:19 UTC 2022
On Tue, Jun 21, 2022 at 05:36:05PM +0200, Stefan Bader wrote:
> On 13.06.22 01:49, Cengiz Can wrote:
> > [Impact]
> > In the Linux kernel before 5.17.1, a refcount leak bug was found in
> > net/llc/af_llc.c.
> > [Fix]
> > Upstream fix for this uses a function introduced with 5.17-rc1
> > `dev_put_track`.
> > (commit 4d92b95ff2f9 "net: add net device refcount tracker
> > infrastructure").
> > There's a stable backport of this fix that doesn't require net device
> > refcount tracker functionality.
> > So, this was cherry-picked from the fix on linux-5.10-y.
> > [Test case]
> > Author publicly shared a PoC which renders the targeted network
> > interface non-removable. This prevents the instance from rebooting
> > properly. (Not the actual exploit but an enabler to it).
> > Verified that impish and xenial are both vulnerable to this, compiled
> > and booted both of them with this patch and made sure that PoC is no
> > longer causing any lockups.
> > [Potential regression]
> > Logical Link Control interface is pretty critical. But the changes are
> > miniscule and probably won't cause any regressions.
> > Eric Dumazet (1):
> > llc: fix netdevice reference leaks in llc_ui_bind()
> > net/llc/af_llc.c | 8 ++++++++
> > 1 file changed, 8 insertions(+)
> Applied to impish:linux/master-next. Thanks.
Notice that this has a followup fix, commit
2d327a79ee176930dc72c131a970c891d367c1dc. And the situation with this commit
but not its followup fix is a bit worse than before.
I have a backport ready, but still building and testing it here. We should not
ship this as is, specially given this might be the last impish kernel.
More information about the kernel-team