ACK: [SRU Xenial/Bionic/Focal/Impish/Jammy] CVE-2022-28388
Andrea Righi
andrea.righi at canonical.com
Thu May 26 12:29:44 UTC 2022
On Thu, May 26, 2022 at 12:00:45AM +0300, Cengiz Can wrote:
> [Impact]
>
> From https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28388
>
> usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel
> through 5.17.1 has a double free.
>
> It was discovered that the 8 Devices USB2CAN interface implementation in the
> Linux kernel did not properly handle certain error conditions, leading to a
> double-free. A local attacker could possibly use this to cause a denial of
> service (system crash).
Looks good to me, thanks!
Acked-by: Andrea Righi <andrea.righi at canonical.com>
More information about the kernel-team
mailing list