APPLIED[X/B/F/I]/cmnt: [SRU Xenial/Bionic/Focal/Impish/Jammy] CVE-2022-28388
Kleber Souza
kleber.sacilotto.de.souza at canonical.com
Fri May 27 10:16:27 UTC 2022
On 25.05.22 23:00, Cengiz Can wrote:
> [Impact]
>
> From https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28388
>
> usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel
> through 5.17.1 has a double free.
>
> It was discovered that the 8 Devices USB2CAN interface implementation in the
> Linux kernel did not properly handle certain error conditions, leading to a
> double-free. A local attacker could possibly use this to cause a denial of
> service (system crash).
>
> Hangyu Hua (1):
> can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in
> error path
>
> drivers/net/can/usb/usb_8dev.c | 30 ++++++++++++++----------------
> 1 file changed, 14 insertions(+), 16 deletions(-)
>
Applied to xenial/bionic/focal/impish:linux.
It has already been already applied to: jammy:linux as part of an upstream
stable update.
Thanks,
Kleber
More information about the kernel-team
mailing list