[SRU][K/J/F] CVE-2022-3625

Yuxuan Luo yuxuan.luo at canonical.com
Fri Nov 11 15:39:10 UTC 2022


[Impact]
After a failed devlink reload, devlink parameters are still registered,
which means user space can set and get their values. In the case of the
mlxsw "acl_region_rehash_interval" parameter, these operations will
trigger a use-after-free.

[Backport]
It is a clean backport for Kinetic, Jammy and Focal.

[Potential Regression]
There is no potential regression.

Ido Schimmel (1):
  devlink: Fix use-after-free after a failed reload

 net/core/devlink.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

-- 
2.34.1




More information about the kernel-team mailing list