ACK+cmnt: [SRU][J/F/B][PATCH 0/1] CVE-2022-3565
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Fri Nov 18 07:22:55 UTC 2022
On Wed, Nov 16, 2022 at 03:59:37PM -0500, Yuxuan Luo wrote:
> [Impact]
> A vulnerability is found at l1oip: when a timer handler is still running after
> the card is released, a use-after-free occurs.
>
> [Backport]
> It is a clean cherry pick.
>
> [Test]
> Compile tested.
>
> [Potential Regression]
> No potential regression since it only adds a few conditional statement as
> protection.
>
The potential regression is for any users of l1oip. We have this field not to
tell how much confident we are about the fix, but the scope we believe it has
over our users.
Also, notice that despite the changes in lines in the patches, git-am would
apply the Bionic patch on Kinetic, or the Jammy patch on Bionic, etc. So a
single patch would have worked here and produced the same results. So, you can
send a single patch for cases like this.
Acked-by: Thadeu Lima de Souza Cascardo <cascardo at canonical.com>
Cascardo.
> Duoming Zhou (1):
> mISDN: fix use-after-free bugs in l1oip timer handlers
>
> drivers/isdn/mISDN/l1oip.h | 1 +
> drivers/isdn/mISDN/l1oip_core.c | 13 +++++++------
> 2 files changed, 8 insertions(+), 6 deletions(-)
>
> --
> 2.34.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list