APPLIED [OEM-5.14] Re: [SRU K,HWE-5.17,J,OEM-5.14,F,B 0/1] CVE-2022-3524
Timo Aaltonen
tjaalton at ubuntu.com
Tue Nov 29 15:24:38 UTC 2022
- Previous message (by thread): APPLIED[All, but OEM-5.14]: [SRU K,HWE-5.17,J,OEM-5.14,F,B 0/1] CVE-2022-3524
- Next message (by thread): [SRU K,HWE-5.17,J,OEM-5.14,F,B 0/1] CVE-2022-3564
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Thadeu Lima de Souza Cascardo kirjoitti 17.11.2022 klo 3.08:
> [Impact]
> A race condition between setsockopt(IPV6_ADDRFORM) and setsockopt(IPV6_DSTOPTS)
> may lead to a memory leak. A local attacker could use this to cause a denial of service.
>
> [Backport]
> A single conflict was fixed for all versions. release_sock has been replaced
> by sockopt_release_sock upstream, which introduces a new support for BPF
> calling setsockopt. So, not something we should backport under risk of regressions.
>
> [Potential regression]
> Programs using setsockopt and mixing IPv6 and IPv4 sockets might fail.
>
> Kuniyuki Iwashima (1):
> tcp/udp: Fix memory leak in ipv6_renew_options().
>
> net/ipv6/ipv6_sockglue.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
applied to oem-5.14, thanks
--
t
- Previous message (by thread): APPLIED[All, but OEM-5.14]: [SRU K,HWE-5.17,J,OEM-5.14,F,B 0/1] CVE-2022-3524
- Next message (by thread): [SRU K,HWE-5.17,J,OEM-5.14,F,B 0/1] CVE-2022-3564
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the kernel-team
mailing list