[SRU OEM-5.14/HWE-5.17 0/1] CVE-2022-33743

Cengiz Can cengiz.can at canonical.com
Wed Oct 12 02:17:57 UTC 2022


[Impact]
network backend may cause Linux netfront to use freed SKBs While adding
logic to support XDP (eXpress Data Path), a code label was moved in a
way allowing for SKBs having references (pointers) retained for further
processing to nevertheless be freed.

[Fix]
Patch was initially sent to oss-sec mailing list as an attachment.

It landed to upstream with v5.19-rc6.
The problematic label seems to be in correct place for xenial, bionic
and focal. jammy and kinetic already has the fix.

[Test case]
Compile and boot tested only.

[Potential regression]
Medium potential. Fix is moving an existing __skb_queue_tail call to be
executed on every iteration of a for loop.

Jan Beulich (1):
  xen-netfront: restore __skb_queue_tail() positioning in
    xennet_get_responses()

 drivers/net/xen-netfront.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

-- 
2.34.1




More information about the kernel-team mailing list