ACK: [SRU OEM-5.14/HWE-5.17 0/1] CVE-2022-33743
Cory Todd
cory.todd at canonical.com
Wed Oct 12 14:22:03 UTC 2022
On Wed, Oct 12, 2022 at 05:17:57AM +0300, Cengiz Can wrote:
> [Impact]
> network backend may cause Linux netfront to use freed SKBs While adding
> logic to support XDP (eXpress Data Path), a code label was moved in a
> way allowing for SKBs having references (pointers) retained for further
> processing to nevertheless be freed.
>
> [Fix]
> Patch was initially sent to oss-sec mailing list as an attachment.
>
> It landed to upstream with v5.19-rc6.
> The problematic label seems to be in correct place for xenial, bionic
> and focal. jammy and kinetic already has the fix.
>
> [Test case]
> Compile and boot tested only.
>
> [Potential regression]
> Medium potential. Fix is moving an existing __skb_queue_tail call to be
> executed on every iteration of a for loop.
>
> Jan Beulich (1):
> xen-netfront: restore __skb_queue_tail() positioning in
> xennet_get_responses()
>
> drivers/net/xen-netfront.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
Acked-by: Cory Todd <cory.todd at canonical.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20221012/3636f5ae/attachment-0001.sig>
More information about the kernel-team
mailing list