[SRU Bionic/Focal/Jammy/HWE-5.17] CVE-2022-3028
Cengiz Can
cengiz.can at canonical.com
Tue Sep 20 20:05:12 UTC 2022
[Impact]
A race condition was found in the Linux kernel's IP framework for
transforming packets (XFRM subsystem) when multiple calls to
xfrm_probe_algs occurred simultaneously. This flaw could allow a local
attacker to potentially trigger an out-of-bounds write or leak kernel
heap memory by performing an out-of-bounds read and copying it into a
socket.
[Fix]
Breaking commit was introduced with v3.14-rc1. Fixing commit landed on
upstream with v6.0-rc3.
Cherry picked to Bionic/Focal/Jammy/HWE-5.17 from upstream.
[Test case]
Compile and boot tested on KVM only.
[Potential regression]
Probably low risk because the change only wraps two consecutive lines
with a mutex. Yet there are no test cases provided so can't be sure.
Herbert Xu (1):
af_key: Do not call xfrm_probe_algs in parallel
net/key/af_key.c | 3 +++
1 file changed, 3 insertions(+)
--
2.34.1
More information about the kernel-team
mailing list