ACK: [SRU Bionic/Focal/Jammy/HWE-5.17] CVE-2022-3028
Tim Gardner
tim.gardner at canonical.com
Wed Sep 21 13:33:38 UTC 2022
On 9/20/22 14:05, Cengiz Can wrote:
> [Impact]
> A race condition was found in the Linux kernel's IP framework for
> transforming packets (XFRM subsystem) when multiple calls to
> xfrm_probe_algs occurred simultaneously. This flaw could allow a local
> attacker to potentially trigger an out-of-bounds write or leak kernel
> heap memory by performing an out-of-bounds read and copying it into a
> socket.
>
> [Fix]
> Breaking commit was introduced with v3.14-rc1. Fixing commit landed on
> upstream with v6.0-rc3.
>
> Cherry picked to Bionic/Focal/Jammy/HWE-5.17 from upstream.
>
> [Test case]
> Compile and boot tested on KVM only.
>
> [Potential regression]
> Probably low risk because the change only wraps two consecutive lines
> with a mutex. Yet there are no test cases provided so can't be sure.
>
> Herbert Xu (1):
> af_key: Do not call xfrm_probe_algs in parallel
>
> net/key/af_key.c | 3 +++
> 1 file changed, 3 insertions(+)
>
Acked-by: Tim Gardner <tim.gardner at canonical.com>
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list