[SRU HWE-5.17 0/1] CVE-2022-2318
Cengiz Can
cengiz.can at canonical.com
Tue Sep 27 18:41:24 UTC 2022
[Impact]
There are use-after-free vulnerabilities caused by timer handler in
net/rose/rose_timer.c of linux that allow attackers to crash linux
kernel without any privileges.
[Fix]
Cherry picked from upstream.
[Test case]
Boot tested on KVM only.
[Potential regressions]
Unknown but highly unlikely since the fix is released with other
kernels months ago.
Duoming Zhou (1):
net: rose: fix UAF bugs caused by timer handler
net/rose/rose_timer.c | 34 +++++++++++++++++++---------------
1 file changed, 19 insertions(+), 15 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list