ACK: [SRU OEM-5.17 0/1] CVE-2022-3586
Tim Gardner
tim.gardner at canonical.com
Thu Apr 6 13:48:20 UTC 2023
On 4/5/23 7:09 PM, Cengiz Can wrote:
> [Impact]
> A flaw was found in the Linux kernel’s networking code. A use-after-free was
> found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb
> field after the same SKB had been enqueued (and freed) into a child qdisc.
> This flaw allows a local, unprivileged user to crash the system, causing a
> denial of service.
>
> [Fix]
> Cherry picked from upstream.
>
> [Test case]
> Boot and basic network functionality tested with ntopng and wget.
>
> [Potential regression]
> Low. Fix has been in other kernels for quite a while now.
>
> Toke Høiland-Jørgensen (1):
> sch_sfb: Don't assume the skb is still around after enqueueing to
> child
>
> net/sched/sch_sfb.c | 10 ++++++----
> 1 file changed, 6 insertions(+), 4 deletions(-)
>
Acked-by: Tim Gardner <tim.gardner at canonical.com>
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list