APPLIED Re: [SRU][OEM-5.17][PATCH 0/1] CVE-2022-40307
Timo Aaltonen
tjaalton at ubuntu.com
Tue Apr 18 06:46:21 UTC 2023
Yuxuan Luo kirjoitti 4.4.2023 klo 23.23:
> [Impact]
> There is a race condition that occurs in drivers/firmware/efi, between the
> efi_capsule_write() and efi_capsule_flush() functions of efi_capsule_fops,
> which ultimately results in UAF.
>
> [Backport]
> It is a clean cherry pick.
>
> [Test]
> Compile and boot tested.
> There is a proof of concept for this CVE, though, the prerequisite command,
> installing the efi_capsule_loader, fails as "No such device", indicating a
> requirement for physical hardware.
> The link to the PoC: https://lore.kernel.org/all/20220907102920.GA88602@ubuntu/
>
> [Potential Regression]
> Should be trivial.
>
> Hyunwoo Kim (1):
> efi: capsule-loader: Fix use-after-free in efi_capsule_write
>
> drivers/firmware/efi/capsule-loader.c | 31 ++++++---------------------
> 1 file changed, 7 insertions(+), 24 deletions(-)
>
applied to oem-5.17, thanks
--
t
More information about the kernel-team
mailing list