[SRU OEM-5.14 0/2, OEM-5.17 0/1] CVE-2022-3586
Cengiz Can
cengiz.can at canonical.com
Fri Apr 21 01:29:19 UTC 2023
[Impact]
A flaw was found in the Linux kernel’s networking code. A use-after-free was
found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb
field after the same SKB had been enqueued (and freed) into a child qdisc.
This flaw allows a local, unprivileged user to crash the system, causing a
denial of service.
[Fix]
Clean cherry picks from upstream.
Please do note that OEM-5.17 already has commit 9efd23297cca ("sch_sfb: Don't
assume the skb is still around after enqueueing to child") thus excluded from
patchset.
[Test case]
Boot and basic network functionality tested with ntop and wget.
[Potential regression]
Low. Fix has been in other kernels for quite a while now.
Toke Høiland-Jørgensen (2):
sch_sfb: Don't assume the skb is still around after enqueueing to
child
sch_sfb: Also store skb len before calling child enqueue
net/sched/sch_sfb.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
--
2.37.2
More information about the kernel-team
mailing list