ACK: [SRU OEM-5.14 0/2, OEM-5.17 0/1] CVE-2022-3586
Cory Todd
cory.todd at canonical.com
Fri Apr 21 19:33:30 UTC 2023
On Fri, Apr 21, 2023 at 04:29:19AM +0300, Cengiz Can wrote:
> [Impact]
> A flaw was found in the Linux kernel’s networking code. A use-after-free was
> found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb
> field after the same SKB had been enqueued (and freed) into a child qdisc.
> This flaw allows a local, unprivileged user to crash the system, causing a
> denial of service.
>
> [Fix]
> Clean cherry picks from upstream.
>
> Please do note that OEM-5.17 already has commit 9efd23297cca ("sch_sfb: Don't
> assume the skb is still around after enqueueing to child") thus excluded from
> patchset.
>
> [Test case]
> Boot and basic network functionality tested with ntop and wget.
>
> [Potential regression]
> Low. Fix has been in other kernels for quite a while now.
>
> Toke Høiland-Jørgensen (2):
> sch_sfb: Don't assume the skb is still around after enqueueing to
> child
> sch_sfb: Also store skb len before calling child enqueue
>
> net/sched/sch_sfb.c | 13 ++++++++-----
> 1 file changed, 8 insertions(+), 5 deletions(-)
>
> --
> 2.37.2
Acked-by: Cory Todd <cory.todd at canonical.com>
More information about the kernel-team
mailing list