ACK: [SRU OEM-5.17,OEM-6.0 0/1] CVE-2023-28466
Tim Gardner
tim.gardner at canonical.com
Fri Aug 4 16:19:08 UTC 2023
On 8/4/23 7:18 AM, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> It was discovered that a race condition existed in the TLS subsystem in the
> Linux kernel, leading to a use-after-free or a null pointer dereference
> vulnerability. A local attacker could use this to cause a denial of service
> (system crash) or possibly execute arbitrary code.
>
> [Potential regression]
> TLS socket users will be impacted. This does not impact TLS users using
> userspace TLS support.
>
> Hangyu Hua (1):
> net: tls: fix possible race condition between do_tls_getsockopt_conf()
> and do_tls_setsockopt_conf()
>
> net/tls/tls_main.c | 19 +++++--------------
> 1 file changed, 5 insertions(+), 14 deletions(-)
>
Acked-by: Tim Gardner <tim.gardner at canonical.com>
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list