ACK: [SRU OEM-5.17,OEM-6.0 0/1] CVE-2023-28466

Tim Gardner tim.gardner at canonical.com
Fri Aug 4 16:19:08 UTC 2023


On 8/4/23 7:18 AM, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
>   It was discovered that a race condition existed in the TLS subsystem in the
>   Linux kernel, leading to a use-after-free or a null pointer dereference
>   vulnerability. A local attacker could use this to cause a denial of service
>   (system crash) or possibly execute arbitrary code.
> 
> [Potential regression]
> TLS socket users will be impacted. This does not impact TLS users using
> userspace TLS support.
> 
> Hangyu Hua (1):
>    net: tls: fix possible race condition between do_tls_getsockopt_conf()
>      and do_tls_setsockopt_conf()
> 
>   net/tls/tls_main.c | 19 +++++--------------
>   1 file changed, 5 insertions(+), 14 deletions(-)
> 
Acked-by: Tim Gardner <tim.gardner at canonical.com>
-- 
-----------
Tim Gardner
Canonical, Inc




More information about the kernel-team mailing list