ACK: [SRU OEM-5.17,OEM-6.0 0/1] CVE-2023-28466
Cengiz Can
cengiz.can at canonical.com
Fri Aug 4 19:48:21 UTC 2023
On Fri, 2023-08-04 at 10:18 -0300, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> It was discovered that a race condition existed in the TLS subsystem
> in the
> Linux kernel, leading to a use-after-free or a null pointer
> dereference
> vulnerability. A local attacker could use this to cause a denial of
> service
> (system crash) or possibly execute arbitrary code.
>
> [Potential regression]
> TLS socket users will be impacted. This does not impact TLS users
> using
> userspace TLS support.
>
> Hangyu Hua (1):
> net: tls: fix possible race condition between
> do_tls_getsockopt_conf()
> and do_tls_setsockopt_conf()
Acked-by: Cengiz Can <cengiz.can at canonical.com>
>
> net/tls/tls_main.c | 19 +++++--------------
> 1 file changed, 5 insertions(+), 14 deletions(-)
>
> --
> 2.34.1
>
>
More information about the kernel-team
mailing list