[SRU][F/J/L][PATCH v2 0/1] CVE-2023-3609

[Yuxuan Luo]

This v2 patch corrects the patch for Focal and Jammy as Lunar's patch
cannot be applied cleanly on these kernels. No change made to Lunar's
patch.

[Impact]
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32
component can be exploited to achieve local privilege escalation. If
tcf_change_indev() fails, u32_set_parms() will immediately return an
error after incrementing or decrementing the reference counter in
tcf_bind_filter(). If an attacker can control the reference counter and
set it to zero, they can cause the reference to be freed, leading to a
use-after-free vulnerability.

[Backport]
Clean cherry pick.

[Test]
Smoke tested via adding an u32 filter to a dummy device using `tc`.

[Potential Regression]
Expect very low regression.

Lee Jones (1):
  net/sched: cls_u32: Fix reference counter leak leading to overflow

 net/sched/cls_u32.c | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

-- 
2.34.1