[SRU][Jammy-OEM-5.17/OEM-6.0][PATCH 0/2] CVE-2023-3863
Yuxuan Luo
yuxuan.luo at canonical.com
Wed Aug 9 16:02:19 UTC 2023
[Impact]
It was discovered that the NFC implementation in the Linux kernel
contained a use-after-free vulnerability when performing peer-to-peer
communication in certain conditions. A privileged attacker could use
this to cause a denial of service (system crash) or possibly expose
sensitive information (kernel memory).
[Backport]
The fix commit requires ec10fd154d93 (“nfc: llcp: simplify
llcp_sock_connect() error paths”) as its prerequisite to be applied
cleanly.
[Test]
Tested against libnfc/test:
```bash
# Install required packages
apt-get -y install git autoconf gcc make libusb-dev libtool
# Install dependency CUTTER
apt-get -y install software-properties-common
add-apt-repository -y ppa:cutter-testing-framework/ppa
apt-get update
apt-get -y install cutter-testing-framework
# Get test suite
git clone https://github.com/nfc-tools/libnfc.git
cd libnfc/
# Setup
autoreconf -vis
# Run test suite
./configure
make check
```
Expected result:
```
...
PASS: run-test.sh
============================================================================
Testsuite summary for libnfc 1.8.0
============================================================================
# TOTAL: 1
# PASS: 1
# SKIP: 0
# XFAIL: 0
# FAIL: 0
# XPASS: 0
# ERROR: 0
============================================================================
make[3]: Leaving directory '/home/ubuntu/test/libnfc/test'
```
[Potential Regression]
Although there are multiple modified files, the patches have been tested
against the regression test suite. Expect moderate regression potential.
Krzysztof Kozlowski (1):
nfc: llcp: simplify llcp_sock_connect() error paths
Lin Ma (1):
net: nfc: Fix use-after-free caused by nfc_llcp_find_local
net/nfc/llcp.h | 1 -
net/nfc/llcp_commands.c | 12 +++++++---
net/nfc/llcp_core.c | 49 +++++++++++++++++++++++++++++++++++------
net/nfc/llcp_sock.c | 21 ++++++++++--------
net/nfc/netlink.c | 20 ++++++++++++-----
net/nfc/nfc.h | 1 +
6 files changed, 79 insertions(+), 25 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list