APPLIED Re: [SRU OEM-5.17,OEM-6.0 0/1] CVE-2023-28466
Timo Aaltonen
tjaalton at ubuntu.com
Fri Aug 11 09:37:14 UTC 2023
Thadeu Lima de Souza Cascardo kirjoitti 4.8.2023 klo 16.18:
> [Impact]
> It was discovered that a race condition existed in the TLS subsystem in the
> Linux kernel, leading to a use-after-free or a null pointer dereference
> vulnerability. A local attacker could use this to cause a denial of service
> (system crash) or possibly execute arbitrary code.
>
> [Potential regression]
> TLS socket users will be impacted. This does not impact TLS users using
> userspace TLS support.
>
> Hangyu Hua (1):
> net: tls: fix possible race condition between do_tls_getsockopt_conf()
> and do_tls_setsockopt_conf()
>
> net/tls/tls_main.c | 19 +++++--------------
> 1 file changed, 5 insertions(+), 14 deletions(-)
>
applied to oem kernels, thanks
--
t
More information about the kernel-team
mailing list