[SRU][Focal/Jammy/Lunar][PATCH 0/3] CVE-2023-4128
Yuxuan Luo
yuxuan.luo at canonical.com
Wed Aug 16 22:14:28 UTC 2023
[Impact]
A use-after-free flaw was found in net/sched/cls_fw.c in classifiers
(cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a
local attacker to perform a local privilege escalation due to incorrect
handling of the existing filter, leading to a kernel information leak
issue.
[Backport]
Clean cherry picks.
[Test]
Smoke tested by adding corresponding filters using `tc`.
[Potential Regression]
Expect low regression potential.
valis (3):
net/sched: cls_u32: No longer copy tcf_result on update to avoid
use-after-free
net/sched: cls_fw: No longer copy tcf_result on update to avoid
use-after-free
net/sched: cls_route: No longer copy tcf_result on update to avoid
use-after-free
net/sched/cls_fw.c | 1 -
net/sched/cls_route.c | 1 -
net/sched/cls_u32.c | 1 -
3 files changed, 3 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list