ACK/Cmnt: [SRU][Focal/Jammy/Lunar][PATCH 0/3] CVE-2023-4128

[Yuxuan Luo]

On 8/17/23 03:37, Stefan Bader wrote:
> On 17.08.23 00:14, Yuxuan Luo wrote:
>> [Impact]
>> A use-after-free flaw was found in net/sched/cls_fw.c in classifiers
>> (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a
>> local attacker to perform a local privilege escalation due to incorrect
>> handling of the existing filter, leading to a kernel information leak
>> issue.
>>
>> [Backport]
>> Clean cherry picks.
>
> With patches like this which appear near identical except the slight 
> variation in file name, it is helpful to point this out to avoid a 
> confused reviewer. ;)
Noted. This is more friendlier to git-am otherwise it complains about 
conflicts even though they were cherry-picked from the same commit.
>
>>
>> [Test]
>> Smoke tested by adding corresponding filters using `tc`.
>>
>> [Potential Regression]
>> Expect low regression potential.
>>
>> valis (3):
>>    net/sched: cls_u32: No longer copy tcf_result on update to avoid
>>      use-after-free
>>    net/sched: cls_fw: No longer copy tcf_result on update to avoid
>>      use-after-free
>>    net/sched: cls_route: No longer copy tcf_result on update to avoid
>>      use-after-free
>>
>>   net/sched/cls_fw.c    | 1 -
>>   net/sched/cls_route.c | 1 -
>>   net/sched/cls_u32.c   | 1 -
>>   3 files changed, 3 deletions(-)
>>
>
> Acked-by: Stefan Bader <stefan.bader at canonical.com>