APPLIED [OEM-6.0/OEM-6.1] Re: [SRU][Jammy-OEM-6.0/OEM-6.1][PATCH 0/3] CVE-2023-4128
Timo Aaltonen
tjaalton at ubuntu.com
Tue Aug 22 10:39:01 UTC 2023
Yuxuan Luo kirjoitti 17.8.2023 klo 1.13:
> [Impact]
> A use-after-free flaw was found in net/sched/cls_fw.c in classifiers
> (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a
> local attacker to perform a local privilege escalation due to incorrect
> handling of the existing filter, leading to a kernel information leak
> issue.
>
> [Backport]
> Clean cherry picks.
>
> [Test]
> Smoke tested by adding corresponding filters using `tc`.
>
> [Potential Regression]
> Expect low regression potential.
>
> valis (3):
> net/sched: cls_u32: No longer copy tcf_result on update to avoid
> use-after-free
> net/sched: cls_fw: No longer copy tcf_result on update to avoid
> use-after-free
> net/sched: cls_route: No longer copy tcf_result on update to avoid
> use-after-free
>
> net/sched/cls_fw.c | 1 -
> net/sched/cls_route.c | 1 -
> net/sched/cls_u32.c | 1 -
> 3 files changed, 3 deletions(-)
>
applied to oem kernels, thanks
--
t
More information about the kernel-team
mailing list