ACK: [SRU][Xenial][PATCH 0/1] CVE-2022-0494
Tim Gardner
tim.gardner at canonical.com
Thu Feb 23 19:18:30 UTC 2023
On 2/23/23 12:09 PM, Yuxuan Luo wrote:
> [Impact]
> A kernel information leak flaw was identified in the scsi_ioctl function in
> drivers/scsi/scsi_ioctl.c in the Linux kernel due to reading an uninitialized
> chunk of memory. This flaw allows a local attacker with a special user privilege
> (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality.
>
> [Backport]
> Since the vulnerability is fixed by adding a flag when allocating the buffer,
> all the refactoring commits can be ignored.
>
> [Test]
> Compile tested.
>
> [Potential Regression]
> Expecting low risk of potential regression which should be limited within the
> changed file.
>
> Yuxuan Luo (1):
> block-map: add __GFP_ZERO flag for alloc_page in function
> bio_copy_kern
>
> block/bio.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
Acked-by: Tim Gardner <tim.gardner at canonical.com>
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list