ACK/Cmnt: [SRU][Kinetic][PATCH 0/1] CVE-2022-4379
Andrei Gherzan
andrei.gherzan at canonical.com
Fri Jan 27 09:42:59 UTC 2023
On Fri, 27 Jan 2023, 09:07 Stefan Bader, <stefan.bader at canonical.com> wrote:
> On 23.01.23 16:20, Andrei Gherzan wrote:
> > [Impact]
> >
> > A use-after-free vulnerability was found in __nfs42_ssc_open() in
> > fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to
> > conduct a remote denial.
> >
> > [Fix]
> >
> > Backported 75333d48f92256a0dec91dbf07835e804fc411c0 from upstream.
> > Backport was required (see the patch for more details).
> >
> > [Potential regression]
> >
> > None expected, low.
> >
> > [Tests]
> >
> > * Build test
> > * Runtime test
> > * boot a new Kinetic VM instance
> > * loaded nfsd kernel module
> > * exported on the VM a path and mounted on a client via NFSv4
> > * no errors or functionality impact observed
> >
> > Dai Ngo (1):
> > NFSD: fix use-after-free in __nfs42_ssc_open()
> >
> > fs/nfsd/nfs4proc.c | 22 ++++++----------------
> > 1 file changed, 6 insertions(+), 16 deletions(-)
> >
> This one would greatly benefit from doing as one submission for all
> affected
> series. For one this keeps review and application of all parts tied
> together.
> Second there is sometimes the benefit of seeing the evolution of backport
> efforts. Last remember that people are looking at this with little context
> and
> often little time. The comment about the backport if served condensed. I
> think
> what you say is "adjusted last hunk: test condition of removed code was
> changed
> later".
>
Sure, makes sense. Thanks for the review.
Andrei
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230127/19a9dfa5/attachment-0001.html>
More information about the kernel-team
mailing list