ACK: [SRU Jammy 0/4] CVE-2023-3439

Tim Gardner tim.gardner at canonical.com
Wed Jul 5 17:57:29 UTC 2023


On 7/4/23 8:21 AM, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> There is a race condition which might trigger a use-after-free on MCTP
> mdev->addrs.
> 
> [Backport]
> mctp_dev refcount had to be introduced and some fixes related to it require
> some backporting due to not having extended address support. One of the
> pre-req commits actually adds some extra support for MCTP over tunnels.
> 
> [Potential regression]
> MCTP users might regress.
> 
> Jeremy Kerr (1):
>    mctp: Add refcounts to mctp_dev
> 
> Lin Ma (1):
>    mctp: defer the kfree of object mdev->addrs
> 
> Matt Johnston (2):
>    mctp: Allow MCTP on tun devices
>    mctp: make __mctp_dev_get() take a refcount hold
> 
>   include/net/mctpdevice.h |  5 ++++
>   net/mctp/device.c        | 53 +++++++++++++++++++++++++++++-----------
>   net/mctp/neigh.c         |  4 +--
>   net/mctp/route.c         | 19 ++++++++------
>   4 files changed, 58 insertions(+), 23 deletions(-)
> 
Acked-by: Tim Gardner <tim.gardner at canonical.com>
-- 
-----------
Tim Gardner
Canonical, Inc




More information about the kernel-team mailing list