APPLIED [OEM-6.0/OEM-6.1] Re: [SRU Jammy,Kinetic,Lunar,OEM-6.0,OEM-6.1 0/1] CVE-2023-3389

Timo Aaltonen tjaalton at ubuntu.com
Thu Jul 6 08:31:52 UTC 2023


Thadeu Lima de Souza Cascardo kirjoitti 5.7.2023 klo 2.51:
> [Impact]
> A race with a linked timeout io_uring OP and poll removal may lead to a
> use-after-free. An unprivileged user can use this to cause a denial of
> service (system crash) or code execution.
> 
> [Backport]
> 5.15 had a backport of its own upstream, which was used for both Jammy and
> Kinetic. The original upstream fix applieds to Lunar, OEM-6.1 and OEM-6.0.
> 
> [Potential regression]
> Poll removal on io-uring can regress.
> 
> Jens Axboe (1):
>    io_uring: hold uring mutex around poll removal
> 
>   io_uring/io_uring.c | 3 +++
>   1 file changed, 3 insertions(+)
> 

applied to oem-6.0/6.1, thanks


-- 
t




More information about the kernel-team mailing list