APPLIED: [SRU Jammy 0/4] CVE-2023-3439

Luke Nowakowski-Krijger luke.nowakowskikrijger at canonical.com
Thu Jul 6 21:16:39 UTC 2023


Applied to jammy:linux master-next

Thanks!
- Luke

On Tue, Jul 4, 2023 at 7:22 AM Thadeu Lima de Souza Cascardo <
cascardo at canonical.com> wrote:

> [Impact]
> There is a race condition which might trigger a use-after-free on MCTP
> mdev->addrs.
>
> [Backport]
> mctp_dev refcount had to be introduced and some fixes related to it require
> some backporting due to not having extended address support. One of the
> pre-req commits actually adds some extra support for MCTP over tunnels.
>
> [Potential regression]
> MCTP users might regress.
>
> Jeremy Kerr (1):
>   mctp: Add refcounts to mctp_dev
>
> Lin Ma (1):
>   mctp: defer the kfree of object mdev->addrs
>
> Matt Johnston (2):
>   mctp: Allow MCTP on tun devices
>   mctp: make __mctp_dev_get() take a refcount hold
>
>  include/net/mctpdevice.h |  5 ++++
>  net/mctp/device.c        | 53 +++++++++++++++++++++++++++++-----------
>  net/mctp/neigh.c         |  4 +--
>  net/mctp/route.c         | 19 ++++++++------
>  4 files changed, 58 insertions(+), 23 deletions(-)
>
> --
> 2.34.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230706/579ed390/attachment.html>


More information about the kernel-team mailing list