[SRU OEM-5.17,OEM-6.0 0/1] CVE-2023-32269

Thadeu Lima de Souza Cascardo cascardo at canonical.com
Mon Jul 31 20:25:35 UTC 2023

 It was discovered that the NET/ROM protocol implementation in the Linux
 kernel contained a race condition in some situations, leading to a use-
 after-free vulnerability. A local attacker could use this to cause a denial
 of service (system crash) or possibly execute arbitrary code.

[Potential regression]
NET/ROM users may notice regressions, specially if trying to listen to
reused sockets.

Hyunwoo Kim (1):
  netrom: Fix use-after-free caused by accept on already connected

 net/netrom/af_netrom.c | 5 +++++
 1 file changed, 5 insertions(+)


More information about the kernel-team mailing list