APPLIED: [SRU][J/F][PATCH v2] CVE-2022-4269

Luke Nowakowski-Krijger luke.nowakowskikrijger at canonical.com
Mon Jun 12 20:25:13 UTC 2023 

Patches already included in Jammy as a stable update.

Focal ones applied to focal:linux master-next

Thanks,
- Luke

On Fri, May 12, 2023 at 11:02 AM Yuxuan Luo <yuxuan.luo at canonical.com>
wrote:

> The v1 patch cannot be applied on Jammy and the Focal patches were
> incomplete,
> please ignore the v1 patch for Jammy and Focal.
>
> [Impact]
> A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using
> a specific networking configuration (redirecting egress packets to ingress
> using TC action "mirred") a local unprivileged user could trigger a CPU
> soft lockup (ABBA deadlock) when the transport protocol in use (TCP or
> SCTP) does a retransmission, resulting in a denial of service condition.
>
> [Backport]
> For Jammy, there is a build error at `mirred_nest_level` not found. In
> order to
> fix this problem, backport 78dcdffe0418 (“net/sched: act_mirred: better
> wording on protection against excessive stack growth”), this commit renamed
> some variables, which solves the error of the fix commit.
>
> For Focal, in addition to the commits above, three commits have to be
> backported
> to solve a conflict, 1d14b30b5a5e, fa6d639930ee, and ef816f3c49c1. Then,
> backport the part that affects `act_mirred.c` in the 26b537a88ca5 commit to
> introduce the required `tcf_action_inc_overlimit_qstats()` function.
>
> [Test]
> Compile and smoke tested.
>
> [Potential Regression]
> Expecting really low potential regression for Kinetic and Jammy as the two
> commits only refactor and add some checks.
> For Focal, the additional four commits mainly aim at refactoring and
> introduce
> a function that only has one caller, so the regression potential should
> not be
> higher by a significant amount.
>
> Davide Caratti (1):
>   act_mirred: use the backlog for nested calls to mirred ingress
>
>  net/sched/act_mirred.c                        |  7 +++
>  .../selftests/net/forwarding/tc_actions.sh    | 49 ++++++++++++++++++-
>  2 files changed, 55 insertions(+), 1 deletion(-)
>
> --
> 2.34.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230612/d068865a/attachment.html>

More information about the kernel-team mailing list