[SRU OEM-5.17, OEM-6.0 PATCH 0/1] CVE-2022-47929
Cengiz Can
cengiz.can at canonical.com
Wed Jun 21 14:15:27 UTC 2023
[Impact]
In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic
control subsystem allows an unprivileged user to trigger a denial of service
(system crash) via a crafted traffic control configuration that is set up with
"tc qdisc" and "tc class" commands. This affects qdisc_graft in
net/sched/sch_api.c.
[Fix]
Clean cherry pick froom upstream.
[Test case]
Compile, boot and PoC tested under KVM.
[Potential regression]
Low. All users who utilize network traffic control might be affected.
Frederick Lawler (1):
net: sched: disallow noqueue for qdisc classes
net/sched/sch_api.c | 5 +++++
1 file changed, 5 insertions(+)
--
2.39.2
More information about the kernel-team
mailing list