ACK: [SRU OEM-5.17, OEM-6.0 PATCH 0/1] CVE-2022-47929
Tim Gardner
tim.gardner at canonical.com
Thu Jun 22 15:10:34 UTC 2023
On 6/21/23 8:15 AM, Cengiz Can wrote:
> [Impact]
> In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic
> control subsystem allows an unprivileged user to trigger a denial of service
> (system crash) via a crafted traffic control configuration that is set up with
> "tc qdisc" and "tc class" commands. This affects qdisc_graft in
> net/sched/sch_api.c.
>
> [Fix]
> Clean cherry pick froom upstream.
>
> [Test case]
> Compile, boot and PoC tested under KVM.
>
> [Potential regression]
> Low. All users who utilize network traffic control might be affected.
>
> Frederick Lawler (1):
> net: sched: disallow noqueue for qdisc classes
>
> net/sched/sch_api.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> --
> 2.39.2
>
>
Acked-by: Tim Gardner <tim.gardner at canonical.com>
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list