ACK: [SRU OEM-5.17, OEM-6.0 PATCH 0/1] CVE-2022-47929
Andrei Gherzan
andrei.gherzan at canonical.com
Mon Jun 26 11:38:54 UTC 2023
On 23/06/21 05:15PM, Cengiz Can wrote:
> [Impact]
> In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic
> control subsystem allows an unprivileged user to trigger a denial of service
> (system crash) via a crafted traffic control configuration that is set up with
> "tc qdisc" and "tc class" commands. This affects qdisc_graft in
> net/sched/sch_api.c.
>
> [Fix]
> Clean cherry pick froom upstream.
>
> [Test case]
> Compile, boot and PoC tested under KVM.
>
> [Potential regression]
> Low. All users who utilize network traffic control might be affected.
>
> Frederick Lawler (1):
> net: sched: disallow noqueue for qdisc classes
>
> net/sched/sch_api.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> --
> 2.39.2
Acked-by: Andrei Gherzan <andrei.gherzan at canonical.com>
--
Andrei Gherzan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230626/cd5740da/attachment.sig>
More information about the kernel-team
mailing list