[UBUNTU Kinetic,OEM-6.0 0/1] CVE-2023-1032

Thadeu Lima de Souza Cascardo cascardo at canonical.com
Wed Mar 15 13:32:50 UTC 2023


[Impact]
An unprivileged user under memory cgroup constraints may crash the kernel
with a double free.

[Test case]
A PoC was tested in both 5.19 and 6.0 kernels. Without the fix, there is a kernel
BUG_ON. With the fix, the constrained process is only killed with OOM, but no BUG_ON
is observed.

[Potential regression]
The changed function is only used by io_uring, so only io_uring users would be
affected by any regressions.

Thadeu Lima de Souza Cascardo (1):
  net: avoid double iput when sock_alloc_file fails

 net/socket.c | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

-- 
2.34.1




More information about the kernel-team mailing list