[UBUNTU Kinetic,OEM-6.0 0/1] CVE-2023-1032
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Wed Mar 15 13:37:14 UTC 2023
On Wed, Mar 15, 2023 at 10:32:50AM -0300, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> An unprivileged user under memory cgroup constraints may crash the kernel
> with a double free.
>
> [Test case]
> A PoC was tested in both 5.19 and 6.0 kernels. Without the fix, there is a kernel
> BUG_ON. With the fix, the constrained process is only killed with OOM, but no BUG_ON
> is observed.
>
> [Potential regression]
> The changed function is only used by io_uring, so only io_uring users would be
> affected by any regressions.
>
> Thadeu Lima de Souza Cascardo (1):
> net: avoid double iput when sock_alloc_file fails
>
> net/socket.c | 11 ++++-------
> 1 file changed, 4 insertions(+), 7 deletions(-)
>
> --
> 2.34.1
A note that this is already pending on 6.1 and 6.2 kernels and does not affect
5.17 or earlier kernels, hence, only submitted to 5.19 and 6.0.
Cascardo.
More information about the kernel-team
mailing list