ACK: [SRU][K][PATCH 0/1] CVE-2022-41218
Luke Nowakowski-Krijger
luke.nowakowskikrijger at canonical.com
Thu Mar 16 20:10:11 UTC 2023
Acked-by: Luke Nowakowski-Krijger <luke.nowakowskikrijger at canonical.com>
On Wed, Mar 15, 2023 at 10:41 AM Magali Lemes <
magali.lemes.do.sacramento at canonical.com> wrote:
> [Impact]
> Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel did not
> properly perform reference counting in some situations, leading to a
> use-after-free vulnerability. A local attacker could use this to cause a
> denial
> of service (system crash) or possibly execute arbitrary code.
>
> [Backport]
> Clean cherry-pick.
>
> [Test]
> Compiled, boot and module load tested.
>
> [Regression potential]
> We expect minimal regression, since the commit only adds a check for
> dmxdev->exit at dvb_demux_open() and adds a mutex for dmxdev->exit at
> dvb_dmxdev_release().
>
> Takashi Iwai (1):
> media: dvb-core: Fix UAF due to refcount races at releasing
>
> drivers/media/dvb-core/dmxdev.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> --
> 2.34.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230316/f2e38acd/attachment.html>
More information about the kernel-team
mailing list