[SRU][Focal-OEM-5.14/Jammy-OEM-5.17/OEM-6.0][PATCH 0/1] CVE-2023-1074
Yuxuan Luo
yuxuan.luo at canonical.com
Fri Mar 17 18:40:11 UTC 2023
[Impact]
It is reported that a type confused pointer is used in SCTP implementation to
return information to the user space, leading to KASLR leak.
[Backport]
Clean cherry pick.
[Test]
Tested against lksctp_tools' func_test in both IPv4 and IPv6.
[Potential Regression]
Expecting very low potential of regression as the func_test mentioned above
could serve as a regression test.
Marcelo Ricardo Leitner (1):
sctp: fail if no bound addresses can be used for a given scope
net/sctp/bind_addr.c | 6 ++++++
1 file changed, 6 insertions(+)
--
2.34.1
More information about the kernel-team
mailing list