[SRU][J/F][PATCH v2] CVE-2022-4269
Yuxuan Luo
yuxuan.luo at canonical.com
Fri May 12 18:01:31 UTC 2023
The v1 patch cannot be applied on Jammy and the Focal patches were incomplete,
please ignore the v1 patch for Jammy and Focal.
[Impact]
A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using
a specific networking configuration (redirecting egress packets to ingress
using TC action "mirred") a local unprivileged user could trigger a CPU
soft lockup (ABBA deadlock) when the transport protocol in use (TCP or
SCTP) does a retransmission, resulting in a denial of service condition.
[Backport]
For Jammy, there is a build error at `mirred_nest_level` not found. In order to
fix this problem, backport 78dcdffe0418 (“net/sched: act_mirred: better
wording on protection against excessive stack growth”), this commit renamed
some variables, which solves the error of the fix commit.
For Focal, in addition to the commits above, three commits have to be backported
to solve a conflict, 1d14b30b5a5e, fa6d639930ee, and ef816f3c49c1. Then,
backport the part that affects `act_mirred.c` in the 26b537a88ca5 commit to
introduce the required `tcf_action_inc_overlimit_qstats()` function.
[Test]
Compile and smoke tested.
[Potential Regression]
Expecting really low potential regression for Kinetic and Jammy as the two
commits only refactor and add some checks.
For Focal, the additional four commits mainly aim at refactoring and introduce
a function that only has one caller, so the regression potential should not be
higher by a significant amount.
Davide Caratti (1):
act_mirred: use the backlog for nested calls to mirred ingress
net/sched/act_mirred.c | 7 +++
.../selftests/net/forwarding/tc_actions.sh | 49 ++++++++++++++++++-
2 files changed, 55 insertions(+), 1 deletion(-)
--
2.34.1
More information about the kernel-team
mailing list