Cmnt: [SRU][F/J/L][PATCH 0/1] CVE-2023-4921

Timo Aaltonen tjaalton at ubuntu.com
Thu Oct 5 09:18:27 UTC 2023


Hi,

Please add the [OEM-6.1] tag to the subject when commenting that a patch 
applies there too, otherwise it won't show up on my filter :)

Yuxuan Luo kirjoitti 27.9.2023 klo 16.49:
> Also applies to Jammy-OEM-6.1.
> 
> On 9/26/23 18:44, Yuxuan Luo wrote:
>> [Impact]
>> A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq
>> component can be exploited to achieve local privilege escalation. When 
>> the
>> plug qdisc is used as a class of the qfq qdisc, sending network packets
>> triggers use-after-free in qfq_dequeue() due to the incorrect .peek 
>> handler
>> of sch_plug and lack of error checking in agg_dequeue(). We recommend
>> upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.
>>
>> [Backport]
>> It is a clean cherry pick.
>>
>> [Test]
>> Tested against the proof of concept. Note that the bug report generated
>> by the PoC is expected, as discussed in the [mailing
>> list](https://lore.kernel.org/all/39597d43-7522-38e7-1b37-82c4a84158aa@mojatatu.com/).
>>
>> [Potential Regression]
>> Expect relatively low regression potential as it has been backported to
>> multiple stable branches.
>>
>> valis (1):
>>    net: sched: sch_qfq: Fix UAF in qfq_dequeue()
>>
>>   net/sched/sch_plug.c |  2 +-
>>   net/sched/sch_qfq.c  | 22 +++++++++++++++++-----
>>   2 files changed, 18 insertions(+), 6 deletions(-)
>>
> 

-- 
t




More information about the kernel-team mailing list