ACK: [SRU][F/J/L][PATCH 0/1] CVE-2023-4622
Stefan Bader
stefan.bader at canonical.com
Fri Sep 15 14:37:57 UTC 2023
On 13.09.23 23:43, Yuxuan Luo wrote:
> [Impact]
> A use-after-free vulnerability in the Linux kernel's af_unix component can
> be exploited to achieve local privilege escalation. The
> unix_stream_sendpage() function tries to add data to the last skb in the
> peer's recv queue without locking the queue. Thus there is a race where
> unix_stream_sendpage() could access an skb locklessly that is being
> released by garbage collection, resulting in use-after-free. We recommend
> upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.
>
> [Backport]
> Backported from stable/linux-6.1.y tree; it is a clean cherry pick.
>
> [Test]
> Smoke tested via building an AF_UNIX echo server and connecting to it.
>
> [Potential Regression]
> Expect very low regression.
>
> Kuniyuki Iwashima (1):
> af_unix: Fix null-ptr-deref in unix_stream_sendpage().
>
> net/unix/af_unix.c | 9 ++++-----
> 1 file changed, 4 insertions(+), 5 deletions(-)
>
Acked-by: Stefan Bader <stefan.bader at canonical.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 44613 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230915/3bff1a05/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230915/3bff1a05/attachment-0001.sig>
More information about the kernel-team
mailing list