APPLIED: [SRU][F/J/L][PATCH 0/1] CVE-2023-4622
Roxana Nicolescu
roxana.nicolescu at canonical.com
Wed Sep 20 08:22:34 UTC 2023
On 13/09/2023 23:43, Yuxuan Luo wrote:
> [Impact]
> A use-after-free vulnerability in the Linux kernel's af_unix component can
> be exploited to achieve local privilege escalation. The
> unix_stream_sendpage() function tries to add data to the last skb in the
> peer's recv queue without locking the queue. Thus there is a race where
> unix_stream_sendpage() could access an skb locklessly that is being
> released by garbage collection, resulting in use-after-free. We recommend
> upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.
>
> [Backport]
> Backported from stable/linux-6.1.y tree; it is a clean cherry pick.
>
> [Test]
> Smoke tested via building an AF_UNIX echo server and connecting to it.
>
> [Potential Regression]
> Expect very low regression.
>
> Kuniyuki Iwashima (1):
> af_unix: Fix null-ptr-deref in unix_stream_sendpage().
>
> net/unix/af_unix.c | 9 ++++-----
> 1 file changed, 4 insertions(+), 5 deletions(-)
>
Applied to focal,jammy,lunar:master-next. Thanks!
Roxana
More information about the kernel-team
mailing list