ACK: [SRU][M/J/F][PATCH 0/1] CVE-2024-26622

Tim Gardner tim.gardner at canonical.com
Thu Apr 4 13:40:32 UTC 2024


On 4/1/24 8:19 AM, Bethany Jamison wrote:
> [Impact]
> 
>   In the Linux kernel, the following vulnerability has been resolved:
> 
>   tomoyo: fix UAF write bug in tomoyo_write_control()
> 
>   Since tomoyo_write_control() updates head->write_buf when write()
>   of long lines is requested, we need to fetch head->write_buf after
>   head->io_sem is held.  Otherwise, concurrent write() requests can
>   cause use-after-free-write and double-free problems.
> 
> [Fix]
> 
> Mantic:	Clean cherry-pick
> Jammy:	M patch applied cleanly
> Focal:	M patch applied cleanly
> Bionic:	fix sent to esm ML
> Xenial:	fix sent to esm ML
> Trusty:	not going to be fixed by us
> 
> [Test Case]
> 
> Compile and boot tested.
> 
> [Where problems could occur]
> 
> This affects those who use Tomoyo as a MAC, mandatory access control,
> issues could occur when writting to the tomoyo interface.
> 
> Tetsuo Handa (1):
>    tomoyo: fix UAF write bug in tomoyo_write_control()
> 
>   security/tomoyo/common.c | 3 ++-
>   1 file changed, 2 insertions(+), 1 deletion(-)
> 
Acked-by: Tim Gardner <tim.gardner at canonical.com>
-- 
-----------
Tim Gardner
Canonical, Inc




More information about the kernel-team mailing list