[SRU][F/J/L/M/OEM-6.5][PATCH 0/1] CVE-2023-6932
Magali Lemes
magali.lemes at canonical.com
Wed Jan 3 19:55:57 UTC 2024
[Impact]
A use-after-free vulnerability in the Linux kernel’s ipv4 igmp component can
be exploited to achieve local privilege escalation. A race condition can be
exploited to cause a timer to be mistakenly registered on an RCU read locked
object which is freed by another thread.
[Backport]
Clean cherry-pick. However, when applying the patch on Lunar, Mantic, and
OEM-6.5, use git am with the `--3way` option.
[Test]
Compile and boot tested.
[Regression potential]
This affects IGMP.
Zhengchao Shao (1):
ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet
net/ipv4/igmp.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list