ACK: [SRU][F/J/L/M/OEM-6.5][PATCH 0/1] CVE-2023-6932
Roxana Nicolescu
roxana.nicolescu at canonical.com
Thu Jan 4 13:25:10 UTC 2024
On 03/01/2024 20:55, Magali Lemes wrote:
> [Impact]
> A use-after-free vulnerability in the Linux kernel’s ipv4 igmp component can
> be exploited to achieve local privilege escalation. A race condition can be
> exploited to cause a timer to be mistakenly registered on an RCU read locked
> object which is freed by another thread.
>
> [Backport]
> Clean cherry-pick. However, when applying the patch on Lunar, Mantic, and
> OEM-6.5, use git am with the `--3way` option.
>
> [Test]
> Compile and boot tested.
>
> [Regression potential]
> This affects IGMP.
>
> Zhengchao Shao (1):
> ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet
>
> net/ipv4/igmp.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
Acked-by: Roxana Nicolescu <roxana.nicolescu at canonical.com>
More information about the kernel-team
mailing list