ACK: [SRU][F/J/L/M/OEM-6.5][PATCH 0/1] CVE-2023-6932
Andrei Gherzan
andrei.gherzan at canonical.com
Thu Jan 4 14:38:28 UTC 2024
On 24/01/03 04:55PM, Magali Lemes wrote:
> [Impact]
> A use-after-free vulnerability in the Linux kernel’s ipv4 igmp component can
> be exploited to achieve local privilege escalation. A race condition can be
> exploited to cause a timer to be mistakenly registered on an RCU read locked
> object which is freed by another thread.
>
> [Backport]
> Clean cherry-pick. However, when applying the patch on Lunar, Mantic, and
> OEM-6.5, use git am with the `--3way` option.
>
> [Test]
> Compile and boot tested.
>
> [Regression potential]
> This affects IGMP.
>
> Zhengchao Shao (1):
> ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet
>
> net/ipv4/igmp.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
Acked-by: Andrei Gherzan <andrei.gherzan at canonical.com>
--
Andrei Gherzan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240104/e4f69a5c/attachment.sig>
More information about the kernel-team
mailing list