[SRU][L][PATCH v2 0/1] CVE-2023-6932
Magali Lemes
magali.lemes at canonical.com
Thu Jan 4 17:45:01 UTC 2024
[Impact]
A use-after-free vulnerability in the Linux kernel's ipv4 igmp component can
be exploited to achieve local privilege escalation. A race condition can be
exploited to cause a timer to be mistakenly registered on an RCU read locked
object which is freed by another thread.
[Backport]
Clean cherry-pick.
[Test]
Compile and boot tested.
[Regression potential]
This affects IGMP.
[Other Info]
Change in v2:
- Cherry-pick fix commit directly on top of the Lunar linux repo to ensure the
patch applies cleanly.
Zhengchao Shao (1):
ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet
net/ipv4/igmp.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list