[SRU][F/J/L/M][PATCH 0/1] CVE-2023-51779
Yuxuan Luo
yuxuan.luo at canonical.com
Fri Jan 5 23:20:28 UTC 2024
[Impact]
A vulneralbility has been found in Linux kernel
net/bluetoothaf_bluetooth.c. This can cause a race with bt_sock_ioctl()
because bt_sock_recvmsg() gets the skb from sk->sk_receive_queue and
then frees it without holding lock_sock. A use-after-free for a skb
occurs which leads to potential denial of service.
[Backport]
For Lunar and Mantic it is a clean cherry pick.
For Focal and Jammy, there exists a prerequisite commit, f4b41f062c42
(“net: remove noblock parameter from skb_recv_datagram()”). However,
this commit only removes the obsolete parameter, so ignore this commit
and manually backport the lock.
[Test]
Compile and boot tested.
[Potential Regression]
Expect very low regression potential.
Hyunwoo Kim (1):
Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg
net/bluetooth/af_bluetooth.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--
2.34.1
More information about the kernel-team
mailing list