APPLIED [OEM-6.1] Re: [SRU][F/J/L/M][PATCH 0/1] CVE-2023-51779
Timo Aaltonen
tjaalton at ubuntu.com
Mon Jan 8 13:46:49 UTC 2024
Yuxuan Luo kirjoitti 6.1.2024 klo 1.20:
> [Impact]
> A vulneralbility has been found in Linux kernel
> net/bluetoothaf_bluetooth.c. This can cause a race with bt_sock_ioctl()
> because bt_sock_recvmsg() gets the skb from sk->sk_receive_queue and
> then frees it without holding lock_sock. A use-after-free for a skb
> occurs which leads to potential denial of service.
>
> [Backport]
> For Lunar and Mantic it is a clean cherry pick.
> For Focal and Jammy, there exists a prerequisite commit, f4b41f062c42
> (“net: remove noblock parameter from skb_recv_datagram()”). However,
> this commit only removes the obsolete parameter, so ignore this commit
> and manually backport the lock.
>
> [Test]
> Compile and boot tested.
>
> [Potential Regression]
> Expect very low regression potential.
>
> Hyunwoo Kim (1):
> Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg
>
> net/bluetooth/af_bluetooth.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
applied to oem-6.1-prep, thanks
--
t
More information about the kernel-team
mailing list