ACK: [SRU][F/J/L/M][PATCH 0/1] CVE-2023-51779
Tim Gardner
tim.gardner at canonical.com
Mon Jan 8 15:09:23 UTC 2024
On 1/5/24 4:20 PM, Yuxuan Luo wrote:
> [Impact]
> A vulneralbility has been found in Linux kernel
> net/bluetoothaf_bluetooth.c. This can cause a race with bt_sock_ioctl()
> because bt_sock_recvmsg() gets the skb from sk->sk_receive_queue and
> then frees it without holding lock_sock. A use-after-free for a skb
> occurs which leads to potential denial of service.
>
> [Backport]
> For Lunar and Mantic it is a clean cherry pick.
> For Focal and Jammy, there exists a prerequisite commit, f4b41f062c42
> (“net: remove noblock parameter from skb_recv_datagram()”). However,
> this commit only removes the obsolete parameter, so ignore this commit
> and manually backport the lock.
>
> [Test]
> Compile and boot tested.
>
> [Potential Regression]
> Expect very low regression potential.
>
> Hyunwoo Kim (1):
> Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg
>
> net/bluetooth/af_bluetooth.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
Acked-by: Tim Gardner <tim.gardner at canonical.com>
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list