ACK[J]+NACK[L]/Cmnt: [SRU][Lunar 0/2, Jammy 0/1] CVE-2023-46862
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Tue Jan 23 10:22:17 UTC 2024
On Tue, Jan 23, 2024 at 09:51:14AM +0100, Stefan Bader wrote:
> On 22.01.24 19:24, Bethany Jamison wrote:
> > [Impact]
> >
> > An issue was discovered in the Linux kernel through 6.5.9. During a
> > race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo
> > NULL pointer dereference can occur.
> >
> > [Fix]
> >
> > Lunar: Clean cherry-pick.
> > Jammy: Manual backport of original fix commit. The structure of
> > io_uring in Jammy is different from upstream, so I found where the
> > chunk of code had been moved to in Jammy and directly applied the
> > changes.
> >
> > [Test Case]
> >
> > Compile and boot test.
> >
> > [Regression Potential]
> >
> > Issues could occur during SQ thread exit races.
> >
> > Jens Axboe (2):
> > io_uring/fdinfo: get rid of ref tryget
> > io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid
> >
> > io_uring/fdinfo.c | 36 ++++++++++++++++++------------------
> > 1 file changed, 18 insertions(+), 18 deletions(-)
> >
> Lunar goes EOL by Jan-25. There is no planned future update on it. For Jammy
> with emphasis on that "manually backported" must be amended when applying.
>
> Acked-by: Stefan Bader <stefan.bader at canonical.com>
>
I usually advise that CVE fixes are backported to major versions until they are
completely dead. And by that, I mean all kernels of that major version have
been superseded in -updates and -security. We have had relied on promises of
kernels being dead in the past, and that didn't work out well.
Cascardo.
More information about the kernel-team
mailing list