APPLIED/Cmnt: [SRU][Lunar 0/2, Jammy 0/1] CVE-2023-46862
Stefan Bader
stefan.bader at canonical.com
Wed Jan 24 15:09:26 UTC 2024
On 22.01.24 19:24, Bethany Jamison wrote:
> [Impact]
>
> An issue was discovered in the Linux kernel through 6.5.9. During a
> race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo
> NULL pointer dereference can occur.
>
> [Fix]
>
> Lunar: Clean cherry-pick.
> Jammy: Manual backport of original fix commit. The structure of
> io_uring in Jammy is different from upstream, so I found where the
> chunk of code had been moved to in Jammy and directly applied the
> changes.
>
> [Test Case]
>
> Compile and boot test.
>
> [Regression Potential]
>
> Issues could occur during SQ thread exit races.
>
> Jens Axboe (2):
> io_uring/fdinfo: get rid of ref tryget
> io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid
>
> io_uring/fdinfo.c | 36 ++++++++++++++++++------------------
> 1 file changed, 18 insertions(+), 18 deletions(-)
>
Applied to jammy:linux/master-next and also to Lunar but do not expect a
release. Thanks.
-Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 48643 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240124/38766847/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240124/38766847/attachment-0001.sig>
More information about the kernel-team
mailing list