[SRU][N/J][PATCH 0/1] CVE-2024-39292
Bethany Jamison
bethany.jamison at canonical.com
Fri Jul 12 16:29:33 UTC 2024
[Impact]
um: Add winch to winch_handlers before registering winch IRQ
Registering a winch IRQ is racy, an interrupt may occur before the winch is
added to the winch_handlers list.
If that happens, register_winch_irq() adds to that list a winch that is
scheduled to be (or has already been) freed, causing a panic later in
winch_cleanup().
Avoid the race by adding the winch to the winch_handlers list before
registering the IRQ, and rolling back if um_request_irq() fails.
[Fix]
Noble: Clean cherry-pick from linux-6.9.y
Jammy: Noble patch applied cleanly
Focal: pending (5.4.0-192.212)
Bionic: fix sent to esm ML
Xenial: fix sent to esm ML
Trusty: not going to be fixed by us
[Test Case]
Compile and boot tested.
[Where problems could occur]
This fix affects those who use User-Mode Linux, an issue with
this fix would be visible to the user via unpredicted system
behavior.
Roberto Sassu (1):
um: Add winch to winch_handlers before registering winch IRQ
arch/um/drivers/line.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list