Cmnt: APPLIED/Cmnt: [SRU][F/J/M][PATCH 0/2] CVE-2024-26624
Yuxuan Luo
yuxuan.luo at canonical.com
Mon Jun 3 17:01:40 UTC 2024
On 5/24/24 10:03, Roxana Nicolescu wrote:
>
> On 27/03/2024 17:14, Yuxuan Luo wrote:
>> CVE-2024-26624 has been rejected:
>> https://lore.kernel.org/linux-cve-announce/2024032747-REJECTED-f2cf@gregkh/
> What does this mean? Shall we revert them?
It means the kernel.org thinks "it is no longer a valid CVE", no
rationale given. I'd suggest we keep the fix for this one.
>
>>
>> On 3/27/24 11:43, Stefan Bader wrote:
>>> On 27.03.24 01:18, Yuxuan Luo wrote:
>>>> [Impact]
>>>> A potential deadlock is found in the AF_UNIX subsystem, the
>>>> scenario is
>>>> shown below:
>>>>
>>>> CPU0 CPU1
>>>> ---- ----
>>>> lock(&u->lock/1);
>>>> lock(rlock-AF_UNIX);
>>>> lock(&u->lock/1);
>>>> lock(rlock-AF_UNIX);
>>>>
>>>> *** DEADLOCK ***
>>>> Such deadlock could lead to serious denial of service and system
>>>> crash.
>>>>
>>>> [Backport]
>>>> The fix is a clean cherry pick.
>>>>
>>>> However, the modified function has been copied to our own trees
>>>> (security/apparmor/af_unix.c), therefore, a sauce patch is needed to
>>>> synchronize the change.
>>>>
>>>> [Test]
>>>> Compile and boot tested.
>>>>
>>>> [Where things could go wrong]
>>>> The fix touches af_unix.c which means most of the use case are
>>>> affected.
>>>> However, what this fix does is to add "an identifier" to the locks to
>>>> avoid potential deadlock without touching working logic; plus, this
>>>> fix
>>>> has been backported to multiple stable trees, expect very low
>>>> regression
>>>> potential. If such happens, it is probably a denial of service.
>>>>
>>>> Eric Dumazet (1):
>>>> af_unix: fix lockdep positive in sk_diag_dump_icons()
>>>>
>>>> Yuxuan Luo (1):
>>>> UBUNTU: SAUCE: af_unix: fix lockdep positive in
>>>> sk_diag_dump_icons()
>>>>
>>>> include/net/af_unix.h | 20 ++++++++++++++------
>>>> net/unix/af_unix.c | 14 ++++++--------
>>>> net/unix/diag.c | 2 +-
>>>> security/apparmor/af_unix.c | 12 +++++-------
>>>> 4 files changed, 26 insertions(+), 22 deletions(-)
>>>>
>>> As stated in Manuel's reply this already was applied to Jammy and
>>> Focal. I applied the modified commit message of #2 to Mantic and
>>> reworded the respective change in Jammy and Focal accordingly. Also
>>> added the CVE number there. And also to patch #1 in Mantic.
>>>
>>> Applied to mantic,jammy,focal:linux/master-next. Thanks.
>>>
>>> -Stefan
>>>
>>
More information about the kernel-team
mailing list