[SRU][Jammy][OEM-6.1][PATCH 0/2] CVE-2023-6039
Yuxuan Luo
yuxuan.luo at canonical.com
Tue Mar 19 21:25:06 UTC 2024
[Impact]
A use-after-free flaw was found in lan78xx_disconnect in
drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx
in the Linux Kernel. This flaw allows a local attacker to crash the
system when the LAN78XX USB device detaches. This patch adds the
follow-up commits needed for the fix.
[Backport]
They are all clean cherry picks.
[Test]
Compile and boot tested.
[Where things could go wrong]
This patch set slightly modified a kernel function which is only used by
lan78xx since it is backported for its sake. Expect low risk regression
limited to lan78xx.
Thomas Gleixner (2):
timers: Replace BUG_ON()s
timers: Silently ignore timers with a NULL function
kernel/time/timer.c | 66 ++++++++++++++++++++++++++++++++++++++-------
1 file changed, 57 insertions(+), 9 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list