NACK Re: [SRU][Jammy][OEM-6.1][PATCH 0/2] CVE-2023-6039
Timo Aaltonen
tjaalton at ubuntu.com
Fri Mar 22 08:07:12 UTC 2024
Yuxuan Luo kirjoitti 19.3.2024 klo 23.25:
> [Impact]
> A use-after-free flaw was found in lan78xx_disconnect in
> drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx
> in the Linux Kernel. This flaw allows a local attacker to crash the
> system when the LAN78XX USB device detaches. This patch adds the
> follow-up commits needed for the fix.
>
> [Backport]
> They are all clean cherry picks.
>
> [Test]
> Compile and boot tested.
>
> [Where things could go wrong]
> This patch set slightly modified a kernel function which is only used by
> lan78xx since it is backported for its sake. Expect low risk regression
> limited to lan78xx.
>
> Thomas Gleixner (2):
> timers: Replace BUG_ON()s
> timers: Silently ignore timers with a NULL function
>
> kernel/time/timer.c | 66 ++++++++++++++++++++++++++++++++++++++-------
> 1 file changed, 57 insertions(+), 9 deletions(-)
>
Sorry if you missed the memo, but oem-6.1 is now EOL and will migrate to
oem-6.5 with 2024.03.04 cycle :)
--
t
More information about the kernel-team
mailing list