ACK/Cmnt: [SRU][M][PATCH 0/8] Fix for CVE-2024-2658{2,3,4,5}

Stefan Bader stefan.bader at canonical.com
Mon Mar 25 13:24:36 UTC 2024 

On 25.03.24 11:32, Juerg Haefliger wrote:
> This patch series fixes the following CVEs:
> CVE-2024-26582
> CVE-2024-26583
> CVE-2024-26584
> CVE-2024-26585
> 
> The patches are all cherry-picks from stable v6.6 so should eventually come in
> via an Ubuntu stable update.
> 
> Test case:
> 1) Enable async crypto:
>     $ modprobe tcrypt alg="pcrypt(generic-gcm-aesni)" type=3
> 2) Enable TLS function tracing:
>     $ echo function_graph > /sys/kernel/tracing/current_tracer
>     $ echo 'tls_*:mod:tls' > /sys/kernel/tracing/set_ftrace_filter
> 3) Run TLS kernel selftests from v6.8:
>     $ ./linux-6.8/tools/testing/selftests/net/tls
> 4) Verify:
>     - No call traces in the kernel log
>     - All modified TLS functions were called
>     - No additional unexpected TLS test failures
> 
> Note that the above test does *not* verify that the CVEs are actually fixed
> but merely tries to ensure that the kernel doesn't blow up when exercising
> the modified code paths.
> 
> Jakub Kicinski (5):
>    net: tls: factor out tls_*crypt_async_wait()
>    tls: fix race between async notify and socket close
>    tls: fix race between tx work scheduling and socket close
>    net: tls: handle backlogging of crypto requests
>    net: tls: fix returned read length with async decrypt
> 
> John Fastabend (1):
>    net: tls, fix WARNIING in __sk_msg_free
> 
> Sabrina Dubroca (2):
>    tls: extract context alloc/initialization out of tls_set_sw_offload
>    net: tls: fix use-after-free with partial reads and async decrypt
> 
>   include/net/tls.h |   5 --
>   net/tls/tls_sw.c  | 223 ++++++++++++++++++++++++----------------------
>   2 files changed, 116 insertions(+), 112 deletions(-)
> 

Cherry picks from linux-6.6.y and regression tested. I guess its due to 
similar issues and code paths but maybe a short explanation why 4 issues 
were combined under one submission would be nice. Not really necessary 
but personally I find it helpful if it is mentioned which kernel 
versions are affected (in this case I guess the oldest for any of the 
CVEs) by this.

Acked-by: Stefan Bader <stefan.bader at canonical.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 48643 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240325/7a48273c/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240325/7a48273c/attachment-0001.sig>

More information about the kernel-team mailing list