ACK: [SRU][F/J][PATCH 0/1] CVE-2024-40910
Jian Hui Lee
jianhui.lee at canonical.com
Thu Nov 7 02:24:09 UTC 2024
Acked-by: Jian Hui Lee <jianhui.lee at canonical.com>
On Wed, Nov 6, 2024 at 1:02 AM Massimiliano Pellizzer
<massimiliano.pellizzer at canonical.com> wrote:
>
> [Impact]
>
> ax25: Fix refcount imbalance on inbound connections
>
> When releasing a socket in ax25_release(), we call netdev_put() to
> decrease the refcount on the associated ax.25 device. However, the
> execution path for accepting an incoming connection never calls
> netdev_hold(). This imbalance leads to refcount errors, and ultimately
> to kernel crashes.
>
> This patch corrects these issues by ensuring that we call netdev_hold()
> and ax25_dev_hold() for new connections in ax25_accept(). This makes the
> logic leading to ax25_accept() match the logic for ax25_bind(): in both
> cases we increment the refcount, which is ultimately decremented in
> ax25_release().
>
> [Fix]
>
> Noble: Fixed through stable updates
> Jammy: Backported from linux-6.1.y
> Focal: backported from linux-6.1.y
> Bionic: Sent to ESM ML
> Xenial: Sent to ESM ML
>
> [Test Case]
>
> Compile tested only.
>
> [Where problems could occur]
>
> The fix affects the AX.25 networking subsystem. An issue with this fix
> may lead to kernel crashes during AX.25 connection handling or when
> releasing AX.25 sockets. Additionally, users may observe system
> instability or hangs during network interface teardown.
>
> Lars Kellogg-Stedman (1):
> ax25: Fix refcount imbalance on inbound connections
>
> net/ax25/af_ax25.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> --
> 2.43.0
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list