APPLIED: [SRU][F/J][PATCH 0/1] CVE-2024-40910

Stefan Bader stefan.bader at canonical.com
Mon Nov 11 10:38:23 UTC 2024 

On 05.11.24 18:01, Massimiliano Pellizzer wrote:
> [Impact]
> 
> ax25: Fix refcount imbalance on inbound connections
> 
> When releasing a socket in ax25_release(), we call netdev_put() to
> decrease the refcount on the associated ax.25 device. However, the
> execution path for accepting an incoming connection never calls
> netdev_hold(). This imbalance leads to refcount errors, and ultimately
> to kernel crashes.
> 
> This patch corrects these issues by ensuring that we call netdev_hold()
> and ax25_dev_hold() for new connections in ax25_accept(). This makes the
> logic leading to ax25_accept() match the logic for ax25_bind(): in both
> cases we increment the refcount, which is ultimately decremented in
> ax25_release().
> 
> [Fix]
> 
> Noble: Fixed through stable updates
> Jammy: Backported from linux-6.1.y
> Focal: backported from linux-6.1.y
> Bionic: Sent to ESM ML
> Xenial: Sent to ESM ML
> 
> [Test Case]
> 
> Compile tested only.
> 
> [Where problems could occur]
> 
> The fix affects the AX.25 networking subsystem. An issue with this fix
> may lead to kernel crashes during AX.25 connection handling or when
> releasing AX.25 sockets. Additionally, users may observe system
> instability or hangs during network interface teardown.
> 
> Lars Kellogg-Stedman (1):
>    ax25: Fix refcount imbalance on inbound connections
> 
>   net/ax25/af_ax25.c | 6 ++++++
>   1 file changed, 6 insertions(+)
> 

Applied to jammy,focal:linux/master-next. Thanks.

-Stefan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 48643 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20241111/61cb7394/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20241111/61cb7394/attachment-0001.sig>

More information about the kernel-team mailing list