ACK: [SRU][F/J/N/O][PATCH 0/1] CVE-2024-50264
Massimiliano Pellizzer
massimiliano.pellizzer at canonical.com
Mon Nov 25 16:11:43 UTC 2024
On Mon, 25 Nov 2024 at 16:39, Magali Lemes <magali.lemes at canonical.com> wrote:
>
> [Impact]
> During loopback communication, a dangling pointer can be created in
> vsk->trans, potentially leading to a Use-After-Free condition. This
> issue is resolved by initializing vsk->trans to NULL.
>
> [Fix]
> Oracular: Clean cherry-pick
> Noble: Clean cherry-pick
> Jammy: Clean cherry-pick
> Focal: Clean cherry-pick
> Bionic: Fix sent to ESM ML
> Xenial: Not affected
> Trusty: Not affected
>
> [Test Case]
> Compile tested.
>
> [Where problems could occur]
> This patch touches virtio transport for vsock, but due to its limited
> scope issues here are unlikely to happen.
>
> Hyunwoo Kim (1):
> vsock/virtio: Initialization of the dangling pointer occurring in
> vsk->trans
>
> net/vmw_vsock/virtio_transport_common.c | 1 +
> 1 file changed, 1 insertion(+)
>
> --
> 2.34.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
Acked-by: Massimiliano Pellizzer <massimiliano.pellizzer at canonical.com>
--
Massimiliano Pellizzer
More information about the kernel-team
mailing list