[SRU][N][PATCH 0/1] CVE-2024-46800
Bethany Jamison
bethany.jamison at canonical.com
Wed Oct 9 16:43:41 UTC 2024
[Impact]
If netem_dequeue() enqueues packet to inner qdisc and that qdisc
returns __NET_XMIT_STOLEN. The packet is dropped but
qdisc_tree_reduce_backlog() is not called to update the parent's
q.qlen, leading to a use-after-free.
[Fix]
Noble: Clean cherry-pick from linux-6.10.y
Jammy: pending (5.15.0-125.135)
Focal: pending (5.4.0-200.220)
Bionic: fix sent to esm ML
Xenial: fix sent to esm ML
Trusty: won't fix
[Test Case]
Compile and boot tested.
[Where problems could occur]
This fix affects those who use the sched Network Emulation Queuer,
an issue with this would be visible to the user via unexpected
system behavior or a system crash.
Stephen Hemminger (1):
sch/netem: fix use after free in netem_dequeue
net/sched/sch_netem.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list