ACK: [SRU][N][PATCH 0/1] CVE-2024-46800

Guoqing Jiang guoqing.jiang at canonical.com
Fri Oct 11 09:47:56 UTC 2024


Acked-by: Guoqing Jiang <guoqing.jiang at canonical.com>

On 10/10/24 00:43, Bethany Jamison wrote:
> [Impact]
>
> If netem_dequeue() enqueues packet to inner qdisc and that qdisc
> returns __NET_XMIT_STOLEN. The packet is dropped but
> qdisc_tree_reduce_backlog() is not called to update the parent's
> q.qlen, leading to a use-after-free.
>
> [Fix]
>
> Noble:	Clean cherry-pick from linux-6.10.y
> Jammy:	pending (5.15.0-125.135)
> Focal:	pending (5.4.0-200.220)
> Bionic:	fix sent to esm ML
> Xenial:	fix sent to esm ML
> Trusty:	won't fix
>
> [Test Case]
>
> Compile and boot tested.
>
> [Where problems could occur]
>
> This fix affects those who use the sched Network Emulation Queuer,
> an issue with this would be visible to the user via unexpected
> system behavior or a system crash.
>
> Stephen Hemminger (1):
>    sch/netem: fix use after free in netem_dequeue
>
>   net/sched/sch_netem.c | 9 ++++-----
>   1 file changed, 4 insertions(+), 5 deletions(-)
>




More information about the kernel-team mailing list