ACK: [SRU][N][PATCH 0/1] CVE-2024-46800
ivanhu
ivan.hu at canonical.com
Mon Oct 14 01:55:17 UTC 2024
Acked-by: Ivan Hu <ivan.hu at canonical.com>
On 10/10/24 00:43, Bethany Jamison wrote:
> [Impact]
>
> If netem_dequeue() enqueues packet to inner qdisc and that qdisc
> returns __NET_XMIT_STOLEN. The packet is dropped but
> qdisc_tree_reduce_backlog() is not called to update the parent's
> q.qlen, leading to a use-after-free.
>
> [Fix]
>
> Noble: Clean cherry-pick from linux-6.10.y
> Jammy: pending (5.15.0-125.135)
> Focal: pending (5.4.0-200.220)
> Bionic: fix sent to esm ML
> Xenial: fix sent to esm ML
> Trusty: won't fix
>
> [Test Case]
>
> Compile and boot tested.
>
> [Where problems could occur]
>
> This fix affects those who use the sched Network Emulation Queuer,
> an issue with this would be visible to the user via unexpected
> system behavior or a system crash.
>
> Stephen Hemminger (1):
> sch/netem: fix use after free in netem_dequeue
>
> net/sched/sch_netem.c | 9 ++++-----
> 1 file changed, 4 insertions(+), 5 deletions(-)
>
More information about the kernel-team
mailing list