ACK: [SRU][N][PATCH 0/1] CVE-2024-46800

ivanhu ivan.hu at canonical.com
Mon Oct 14 01:55:17 UTC 2024


Acked-by: Ivan Hu <ivan.hu at canonical.com>


On 10/10/24 00:43, Bethany Jamison wrote:
> [Impact]
> 
> If netem_dequeue() enqueues packet to inner qdisc and that qdisc
> returns __NET_XMIT_STOLEN. The packet is dropped but
> qdisc_tree_reduce_backlog() is not called to update the parent's
> q.qlen, leading to a use-after-free.
> 
> [Fix]
> 
> Noble:	Clean cherry-pick from linux-6.10.y
> Jammy:	pending (5.15.0-125.135)
> Focal:	pending (5.4.0-200.220)
> Bionic:	fix sent to esm ML
> Xenial:	fix sent to esm ML
> Trusty:	won't fix
> 
> [Test Case]
> 
> Compile and boot tested.
> 
> [Where problems could occur]
> 
> This fix affects those who use the sched Network Emulation Queuer,
> an issue with this would be visible to the user via unexpected
> system behavior or a system crash.
> 
> Stephen Hemminger (1):
>    sch/netem: fix use after free in netem_dequeue
> 
>   net/sched/sch_netem.c | 9 ++++-----
>   1 file changed, 4 insertions(+), 5 deletions(-)
> 



More information about the kernel-team mailing list