NACK/Cmt: [SRU][M][PATCH 0/1] CVE-2024-36978
Koichiro Den
koichiro.den at canonical.com
Wed Sep 18 05:00:32 UTC 2024
On Tue, Sep 17, 2024 at 03:29:44PM +0200, Thibault Ferrante wrote:
> On 17-09-2024 06:56, Koichiro Den wrote:
> > [Impact]
> >
> > net: sched: sch_multiq: fix possible OOB write in multiq_tune()
> >
> > q->bands will be assigned to qopt->bands to execute subsequent code logic
> > after kmalloc. So the old q->bands should not be used in kmalloc.
> > Otherwise, an out-of-bounds write will occur.
> >
> > [Fix]
> >
> > Noble: fixed via stable
> > Mantic: Clean cherry-pick
> Mantic end of support was July 2024, no need to target it.
> https://ubuntu.com/about/release-cycle
I was mistaken in believing that some active trees still remained to
apply fixes to. I got it, thank you for reviewing.
More information about the kernel-team
mailing list