ACK: [SRU][J/F][PATCH 0/2] CVE-2023-52664

Kuba Pawlak kuba.pawlak at canonical.com
Fri Apr 11 07:09:07 UTC 2025 

On 9.04.2025 16:07, Massimiliano Pellizzer wrote:
> https://ubuntu.com/security/CVE-2023-52664
>
> [ Impact ]
>
> net: atlantic: eliminate double free in error handling logic
>
> Driver has a logic leak in ring data allocation/free,
> where aq_ring_free could be called multiple times on same ring,
> if system is under stress and got memory allocation error.
>
> Ring pointer was used as an indicator of failure, but this is
> not correct since only ring data is allocated/deallocated.
> Ring itself is an array member.
>
> Changing ring allocation functions to return error code directly.
> This simplifies error handling and eliminates aq_ring_free
> on higher layer.
>
> [ Fix ]
>
> Oracular: not affected
> Noble: not affected
> Jammy: backported from mainline
> Focal: backported from mainline
>
> [ Test Plan ]
>
> Compile and boot tested.
> Loaded the atlantic module without errors:
>
> Jammy:
> $ sudo modprobe atlantic
> $ lsmod | grep atlantic
> atlantic              229376  0
> macsec                 61440  1 atlantic
> $ sudo dmesg | tail -n 1
> [   44.137724] MACsec IEEE 802.1AE
>
> Focal:
> $ sudo modprobe atlantic
> $ lsmod | grep atlantic
> atlantic               94208  0
>
> [ Where Problems Could Occur ]
>
> The fix affects the Aquantia Atlantic Ethernet driver.
> An issue with this fix may lead to incorrect assumptions about
> memory allocation success or failure, potentially resulting in
> memory leaks, missed error detection, or unintended deallocation
> sequences. A user might experience problems such as degraded
> network performance, connectivity loss, or kernel crashes
> under high load conditions.
Acked-by: Kuba Pawlak <kuba.pawlak at canonical.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x216A9D7E3B63DCB4.asc
Type: application/pgp-keys
Size: 3139 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20250411/ad005d9c/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20250411/ad005d9c/attachment.sig>

More information about the kernel-team mailing list