GET

Cover Letter Detail

Show a cover letter.

GET /api/covers/1839961/?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 1839961,
    "url": "http://patchwork.ozlabs.org/api/covers/1839961/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/ubuntu-kernel/cover/20230926224426.282101-1-yuxuan.luo@canonical.com/",
    "project": {
        "id": 15,
        "url": "http://patchwork.ozlabs.org/api/projects/15/?format=api",
        "name": "Ubuntu Kernel",
        "link_name": "ubuntu-kernel",
        "list_id": "kernel-team.lists.ubuntu.com",
        "list_email": "kernel-team@lists.ubuntu.com",
        "web_url": null,
        "scm_url": null,
        "webscm_url": null,
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<20230926224426.282101-1-yuxuan.luo@canonical.com>",
    "list_archive_url": null,
    "date": "2023-09-26T22:44:25",
    "name": "[SRU,F/J/L,0/1] CVE-2023-4921",
    "submitter": {
        "id": 85211,
        "url": "http://patchwork.ozlabs.org/api/people/85211/?format=api",
        "name": "Yuxuan Luo",
        "email": "yuxuan.luo@canonical.com"
    },
    "mbox": "http://patchwork.ozlabs.org/project/ubuntu-kernel/cover/20230926224426.282101-1-yuxuan.luo@canonical.com/mbox/",
    "series": [
        {
            "id": 375012,
            "url": "http://patchwork.ozlabs.org/api/series/375012/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/ubuntu-kernel/list/?series=375012",
            "date": "2023-09-26T22:44:25",
            "name": "CVE-2023-4921",
            "version": 1,
            "mbox": "http://patchwork.ozlabs.org/series/375012/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/covers/1839961/comments/",
    "headers": {
        "Return-Path": "<kernel-team-bounces@lists.ubuntu.com>",
        "X-Original-To": "incoming@patchwork.ozlabs.org",
        "Delivered-To": "patchwork-incoming@legolas.ozlabs.org",
        "Authentication-Results": "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com\n (client-ip=185.125.189.65; helo=lists.ubuntu.com;\n envelope-from=kernel-team-bounces@lists.ubuntu.com;\n receiver=patchwork.ozlabs.org)",
        "Received": [
            "from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4RwFDl0BnMz1ypS\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 27 Sep 2023 08:44:53 +1000 (AEST)",
            "from localhost ([127.0.0.1] helo=lists.ubuntu.com)\n\tby lists.ubuntu.com with esmtp (Exim 4.86_2)\n\t(envelope-from <kernel-team-bounces@lists.ubuntu.com>)\n\tid 1qlGnG-000812-9f; Tue, 26 Sep 2023 22:44:38 +0000",
            "from smtp-relay-internal-0.internal ([10.131.114.225]\n helo=smtp-relay-internal-0.canonical.com)\n by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)\n (Exim 4.86_2) (envelope-from <yuxuan.luo@canonical.com>)\n id 1qlGn8-00080N-US\n for kernel-team@lists.ubuntu.com; Tue, 26 Sep 2023 22:44:32 +0000",
            "from mail-yw1-f198.google.com (mail-yw1-f198.google.com\n [209.85.128.198])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n (No client certificate requested)\n by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 712683F42A\n for <kernel-team@lists.ubuntu.com>; Tue, 26 Sep 2023 22:44:30 +0000 (UTC)",
            "by mail-yw1-f198.google.com with SMTP id\n 00721157ae682-59f7d4bbfc7so109778187b3.3\n for <kernel-team@lists.ubuntu.com>; Tue, 26 Sep 2023 15:44:30 -0700 (PDT)",
            "from cache-ubuntu.hsd1.nj.comcast.net\n ([2601:86:200:98b0:2214:6a5b:c615:f258])\n by smtp.gmail.com with ESMTPSA id\n e14-20020a0ce3ce000000b0065b0771f2edsm2628463qvl.136.2023.09.26.15.44.28\n for <kernel-team@lists.ubuntu.com>\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Tue, 26 Sep 2023 15:44:28 -0700 (PDT)"
        ],
        "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20230601; t=1695768269; x=1696373069;\n h=content-transfer-encoding:mime-version:message-id:date:subject:to\n :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;\n bh=I4uKpbhwyb81Txz696LOd22C7Dyq4X9BW9XceyZTWtY=;\n b=XkjiVrECvZB4KQgiy66KFHdO9r2VH7D12zLFvXvBNLw995UgAQqTZOqlswW2Krv0Nk\n L48OKaT6zI2TA8RSBjsRJqjcn17hlcVejpjgPKl+QCGpRe2Sb7pT1ZoBHzFEWzIdfpP0\n jN23yHWavktn5tEFfPNMPGiOfedmSZSBqiMeUcXiVph86EHuOMkq5Z1I8cm9LCHDwQuw\n OtxgWMdz1/a5jywKeigQPcz4LeRoskB5rzKYDLoasuw6vfH7oSmWj2++FcuE4dd6E2Je\n jVF778T4JYVfhMq1yIX77LEYyhXe3Nyk507BrCFF2S967GSVS1GcUTpUkVSLBS/FKJGs\n Khbw==",
        "X-Gm-Message-State": "AOJu0YxLRL8o+WTXhc0F70Q4fgVtoubDJHiRcaNBUAF8ZawQj9HhQn7C\n Ci743NYEYUL2b8M/UqMj8Kw5kFbTBg+TSLjfbcFqznoeEoJUUv+pEdAxaZIAAxI10WSEoF0Y4qc\n v9VnFMdaQDFCrvidi+S00iCaMbPJ+way6X1d0eL+SV0hgfeixJg==",
        "X-Received": [
            "by 2002:a81:6205:0:b0:59a:e672:5a03 with SMTP id\n w5-20020a816205000000b0059ae6725a03mr384158ywb.44.1695768268931;\n Tue, 26 Sep 2023 15:44:28 -0700 (PDT)",
            "by 2002:a81:6205:0:b0:59a:e672:5a03 with SMTP id\n w5-20020a816205000000b0059ae6725a03mr384149ywb.44.1695768268652;\n Tue, 26 Sep 2023 15:44:28 -0700 (PDT)"
        ],
        "X-Google-Smtp-Source": "\n AGHT+IGA+/jTvL5J5OeTHGm8RUwyV+PB63/UDWHUyL3Hm6DUPqZmvWrRCk6Z6oE48+Tutw2nhIZgfg==",
        "From": "Yuxuan Luo <yuxuan.luo@canonical.com>",
        "To": "kernel-team@lists.ubuntu.com",
        "Subject": "[SRU][F/J/L][PATCH 0/1] CVE-2023-4921",
        "Date": "Tue, 26 Sep 2023 18:44:25 -0400",
        "Message-Id": "<20230926224426.282101-1-yuxuan.luo@canonical.com>",
        "X-Mailer": "git-send-email 2.34.1",
        "MIME-Version": "1.0",
        "X-BeenThere": "kernel-team@lists.ubuntu.com",
        "X-Mailman-Version": "2.1.20",
        "Precedence": "list",
        "List-Id": "Kernel team discussions <kernel-team.lists.ubuntu.com>",
        "List-Unsubscribe": "<https://lists.ubuntu.com/mailman/options/kernel-team>,\n <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>",
        "List-Archive": "<https://lists.ubuntu.com/archives/kernel-team>",
        "List-Post": "<mailto:kernel-team@lists.ubuntu.com>",
        "List-Help": "<mailto:kernel-team-request@lists.ubuntu.com?subject=help>",
        "List-Subscribe": "<https://lists.ubuntu.com/mailman/listinfo/kernel-team>,\n <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>",
        "Content-Type": "text/plain; charset=\"utf-8\"",
        "Content-Transfer-Encoding": "base64",
        "Errors-To": "kernel-team-bounces@lists.ubuntu.com",
        "Sender": "\"kernel-team\" <kernel-team-bounces@lists.ubuntu.com>"
    },
    "content": "[Impact]\nA use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq\ncomponent can be exploited to achieve local privilege escalation. When the\nplug qdisc is used as a class of the qfq qdisc, sending network packets\ntriggers use-after-free in qfq_dequeue() due to the incorrect .peek handler\nof sch_plug and lack of error checking in agg_dequeue(). We recommend\nupgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.\n\n[Backport]\nIt is a clean cherry pick.\n\n[Test]\nTested against the proof of concept. Note that the bug report generated\nby the PoC is expected, as discussed in the [mailing\nlist](https://lore.kernel.org/all/39597d43-7522-38e7-1b37-82c4a84158aa@mojatatu.com/).\n\n[Potential Regression]\nExpect relatively low regression potential as it has been backported to\nmultiple stable branches.\n\nvalis (1):\n  net: sched: sch_qfq: Fix UAF in qfq_dequeue()\n\n net/sched/sch_plug.c |  2 +-\n net/sched/sch_qfq.c  | 22 +++++++++++++++++-----\n 2 files changed, 18 insertions(+), 6 deletions(-)"
}