[{"id":3188739,"web_url":"http://patchwork.ozlabs.org/comment/3188739/","msgid":"","list_archive_url":null,"date":"2023-09-27T12:16:13","subject":"ACK: [SRU][F/J/L][PATCH 0/1] CVE-2023-4921","submitter":{"id":1232,"url":"http://patchwork.ozlabs.org/api/people/1232/","name":"Tim Gardner","email":"tim.gardner@canonical.com"},"content":"On 9/26/23 4:44 PM, Yuxuan Luo wrote:\n> [Impact]\n> A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq\n> component can be exploited to achieve local privilege escalation. When the\n> plug qdisc is used as a class of the qfq qdisc, sending network packets\n> triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler\n> of sch_plug and lack of error checking in agg_dequeue(). We recommend\n> upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.\n> \n> [Backport]\n> It is a clean cherry pick.\n> \n> [Test]\n> Tested against the proof of concept. Note that the bug report generated\n> by the PoC is expected, as discussed in the [mailing\n> list](https://lore.kernel.org/all/39597d43-7522-38e7-1b37-82c4a84158aa@mojatatu.com/).\n> \n> [Potential Regression]\n> Expect relatively low regression potential as it has been backported to\n> multiple stable branches.\n> \n> valis (1):\n> net: sched: sch_qfq: Fix UAF in qfq_dequeue()\n> \n> net/sched/sch_plug.c | 2 +-\n> net/sched/sch_qfq.c | 22 +++++++++++++++++-----\n> 2 files changed, 18 insertions(+), 6 deletions(-)\n> \nAcked-by: Tim Gardner ","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":"legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com\n (client-ip=185.125.189.65; helo=lists.ubuntu.com;\n envelope-from=kernel-team-bounces@lists.ubuntu.com;\n receiver=patchwork.ozlabs.org)","Received":["from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4RwbFC3gzqz1yqW\n\tfor ; Wed, 27 Sep 2023 22:16:31 +1000 (AEST)","from localhost ([127.0.0.1] helo=lists.ubuntu.com)\n\tby lists.ubuntu.com with esmtp (Exim 4.86_2)\n\t(envelope-from )\n\tid 1qlTSl-0004DG-TC; Wed, 27 Sep 2023 12:16:20 +0000","from smtp-relay-internal-0.internal ([10.131.114.225]\n helo=smtp-relay-internal-0.canonical.com)\n by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)\n (Exim 4.86_2) (envelope-from )\n id 1qlTSi-0004D9-Hn\n for kernel-team@lists.ubuntu.com; Wed, 27 Sep 2023 12:16:18 +0000","from mail-vk1-f198.google.com (mail-vk1-f198.google.com\n [209.85.221.198])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n (No client certificate requested)\n by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 5A5533F665\n for ; Wed, 27 Sep 2023 12:16:16 +0000 (UTC)","by mail-vk1-f198.google.com with SMTP id\n 71dfb90a1353d-49047d5b070so5801484e0c.3\n for ; Wed, 27 Sep 2023 05:16:16 -0700 (PDT)","from [192.168.1.4] (174-045-099-030.res.spectrum.com.\n [174.45.99.30])\n by smtp.gmail.com with ESMTPSA id\n a9-20020a056a000c8900b0064f76992905sm8996815pfv.202.2023.09.27.05.16.14\n (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);\n Wed, 27 Sep 2023 05:16:14 -0700 (PDT)"],"X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20230601; t=1695816975; x=1696421775;\n h=content-transfer-encoding:in-reply-to:from:references:to\n :content-language:subject:user-agent:mime-version:date:message-id\n :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;\n bh=L8zqsMEfmpI7nbUiULjpxal0qke4nyvxAPW+uiTAg/4=;\n b=ORieOdjEXzOGNkRcdtGUiVZmMV3074FJ273x6Wo3B2/YVkjEkljidkjNQnkByNOkRS\n 4hfBb/ZAjSEwXF8O5DNWldt9VbsbVCXj9TXNQsjGOmTb2HRct1RqH6YMaqWArsAbsThO\n E3tUwtg5cilhCGoaZiD50ab4hxuX6mQXVeVgNPomN104cRa9uaieMcuwLCIelzRHxULu\n 7YFOJWYOw3ago7HthmdKXapifOlCg6iuhTcrMR8BnWcucUMCQXeOBoyvp4neCIPMj/Q0\n PiEeog/XgdnncYxDC9VS0wcFXw7lr3N8gufMGygw29sRFCV0NDhu/U/Kg8Pq/vla/tRi\n o2zw==","X-Gm-Message-State":"AOJu0YxIswIIS17MDYS2Ajb+a2KdZiMJm6i3Kgj5bk+PTVtROl01z3RA\n fVeZg42v2X+OPp+ZVd8wjgej28BSCIkSbE9UeIIendlvHI96kda+ekeH2CdKYXtHb6A/izpzUab\n 1YSWst/GhnuQZHOHWIqE5fHk/vTImMnP/QcsHRzY9ew==","X-Received":["by 2002:a1f:e742:0:b0:49a:7a5b:dab2 with SMTP id\n e63-20020a1fe742000000b0049a7a5bdab2mr1684083vkh.16.1695816975287;\n Wed, 27 Sep 2023 05:16:15 -0700 (PDT)","by 2002:a1f:e742:0:b0:49a:7a5b:dab2 with SMTP id\n e63-20020a1fe742000000b0049a7a5bdab2mr1684074vkh.16.1695816974972;\n Wed, 27 Sep 2023 05:16:14 -0700 (PDT)"],"X-Google-Smtp-Source":"\n AGHT+IFiaMMlbwZ7yovEHk5rEzECJqt5QQ4QFjBBQF06MHTmSM8cxQHG22GKtOStK8EJdte7/nXLgA==","Message-ID":"","Date":"Wed, 27 Sep 2023 06:16:13 -0600","MIME-Version":"1.0","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101\n Thunderbird/102.15.1","Subject":"ACK: [SRU][F/J/L][PATCH 0/1] CVE-2023-4921","Content-Language":"en-US","To":"Yuxuan Luo , kernel-team@lists.ubuntu.com","References":"<20230926224426.282101-1-yuxuan.luo@canonical.com>","From":"Tim Gardner ","In-Reply-To":"<20230926224426.282101-1-yuxuan.luo@canonical.com>","X-BeenThere":"kernel-team@lists.ubuntu.com","X-Mailman-Version":"2.1.20","Precedence":"list","List-Id":"Kernel team discussions ","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","Content-Transfer-Encoding":"base64","Content-Type":"text/plain; charset=\"utf-8\"; Format=\"flowed\"","Errors-To":"kernel-team-bounces@lists.ubuntu.com","Sender":"\"kernel-team\" "}},{"id":3188813,"web_url":"http://patchwork.ozlabs.org/comment/3188813/","msgid":"<908dab6b-4661-4e26-ba6f-90ad663cb58b@canonical.com>","list_archive_url":null,"date":"2023-09-27T13:49:40","subject":"Cmnt: [SRU][F/J/L][PATCH 0/1] CVE-2023-4921","submitter":{"id":85211,"url":"http://patchwork.ozlabs.org/api/people/85211/","name":"Yuxuan Luo","email":"yuxuan.luo@canonical.com"},"content":"Also applies to Jammy-OEM-6.1.\n\nOn 9/26/23 18:44, Yuxuan Luo wrote:\n> [Impact]\n> A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq\n> component can be exploited to achieve local privilege escalation. When the\n> plug qdisc is used as a class of the qfq qdisc, sending network packets\n> triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler\n> of sch_plug and lack of error checking in agg_dequeue(). We recommend\n> upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.\n>\n> [Backport]\n> It is a clean cherry pick.\n>\n> [Test]\n> Tested against the proof of concept. Note that the bug report generated\n> by the PoC is expected, as discussed in the [mailing\n> list](https://lore.kernel.org/all/39597d43-7522-38e7-1b37-82c4a84158aa@mojatatu.com/).\n>\n> [Potential Regression]\n> Expect relatively low regression potential as it has been backported to\n> multiple stable branches.\n>\n> valis (1):\n> net: sched: sch_qfq: Fix UAF in qfq_dequeue()\n>\n> net/sched/sch_plug.c | 2 +-\n> net/sched/sch_qfq.c | 22 +++++++++++++++++-----\n> 2 files changed, 18 insertions(+), 6 deletions(-)\n>","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":"legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com\n (client-ip=185.125.189.65; helo=lists.ubuntu.com;\n envelope-from=kernel-team-bounces@lists.ubuntu.com;\n receiver=patchwork.ozlabs.org)","Received":["from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4RwdKB3nKwz1ypJ\n\tfor ; Wed, 27 Sep 2023 23:50:05 +1000 (AEST)","from localhost ([127.0.0.1] helo=lists.ubuntu.com)\n\tby lists.ubuntu.com with esmtp (Exim 4.86_2)\n\t(envelope-from )\n\tid 1qlUvF-00050l-QX; Wed, 27 Sep 2023 13:49:49 +0000","from smtp-relay-internal-1.internal ([10.131.114.114]\n helo=smtp-relay-internal-1.canonical.com)\n by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)\n (Exim 4.86_2) (envelope-from )\n id 1qlUvB-00050Z-8B\n for kernel-team@lists.ubuntu.com; Wed, 27 Sep 2023 13:49:45 +0000","from mail-qk1-f200.google.com (mail-qk1-f200.google.com\n [209.85.222.200])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n (No client certificate requested)\n by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id B1AA73F214\n for ; Wed, 27 Sep 2023 13:49:44 +0000 (UTC)","by mail-qk1-f200.google.com with SMTP id\n af79cd13be357-7740829f2beso2377839385a.2\n for ; Wed, 27 Sep 2023 06:49:44 -0700 (PDT)","from ?IPV6:2601:86:200:98b0:f2e6:27a8:64ba:3b69?\n ([2601:86:200:98b0:f2e6:27a8:64ba:3b69])\n by smtp.gmail.com with ESMTPSA id\n j21-20020ae9c215000000b0076d9e298928sm5455025qkg.66.2023.09.27.06.49.41\n for \n (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);\n Wed, 27 Sep 2023 06:49:41 -0700 (PDT)"],"X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20230601; t=1695822582; x=1696427382;\n h=content-transfer-encoding:in-reply-to:autocrypt:content-language\n :references:to:from:subject:user-agent:mime-version:date:message-id\n :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;\n bh=EuHba06FUcy4W8TkEO2d7NO9uuvGndTh8AyCebdbOrY=;\n b=KWaZt876R0ACOOs7Fi9stBP2/rvo7i4WstVDmfRXlCIMgduGHsAX25Zzy1p2BuVoZe\n MUSESj4n93YKP4l/BDiuD+KhhKR8K7UJpkmaL1QWHhrnotY8rKBB8xrD/20rI9gaPtF0\n ikoQiG2bkTKR6+RoiPK4fOCbhtGZ9baTYjVomyqv7IdJ5c4nu17qLFhf6UC4fNVdPyXJ\n KkzOQW98z5oKKm/kZdYDljyrpKGv+JVmKyoLzDenpHmxNDdZlG5CEJmU6IukFEHUUnf0\n bdjAt/xXQ1+jiNItQ5plmPcm68pDCFgbiqcZ8A7JHqS16E0fw4XXkqy5Tlg5isCZaAUx\n 6czg==","X-Gm-Message-State":"AOJu0Yx/oWty0+G2kd1Q67qn3fLEMFXfduquPFJp0O8OISM760/szH8w\n 063AwTQ3VJRwKhBnvwgX6NDLzaOqGQLBis7mwGeYFptxoRI8xf9cbYiRd0SER+x91gfbPj/kbHS\n s+QmibyQyX+pfcxYIiqII2/5imPHPb511aN1k3rqQNEdg3roDoA==","X-Received":["by 2002:a05:620a:424d:b0:774:34df:efe8 with SMTP id\n w13-20020a05620a424d00b0077434dfefe8mr2321757qko.14.1695822582610;\n Wed, 27 Sep 2023 06:49:42 -0700 (PDT)","by 2002:a05:620a:424d:b0:774:34df:efe8 with SMTP id\n w13-20020a05620a424d00b0077434dfefe8mr2321737qko.14.1695822582246;\n Wed, 27 Sep 2023 06:49:42 -0700 (PDT)"],"X-Google-Smtp-Source":"\n AGHT+IFev7BeX59vLL/4sJ42VqOhdFblmYk6GiPVT7mpvKrOuL/57eEMIQJi65Z5llnSjikomkzOzQ==","Message-ID":"<908dab6b-4661-4e26-ba6f-90ad663cb58b@canonical.com>","Date":"Wed, 27 Sep 2023 09:49:40 -0400","MIME-Version":"1.0","User-Agent":"Mozilla Thunderbird","Subject":"Cmnt: [SRU][F/J/L][PATCH 0/1] CVE-2023-4921","From":"Yuxuan Luo ","To":"kernel-team@lists.ubuntu.com","References":"<20230926224426.282101-1-yuxuan.luo@canonical.com>","Content-Language":"en-US","Autocrypt":"addr=yuxuan.luo@canonical.com; keydata=\n xsFNBGNFdfMBEADr38WqpzoiRrkV0uh6b5h0t7RehnYpkvXCcgvjqO+XP1wZ1gWvFuAPKDgi\n ZgwGpC0KrvrXTH3uDpkemnqj9stksGrKWT+7wSB4D6e5zVRLCe2mrCAXJSaPSaufCbGpEXWZ\n e99EUqp5ffqT4M1+ONIJ7tSYsXZtIQi5a96mGa/zBWKewJshbZkededz1aTwMTXz9UcyA3rX\n m/xrLHZ3C0ARFJA4r1GhODGG1/YfX4C+2ufwbKICSUh0wejyJdWoADGx6HM5bwWBVg5h6cFt\n ZNzSElrIS8+bw8pRBQ8ZRBG3o4L1NZhMLQIPvB3XUD7gnzlSY+wb3zDCOKkr8V9FbQUwV1HP\n NlZk8ialkLHbLPFY/lDexb6PAN/cZyS4ocIkR1zPfLvgmS3CLRrHKinAz9uHSD2agnTFrpAa\n R6TkIT2BMeEVixx3fV4RDU5nW5unk4xhCoXQxWXBX63ZzX1CW1X5MqDdTcRxuuUmY0huLx7a\n vZiw3AyzmWEzWip6K40UibTLAcco03VH7E0nvHMGxZutD10Ok6b5ugVsF8nkBYd5iGEPEbha\n v8zykjqB+EES7YHmdrNfIwuMc6yPwcnRHjCeUenTNUHaK4bVdrm7aGzyQPw36tGWkimOA1+G\n QuUC75+4CxRv+LNmBSTzc/GbR9i8Ma8Y2f0Mi44DfTS+xfv9JwARAQABzTpZdXh1YW4gTHVv\n IChZdXh1YW4gTHVvIFBHUCBrZXkpIDx5dXh1YW4ubHVvQGNhbm9uaWNhbC5jb20+wsGOBBMB\n CgA4FiEEeTuvL3Me1FxieW8g9QE9qW9q38QFAmNFdfMCGwMFCwkIBwIGFQoJCAsCBBYCAwEC\n HgECF4AACgkQ9QE9qW9q38TEUBAA6J8SrrwRKIF3DTPOlNUECZUcFTdIo2Px/vkWSXwT+qQ9\n wqUahSzKtpkL6bOtntv4yd+LXGJgF8KEEl+qIM9kHX37n+gWhP3gEeq5Y23O3rY6SV9JsBQ6\n BlcYAIDlsm5g/cN/O1xDHONYfDMf+moolrMGabn/R3vX8s94CgbmjrZ8+vtKHjQ3lb/LCryb\n IMjg4k7Yw0lyOFcOr8FBsKsBpoh70HEHOVCoPqmnHo39lc+Ie8jSQaHHYJDYVT9/AdE5bxMY\n 4aa5OVRVtK2rh2kmnViBFVOkdhCB7L+/I5QY97mpAp+0l+ovnQ3jPQ8uULw6JRxllLSHYcMU\n pqy/AmkontWpOVgt4Li3Iwp7j19nIA/50pwQMgt7K2jAhmQFzcTEzBkLrwIxZnjqqVC6VFIi\n hgyiOgA+sdvu+703er3cFJg3U8/7hBbVE9lTHVv2Qlpup+Pm8ml5N61UYxKD5SxeTkFuWRIX\n T1qvVQd96EmJc280MKpL6kH5S1MysB9T//RydLCYeA8gw5pjDW5pm6zW/ouLD05V4q+T5HpS\n U2vk5ASVGik3OIkrMLm8HRL07P7BohHck+KZnm/uaxcEhc08iXtyYB+dAiMSFMMdE+vqON18\n wSZ42PWzF5e+/mCog7WZ7jXw6gD/f/hUFYUO8OvPaHIZeCrd8pvOlwjTabwoTOzOwU0EY0V1\n 8wEQAN0lWd/uHPe3LP2T5SQ0+FKhW4Zf190irnQI/Qc4GU8kodnOcyqDijuaNhjjJ71IFA3x\n QlwBtYJX6wkVhJoCbIwqZn1IDht/ESv/Y1CkQZvnfsdzWe3+Vxm4ABRT1drjKaD3SaJeZhZ1\n ZFQOPZW0o7UwVLBOk5fXWsRDDiWLQF62E1XNe/0NbY3i2j72I83YW33t1ZhvSzc53xgqq3Z8\n tEDs9ebehvxpLyyuI4PFhx0IMb/PgrCjbPdiwSl6lUrWyWZDtGfpGr43lS1BoNuAKbDTOYSR\n up5BVNwnRnHtwM0zg6AEdV8DYF5zMzg1LOsieW7LkZCHPGpAloaSKeRXqP/kYkt1dTFvI86+\n dg/9oBVPOR3HetqdEwY0Gicx/RlJm96sE8P6RoH8GhpbU28qubUSpJRCg39U8C2LAYwn2Jg7\n q1wU5Pa3/Vb3M1j/X9uQglmz2CGly5GJIZPoA3vqb9Zdkl2npCez9JRZPkaxYlltthbl/lkf\n HUMQBgPK8ZqesCuI405Q/aG1Ok+m6qyw38kEJxx7hKvuGHvuOd4yPAcv8glxCVBwDPqpcf7n\n 1Ova/jbaMrXEb78c9DllDRsUW/LV6SCvnhm8mz17edOpiY5Z0lDuaM+kj2mG04Nrriioo0NR\n hgk8vF8OxBv5ReoBGM5rhGjzewbNp9WfmgXXnOc7ABEBAAHCwXYEGAEKACAWIQR5O68vcx7U\n XGJ5byD1AT2pb2rfxAUCY0V18wIbDAAKCRD1AT2pb2rfxMAZD/91H0fZYV+8uQ7ZuTrZlxDh\n bx4wE8wFCT2/6+LGElrGiJk9GtwQslLzI9IRPhEUhdG4IRfUrxPn0sleSc5fVKCOHaWiczhw\n z2TXpHt7OeNQBHKCpM0qsPoag1U8pXAMPSYqSz/RyynHapH3n6jOCIN0D2O2L3S5jhJXOfgO\n SFRwHVsc6e+gQDISuCowZqFeOb91HQ78qq3c6baFaPkQmjhbCJC4o+ilnuRs2/h57cTrGz8N\n zTvRfo9fs9cdQjeI9yoYfuj9/1bMq+FPQ4LXiOMBmVMax48bT+NycZfcu2offXGwqfM4DTc/\n X0G8csYIR1wPah47c/Xvld7OItRRJbUrUSmh0fq6Zzu+JrxOuWk3FE6zXmORTC5AGxsvlE/p\n zXNPZXYzW9pCBEV8qUK1Yf9Wh+7af39TsTqBivnfXD76KgABWTgQSVhq6e99r+rKjT4M4t6U\n Ty7doPbbKND3kg4F6niA4kjOrGdYmcBn4yZU1gjVvlIfVUUcJ+27E2bX0kikUk8jaOZ41g1A\n xlODw6M0rlg6Cxpq+bEs0umwEOQGQLEIiwBtRAmwqxpCy0fF6hr/+erYujd5fljdVg8p9JXP\n lfkKN5Z3ldMY1I+RQQl36G5PgTjjGxFrSPulyDFWc0ycZX+BZwJUd0FZcVGw7atR5drsnXEL\n dvAFo6uYrjUXTA==","In-Reply-To":"<20230926224426.282101-1-yuxuan.luo@canonical.com>","X-BeenThere":"kernel-team@lists.ubuntu.com","X-Mailman-Version":"2.1.20","Precedence":"list","List-Id":"Kernel team discussions ","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","Content-Transfer-Encoding":"base64","Content-Type":"text/plain; charset=\"utf-8\"; Format=\"flowed\"","Errors-To":"kernel-team-bounces@lists.ubuntu.com","Sender":"\"kernel-team\" "}},{"id":3189275,"web_url":"http://patchwork.ozlabs.org/comment/3189275/","msgid":"","list_archive_url":null,"date":"2023-09-28T08:31:53","subject":"ACK: [SRU][F/J/L][PATCH 0/1] CVE-2023-4921","submitter":{"id":85750,"url":"http://patchwork.ozlabs.org/api/people/85750/","name":"Roxana Nicolescu","email":"roxana.nicolescu@canonical.com"},"content":"On 27/09/2023 00:44, Yuxuan Luo wrote:\n> [Impact]\n> A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq\n> component can be exploited to achieve local privilege escalation. When the\n> plug qdisc is used as a class of the qfq qdisc, sending network packets\n> triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler\n> of sch_plug and lack of error checking in agg_dequeue(). We recommend\n> upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.\n>\n> [Backport]\n> It is a clean cherry pick.\n>\n> [Test]\n> Tested against the proof of concept. Note that the bug report generated\n> by the PoC is expected, as discussed in the [mailing\n> list](https://lore.kernel.org/all/39597d43-7522-38e7-1b37-82c4a84158aa@mojatatu.com/).\n>\n> [Potential Regression]\n> Expect relatively low regression potential as it has been backported to\n> multiple stable branches.\n>\n> valis (1):\n> net: sched: sch_qfq: Fix UAF in qfq_dequeue()\n>\n> net/sched/sch_plug.c | 2 +-\n> net/sched/sch_qfq.c | 22 +++++++++++++++++-----\n> 2 files changed, 18 insertions(+), 6 deletions(-)\n>\nAcked-by: Roxana Nicolescu ","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":"legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com\n (client-ip=185.125.189.65; helo=lists.ubuntu.com;\n envelope-from=kernel-team-bounces@lists.ubuntu.com;\n receiver=patchwork.ozlabs.org)","Received":["from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4Rx6DH044kz1yp8\n\tfor ; Thu, 28 Sep 2023 18:32:31 +1000 (AEST)","from localhost ([127.0.0.1] helo=lists.ubuntu.com)\n\tby lists.ubuntu.com with esmtp (Exim 4.86_2)\n\t(envelope-from )\n\tid 1qlmRU-0003YO-Ru; Thu, 28 Sep 2023 08:32:17 +0000","from smtp-relay-internal-0.internal ([10.131.114.225]\n helo=smtp-relay-internal-0.canonical.com)\n by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)\n (Exim 4.86_2) (envelope-from )\n id 1qlmRH-0003XO-8D\n for kernel-team@lists.ubuntu.com; Thu, 28 Sep 2023 08:32:03 +0000","from mail-qk1-f198.google.com (mail-qk1-f198.google.com\n [209.85.222.198])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n (No client certificate requested)\n by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id E23563F675\n for ; Thu, 28 Sep 2023 08:32:02 +0000 (UTC)","by mail-qk1-f198.google.com with SMTP id\n af79cd13be357-774335cb98cso1645822085a.2\n for ; Thu, 28 Sep 2023 01:32:02 -0700 (PDT)","from ?IPV6:2001:67c:1560:8007::aac:c490?\n ([2001:67c:1560:8007::aac:c490]) by smtp.gmail.com with ESMTPSA id\n y10-20020a62b50a000000b0064fd4a6b306sm12913734pfe.76.2023.09.28.01.31.58\n for \n (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);\n Thu, 28 Sep 2023 01:32:00 -0700 (PDT)"],"X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20230601; t=1695889922; x=1696494722;\n h=content-transfer-encoding:in-reply-to:autocrypt:from:references:to\n :content-language:subject:user-agent:mime-version:date:message-id\n :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;\n bh=7OH4MC5tTwgDWaLPqK41QGrX+b6tuCEilnz9Q1aW2po=;\n b=MDVPK3s/YQ1waYDPcKJ/erH8XieEhTPwgmZ2N+5kkuWL6Zt71HaHfUjRRvIck+LKxd\n Y7KBrvsYBevu2Seum+MywJtSzR471c2JM+Yxz5k4TlmQ8+GqJ3dCVwxdbNJ1HMyMDc8N\n F2P0Zr5m1BK8ZGWOTZksVKKdFEXx5unEqlsblF7sTNviJrKYYJVTOuFZZbQtFPyCzo6D\n mFXlbIL0XQaGIboOI51rK2a+VisI7AjhTuDapv+kbnq1zUWxWlsVaBiY7Sa503pJ0XEw\n BqOV+fHVslFCVvCOYzw5/uBz3ieCX6B3qjxniA+P+aTvXQtfBKUbJuZhZaFeXutdxsUO\n WuHQ==","X-Gm-Message-State":"AOJu0YziromRHIzpcDOe4irG/usWnNL7eYHSIp7XTZXvQ2odUUPhZY4g\n Oorkqqx+Cx6MkOjoZp6HGUQ7vrDTSw+MsRj6qqrey1QXBIEn8AiLUxJavQa4rRjR4zbpgWk0h1k\n pPBQ+8lQYJmh1Gg0AUi6omkAx10n4SD6M9Q94RYAMRUt1Sqc9ICtL6tE=","X-Received":["by 2002:a05:620a:c47:b0:773:af88:ccf2 with SMTP id\n u7-20020a05620a0c4700b00773af88ccf2mr487658qki.56.1695889921851;\n Thu, 28 Sep 2023 01:32:01 -0700 (PDT)","by 2002:a05:620a:c47:b0:773:af88:ccf2 with SMTP id\n u7-20020a05620a0c4700b00773af88ccf2mr487652qki.56.1695889921546;\n Thu, 28 Sep 2023 01:32:01 -0700 (PDT)"],"X-Google-Smtp-Source":"\n AGHT+IF1SJZu+ayCP/ondxypQ1i3t/4nTrYSn13n1tP5SWPa6I6DNpjdHdeDhDwbjtIFuLOOibjUBA==","Message-ID":"","Date":"Thu, 28 Sep 2023 10:31:53 +0200","MIME-Version":"1.0","User-Agent":"Mozilla Thunderbird","Subject":"ACK: [SRU][F/J/L][PATCH 0/1] CVE-2023-4921","Content-Language":"en-US","To":"kernel-team@lists.ubuntu.com","References":"<20230926224426.282101-1-yuxuan.luo@canonical.com>","From":"Roxana Nicolescu ","Autocrypt":"addr=roxana.nicolescu@canonical.com; keydata=\n xsFNBGOz8dUBEACbW6iR0smNW8BxmNcHzzktKmKImDxMdQlHZDYbKfQLBwNPGXaBq9b8vq2h\n Ae9pdbwIvaHmx2dL1hWuD1X1S7CKxqH9lsZXF2FZk/l1wlHSRIsElTaxau5lZP+EwzES2kXM\n 9zSRE+R6bD/MkGbwPl5fkRY0yhgLt2pEuc+yBLHVkENpr+cC3saikSRwtI6jfApHv2C9DKlq\n +42n0urEI7WR4l0Gdvw/t9c9B3QeEigxz5u1OicnhKcG4GK9gwmCYP2wbjPVwHr1zAxMxHAY\n sKSmR2jb32N+3QnyoLvvQekk8wG0ainqv332+vvxYeTDXTrohdSg5OZPON1V7Wh3LPLAlQbe\n agI0g+lCRXriv7Lu33tLlL7a2ph3bUEMAvagI4rhsgg7NSg4uzeOeLDAdW42qHQGDyRxX0Lw\n U8ZXuN551KLm0u2I/Ruo2AUFIavkjUfSsXqHJpCY2CXmvjDeHcBsHlN7U8VqNeYsqXn0EnjN\n OqgW94WWDZTS8ZFM8kkYbA2d7DQZstmhS9h/zJ3Y3wdsph4BDebp5yMH3vXnwOh85ijqQXM7\n iUkjIfjpXCejDOaeb9RT4xzwEmxChhGYqBk5mNr/plSyyLD+OkOLzAMeFmh5sx5x+/Oui/Xn\n s97hNlfOKOT42WLkcXcRF8xGborT79Nv5ird9E8qDwpkFT3gwwARAQABzTFSb3hhbmEgTmlj\n b2xlc2N1IDxyb3hhbmEubmljb2xlc2N1QGNhbm9uaWNhbC5jb20+wsGOBBMBCgA4FiEEuTxl\n ymcAhyYitf9DENoe7adEB28FAmOz8dUCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ\n ENoe7adEB29U0w/+KR8ikSBennP/B26R8KhFVFUAJCxBToGdHWWoNzmSBMijTvrz4pSS3OfI\n F8fOFPel0aQqoZOOgqC9rWPMy++o20qSg2pUCRrPvqK1YteIX1PTRfoxRSYP5NPp0uQz8f5w\n BKvXSb6eu8JHNzlFlKCvOt5EeMICsl47qf8vGh2/t3PRsp9aLOed1fXnNUXNxqCLphcRwGy5\n sGezEFK690x6oJHmTkq0r4jCCaJpDvUwx4VAAL1SsaEjRwgyN9O3Hp78KlJq+wdfjtMrtheY\n AnME9B0OjuE/PeScNy4qG/jmmjTmlkT4n99JkkQXTiJeiWZSkBAh/1zR/j59q5GiyTOCEIFw\n IZJNIBTdfHfwEYoPiRiaZk3zCVGgey+F7trwXXM0AY4IoBwvpB671RFxsrrbS/Pz7i1WgtW6\n oSK+u6OqmewRqZAqg+vYCzflxfFk6xKiAuKtLiZED3e2Lt0aHFCKyCDpsdMsTDSupO8WnqvB\n 4yJkoO6QyzyGT2Rv5eWI8S3/R7MTtJMt/K+fYJ8+/ltlHqKIcmpFrByft779g3D5dyKtRfWV\n s1FMHwoAdr7xEc8avcVbqTXSurFcnwMCYuM6G9zCB+q2yaKGhMzPA/LHlbGyS8QpO5H3ksp+\n bx/87wRw/0ScbT/eswhg53tZx//Gxf5zIMcPDytp/vwcyk1HWiDOwU0EY7Px1QEQALRjXzH1\n KoYC1+9B2+/s7EQWx5lfXimqnVG+qPl01q9qEPZqrjBwXOWJhLaFYLFa3GWOVxSpzRpZNL64\n wwmABJWQEWqDoW4p37q51TxjcQbs/P8jIy0tvDzYixWUj/NwBJnIuI5ge+GJ9xBtsN+e6/34\n pXs+hOAU2d9HPmpmU4WnRNqIfckBABZK5wB19Xhljo7usXKRciuJkTLp2rQDcmpxBv+VqqKW\n icFmW4iam6ZHuElU56/Li/U51L1LeMOCtXWnrKKoiaRSBK1XiItij1mYs6ayaBlxXk8xceeH\n bAHMgZXnltNJeog4S/1doGnrlJYkYcYdDu+Fzf+c5A5bFbe/s89uSpst3kbEqAD1AFEDBfgK\n Kc7CiI3L0uQJ0oYFRMMeu2FM1GMYFF24VZi72fI9WPpU0HmXF0ZouIcud2fcCVmG0S9euif0\n abPi/1Fhn4zIl7bG2+TeBeS28RYZA7XC4exbiPOPRETbFBsTWp8KloRNdIQGg3FCudMz2LKv\n UOu/IXafwBtgORLDr1dj2Ze2Krf4EkBJh8xRgCYbvBOycceyIkBb+F3IfDxqvmaDqnEnoJyS\n lZ84o8R3V3lhP2OD/Yvb+gBl+O/xXzfP6rRMrruZRFof3AXsuKKOcgDpIXd2/MsG/MK/HTHK\n 6KFfZCGUdTxhoAr3XVg8Q0CuwZ3jABEBAAHCwXYEGAEKACAWIQS5PGXKZwCHJiK1/0MQ2h7t\n p0QHbwUCY7Px1QIbDAAKCRAQ2h7tp0QHb9HKD/42ya1pLxmkJ7pAZeWIiszMwDEEmxbQicS9\n fZtjRN/IL3AiVvcWyN8cqsESx9xzCnjad+rCHr4PmuGvTHasolFHziCX5B2bCRAVAkGIBcJC\n 2mCPQEGZt8YysGS/y9KxqMgCy045pcBKtmPtRWab26+3FbkjJ/eje9vcDv2GyN09Rh6R57Zx\n 2hN4rZjZnbp7vfZPrKhPbIT2ckV5ZtUm9Er0/Vy/Lu/CrnOOYwJrpgLa8R3thBR9t0pDZdFd\n VAwl12qzt2C9Js+XjuxhYuywTtpvr8QgBhu4U/JN7OFfxD5WSanJ38KSFK3FeUdeqIfDDTQK\n d0f6ntHmjLqteo87cedJGwtFIZTW1a5eCZiKsfhosCSmrFw3DLDI5Cun7Sm1SWMShYzSpnSC\n i75PB8GYiH5T12ZSxRhRXCIri0OzPRYvfKZ82Ji33UUG5MZvqKpttEXaK8bxqmAg0TrJ+nLd\n jn99r9WDQokRITZRW4GCUDFY/K6p8MBfGM+sm3oi50hGXi4SRIYD0dZpC7QWRYNmhR9AsxWR\n EGoQV+X6XMEh1XFcBpExwvFrIpD+5SZrWp4e/lGLGA70EBHKFO15YL1Pv+fChskp3wRYr4mG\n Ao8E1tCv1TJZdkVZ7z93qUroOf8qi71FSzApqEHX7OyT3ad5/fYRzeme+3VlwGS6MHMWnpuo Og==","In-Reply-To":"<20230926224426.282101-1-yuxuan.luo@canonical.com>","X-BeenThere":"kernel-team@lists.ubuntu.com","X-Mailman-Version":"2.1.20","Precedence":"list","List-Id":"Kernel team discussions ","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","Content-Transfer-Encoding":"base64","Content-Type":"text/plain; charset=\"utf-8\"; Format=\"flowed\"","Errors-To":"kernel-team-bounces@lists.ubuntu.com","Sender":"\"kernel-team\" "}},{"id":3189901,"web_url":"http://patchwork.ozlabs.org/comment/3189901/","msgid":"","list_archive_url":null,"date":"2023-09-29T06:59:31","subject":"APPLIED[F,J,L]: [SRU][F/J/L][PATCH 0/1] CVE-2023-4921","submitter":{"id":85750,"url":"http://patchwork.ozlabs.org/api/people/85750/","name":"Roxana Nicolescu","email":"roxana.nicolescu@canonical.com"},"content":"On 27/09/2023 00:44, Yuxuan Luo wrote:\n> [Impact]\n> A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq\n> component can be exploited to achieve local privilege escalation. When the\n> plug qdisc is used as a class of the qfq qdisc, sending network packets\n> triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler\n> of sch_plug and lack of error checking in agg_dequeue(). We recommend\n> upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.\n>\n> [Backport]\n> It is a clean cherry pick.\n>\n> [Test]\n> Tested against the proof of concept. Note that the bug report generated\n> by the PoC is expected, as discussed in the [mailing\n> list](https://lore.kernel.org/all/39597d43-7522-38e7-1b37-82c4a84158aa@mojatatu.com/).\n>\n> [Potential Regression]\n> Expect relatively low regression potential as it has been backported to\n> multiple stable branches.\n>\n> valis (1):\n> net: sched: sch_qfq: Fix UAF in qfq_dequeue()\n>\n> net/sched/sch_plug.c | 2 +-\n> net/sched/sch_qfq.c | 22 +++++++++++++++++-----\n> 2 files changed, 18 insertions(+), 6 deletions(-)\n>\n>\nApplied to focal,jammy,lunar:master-next. Thanks!\n\nRoxana","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":"legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com\n (client-ip=185.125.189.65; helo=lists.ubuntu.com;\n envelope-from=kernel-team-bounces@lists.ubuntu.com;\n receiver=patchwork.ozlabs.org)","Received":["from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4Rxh760DRFz1yp0\n\tfor ; Fri, 29 Sep 2023 17:00:02 +1000 (AEST)","from localhost ([127.0.0.1] helo=lists.ubuntu.com)\n\tby lists.ubuntu.com with esmtp (Exim 4.86_2)\n\t(envelope-from )\n\tid 1qm7TS-0003uB-CB; Fri, 29 Sep 2023 06:59:42 +0000","from smtp-relay-internal-1.internal ([10.131.114.114]\n helo=smtp-relay-internal-1.canonical.com)\n by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)\n (Exim 4.86_2) (envelope-from )\n id 1qm7TJ-0003pV-BY\n for kernel-team@lists.ubuntu.com; Fri, 29 Sep 2023 06:59:34 +0000","from mail-ej1-f72.google.com (mail-ej1-f72.google.com\n [209.85.218.72])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n (No client certificate requested)\n by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 0465A3F469\n for ; Fri, 29 Sep 2023 06:59:33 +0000 (UTC)","by mail-ej1-f72.google.com with SMTP id\n a640c23a62f3a-9a5d86705e4so1203229866b.1\n for ; Thu, 28 Sep 2023 23:59:33 -0700 (PDT)","from [192.168.0.189] (77-169-125-32.fixed.kpn.net. [77.169.125.32])\n by smtp.gmail.com with ESMTPSA id\n do5-20020a170906c10500b009ad8796a6aesm178711ejc.56.2023.09.28.23.59.31\n for \n (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);\n Thu, 28 Sep 2023 23:59:31 -0700 (PDT)"],"X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20230601; t=1695970772; x=1696575572;\n h=content-transfer-encoding:in-reply-to:autocrypt:from:references:to\n :content-language:subject:user-agent:mime-version:date:message-id\n :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;\n bh=QGY8L73ebpNYCy7iQXhjJG3o5q+A4j3SXlWn+mq6Sjg=;\n b=O1sBst3CWW2OlXipsigJY9F0op+u2Gh/ORV45eVWTJmRLTPhlbbXuPt2389Bd/lRGQ\n nhbAUj2PMcQwSOgc5aVgp4Uptz5AXILushDAVvz0wpFLUTiA15ygDpFR8G2V5HDz3MAp\n ++02UdoDzwi62Q5S0Nny3kDxUo/4Bdu7ZH3yiCoPA4kwI/mh14HGCEn9vK6WihDEuELq\n vwdXKuaMCuiRnNCnRabCt2dMJuRXf01adzkOSP/QBH0S1qoJFGWsSeMH/VXfYx+RLTNE\n IlkJA9aCZxkz8y2g4RQE84kJXlU/aNFlO2Nt/LHfxfUtdTEdZBzBbGoLL2wqznRuLP18\n psoA==","X-Gm-Message-State":"AOJu0Yxq+ZE/iDERNmnKtmVtwYyKS1X2IU8yGIDyQFuXMsAcuZ+0d0mU\n foIZdIHNXuC5HKSy1dl6qvPnVxYJXIFHaHfAyx7jlUMrz1FpxUsNcxwLDMk+etZlmvQMdKBi5Y+\n BYt7OLLS0K6vY/AWZTZdwdrdqlJZvq3/GqHEX6bMFCd0FAHYStoPNYbE=","X-Received":["by 2002:a17:907:7859:b0:9ad:78b7:29ea with SMTP id\n lb25-20020a170907785900b009ad78b729eamr2906665ejc.44.1695970772646;\n Thu, 28 Sep 2023 23:59:32 -0700 (PDT)","by 2002:a17:907:7859:b0:9ad:78b7:29ea with SMTP id\n lb25-20020a170907785900b009ad78b729eamr2906657ejc.44.1695970772308;\n Thu, 28 Sep 2023 23:59:32 -0700 (PDT)"],"X-Google-Smtp-Source":"\n AGHT+IEbzN1KCMWLolWA98YDUL6Hqud0/RewKcATEL1W+bpalOF1aZrkHb1ohCJAVifrWsvZxsDzhg==","Message-ID":"","Date":"Fri, 29 Sep 2023 08:59:31 +0200","MIME-Version":"1.0","User-Agent":"Mozilla Thunderbird","Subject":"APPLIED[F,J,L]: [SRU][F/J/L][PATCH 0/1] CVE-2023-4921","Content-Language":"en-US","To":"kernel-team@lists.ubuntu.com","References":"<20230926224426.282101-1-yuxuan.luo@canonical.com>","From":"Roxana Nicolescu ","Autocrypt":"addr=roxana.nicolescu@canonical.com; keydata=\n xsFNBGOz8dUBEACbW6iR0smNW8BxmNcHzzktKmKImDxMdQlHZDYbKfQLBwNPGXaBq9b8vq2h\n Ae9pdbwIvaHmx2dL1hWuD1X1S7CKxqH9lsZXF2FZk/l1wlHSRIsElTaxau5lZP+EwzES2kXM\n 9zSRE+R6bD/MkGbwPl5fkRY0yhgLt2pEuc+yBLHVkENpr+cC3saikSRwtI6jfApHv2C9DKlq\n +42n0urEI7WR4l0Gdvw/t9c9B3QeEigxz5u1OicnhKcG4GK9gwmCYP2wbjPVwHr1zAxMxHAY\n sKSmR2jb32N+3QnyoLvvQekk8wG0ainqv332+vvxYeTDXTrohdSg5OZPON1V7Wh3LPLAlQbe\n agI0g+lCRXriv7Lu33tLlL7a2ph3bUEMAvagI4rhsgg7NSg4uzeOeLDAdW42qHQGDyRxX0Lw\n U8ZXuN551KLm0u2I/Ruo2AUFIavkjUfSsXqHJpCY2CXmvjDeHcBsHlN7U8VqNeYsqXn0EnjN\n OqgW94WWDZTS8ZFM8kkYbA2d7DQZstmhS9h/zJ3Y3wdsph4BDebp5yMH3vXnwOh85ijqQXM7\n iUkjIfjpXCejDOaeb9RT4xzwEmxChhGYqBk5mNr/plSyyLD+OkOLzAMeFmh5sx5x+/Oui/Xn\n s97hNlfOKOT42WLkcXcRF8xGborT79Nv5ird9E8qDwpkFT3gwwARAQABzTFSb3hhbmEgTmlj\n b2xlc2N1IDxyb3hhbmEubmljb2xlc2N1QGNhbm9uaWNhbC5jb20+wsGOBBMBCgA4FiEEuTxl\n ymcAhyYitf9DENoe7adEB28FAmOz8dUCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ\n ENoe7adEB29U0w/+KR8ikSBennP/B26R8KhFVFUAJCxBToGdHWWoNzmSBMijTvrz4pSS3OfI\n F8fOFPel0aQqoZOOgqC9rWPMy++o20qSg2pUCRrPvqK1YteIX1PTRfoxRSYP5NPp0uQz8f5w\n BKvXSb6eu8JHNzlFlKCvOt5EeMICsl47qf8vGh2/t3PRsp9aLOed1fXnNUXNxqCLphcRwGy5\n sGezEFK690x6oJHmTkq0r4jCCaJpDvUwx4VAAL1SsaEjRwgyN9O3Hp78KlJq+wdfjtMrtheY\n AnME9B0OjuE/PeScNy4qG/jmmjTmlkT4n99JkkQXTiJeiWZSkBAh/1zR/j59q5GiyTOCEIFw\n IZJNIBTdfHfwEYoPiRiaZk3zCVGgey+F7trwXXM0AY4IoBwvpB671RFxsrrbS/Pz7i1WgtW6\n oSK+u6OqmewRqZAqg+vYCzflxfFk6xKiAuKtLiZED3e2Lt0aHFCKyCDpsdMsTDSupO8WnqvB\n 4yJkoO6QyzyGT2Rv5eWI8S3/R7MTtJMt/K+fYJ8+/ltlHqKIcmpFrByft779g3D5dyKtRfWV\n s1FMHwoAdr7xEc8avcVbqTXSurFcnwMCYuM6G9zCB+q2yaKGhMzPA/LHlbGyS8QpO5H3ksp+\n bx/87wRw/0ScbT/eswhg53tZx//Gxf5zIMcPDytp/vwcyk1HWiDOwU0EY7Px1QEQALRjXzH1\n KoYC1+9B2+/s7EQWx5lfXimqnVG+qPl01q9qEPZqrjBwXOWJhLaFYLFa3GWOVxSpzRpZNL64\n wwmABJWQEWqDoW4p37q51TxjcQbs/P8jIy0tvDzYixWUj/NwBJnIuI5ge+GJ9xBtsN+e6/34\n pXs+hOAU2d9HPmpmU4WnRNqIfckBABZK5wB19Xhljo7usXKRciuJkTLp2rQDcmpxBv+VqqKW\n icFmW4iam6ZHuElU56/Li/U51L1LeMOCtXWnrKKoiaRSBK1XiItij1mYs6ayaBlxXk8xceeH\n bAHMgZXnltNJeog4S/1doGnrlJYkYcYdDu+Fzf+c5A5bFbe/s89uSpst3kbEqAD1AFEDBfgK\n Kc7CiI3L0uQJ0oYFRMMeu2FM1GMYFF24VZi72fI9WPpU0HmXF0ZouIcud2fcCVmG0S9euif0\n abPi/1Fhn4zIl7bG2+TeBeS28RYZA7XC4exbiPOPRETbFBsTWp8KloRNdIQGg3FCudMz2LKv\n UOu/IXafwBtgORLDr1dj2Ze2Krf4EkBJh8xRgCYbvBOycceyIkBb+F3IfDxqvmaDqnEnoJyS\n lZ84o8R3V3lhP2OD/Yvb+gBl+O/xXzfP6rRMrruZRFof3AXsuKKOcgDpIXd2/MsG/MK/HTHK\n 6KFfZCGUdTxhoAr3XVg8Q0CuwZ3jABEBAAHCwXYEGAEKACAWIQS5PGXKZwCHJiK1/0MQ2h7t\n p0QHbwUCY7Px1QIbDAAKCRAQ2h7tp0QHb9HKD/42ya1pLxmkJ7pAZeWIiszMwDEEmxbQicS9\n fZtjRN/IL3AiVvcWyN8cqsESx9xzCnjad+rCHr4PmuGvTHasolFHziCX5B2bCRAVAkGIBcJC\n 2mCPQEGZt8YysGS/y9KxqMgCy045pcBKtmPtRWab26+3FbkjJ/eje9vcDv2GyN09Rh6R57Zx\n 2hN4rZjZnbp7vfZPrKhPbIT2ckV5ZtUm9Er0/Vy/Lu/CrnOOYwJrpgLa8R3thBR9t0pDZdFd\n VAwl12qzt2C9Js+XjuxhYuywTtpvr8QgBhu4U/JN7OFfxD5WSanJ38KSFK3FeUdeqIfDDTQK\n d0f6ntHmjLqteo87cedJGwtFIZTW1a5eCZiKsfhosCSmrFw3DLDI5Cun7Sm1SWMShYzSpnSC\n i75PB8GYiH5T12ZSxRhRXCIri0OzPRYvfKZ82Ji33UUG5MZvqKpttEXaK8bxqmAg0TrJ+nLd\n jn99r9WDQokRITZRW4GCUDFY/K6p8MBfGM+sm3oi50hGXi4SRIYD0dZpC7QWRYNmhR9AsxWR\n EGoQV+X6XMEh1XFcBpExwvFrIpD+5SZrWp4e/lGLGA70EBHKFO15YL1Pv+fChskp3wRYr4mG\n Ao8E1tCv1TJZdkVZ7z93qUroOf8qi71FSzApqEHX7OyT3ad5/fYRzeme+3VlwGS6MHMWnpuo Og==","In-Reply-To":"<20230926224426.282101-1-yuxuan.luo@canonical.com>","X-BeenThere":"kernel-team@lists.ubuntu.com","X-Mailman-Version":"2.1.20","Precedence":"list","List-Id":"Kernel team discussions ","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","Content-Transfer-Encoding":"base64","Content-Type":"text/plain; charset=\"utf-8\"; Format=\"flowed\"","Errors-To":"kernel-team-bounces@lists.ubuntu.com","Sender":"\"kernel-team\" "}},{"id":3189908,"web_url":"http://patchwork.ozlabs.org/comment/3189908/","msgid":"","list_archive_url":null,"date":"2023-09-29T07:00:38","subject":"Re: Cmnt: [SRU][F/J/L][PATCH 0/1] CVE-2023-4921","submitter":{"id":85750,"url":"http://patchwork.ozlabs.org/api/people/85750/","name":"Roxana Nicolescu","email":"roxana.nicolescu@canonical.com"},"content":"On 27/09/2023 15:49, Yuxuan Luo wrote:\n> Also applies to Jammy-OEM-6.1.\n>\n> On 9/26/23 18:44, Yuxuan Luo wrote:\n>> [Impact]\n>> A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq\n>> component can be exploited to achieve local privilege escalation. \n>> When the\n>> plug qdisc is used as a class of the qfq qdisc, sending network packets\n>> triggers use-after-free in qfq_dequeue() due to the incorrect .peek \n>> handler\n>> of sch_plug and lack of error checking in agg_dequeue(). We recommend\n>> upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.\n>>\n>> [Backport]\n>> It is a clean cherry pick.\n>>\n>> [Test]\n>> Tested against the proof of concept. Note that the bug report generated\n>> by the PoC is expected, as discussed in the [mailing\n>> list](https://lore.kernel.org/all/39597d43-7522-38e7-1b37-82c4a84158aa@mojatatu.com/). \n>>\n>>\n>> [Potential Regression]\n>> Expect relatively low regression potential as it has been backported to\n>> multiple stable branches.\n>>\n>> valis (1):\n>>    net: sched: sch_qfq: Fix UAF in qfq_dequeue()\n>>\n>>   net/sched/sch_plug.c |  2 +-\n>>   net/sched/sch_qfq.c  | 22 +++++++++++++++++-----\n>>   2 files changed, 18 insertions(+), 6 deletions(-)\n>>\n>\nAdded Timo.","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":"legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com\n (client-ip=185.125.189.65; helo=lists.ubuntu.com;\n envelope-from=kernel-team-bounces@lists.ubuntu.com;\n receiver=patchwork.ozlabs.org)","Received":["from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4RxhHW5CKKz1yng\n\tfor ; Fri, 29 Sep 2023 17:07:19 +1000 (AEST)","from localhost ([127.0.0.1] helo=lists.ubuntu.com)\n\tby lists.ubuntu.com with esmtp (Exim 4.86_2)\n\t(envelope-from )\n\tid 1qm7aW-0006FO-I6; Fri, 29 Sep 2023 07:07:00 +0000","from smtp-relay-internal-0.internal ([10.131.114.225]\n helo=smtp-relay-internal-0.canonical.com)\n by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)\n (Exim 4.86_2) (envelope-from )\n id 1qm7UP-00043y-MF\n for kernel-team@lists.ubuntu.com; Fri, 29 Sep 2023 07:00:42 +0000","from mail-ej1-f72.google.com (mail-ej1-f72.google.com\n [209.85.218.72])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n (No client certificate requested)\n by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 4D3D83F44E\n for ; Fri, 29 Sep 2023 07:00:40 +0000 (UTC)","by mail-ej1-f72.google.com with SMTP id\n a640c23a62f3a-9a9d7a801a3so1200853466b.2\n for ; Fri, 29 Sep 2023 00:00:40 -0700 (PDT)","from [192.168.0.189] (77-169-125-32.fixed.kpn.net. [77.169.125.32])\n by smtp.gmail.com with ESMTPSA id\n do5-20020a170906c10500b009ad8796a6aesm178711ejc.56.2023.09.29.00.00.38\n (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);\n Fri, 29 Sep 2023 00:00:38 -0700 (PDT)"],"X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20230601; t=1695970839; x=1696575639;\n h=content-transfer-encoding:in-reply-to:autocrypt:from:cc:references\n :to:content-language:subject:user-agent:mime-version:date:message-id\n :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;\n bh=rFjSl6bahOlO+pzBNo4ejwsb3fKLVnO0/Xc5norYsKU=;\n b=XiaUO6LwDwT6Kizfos7n/w9kU/a9EI3Qr+WsetpP/JqgBINzAh09fOsrYcNh0/aqnl\n 6fh0fJtf+N6IjURsRRF5JcDiKQisKzXKXePykVmgU86blhqeACitMKfFwzfryaJilO95\n TfmulEmHprNDYbPQn9IvrBBL20UC10HGicnj3W9c2dTP+eJ5HTyvLztqdSCtozpCabh0\n Xdz3RGL0DWm21LU0G0xcjGT/ha3WG2Zl2Dh3AnA9rbUg4HRykzCFPpAz2MkI6zfY5yNy\n K3Ve+USDgQNn1SsZp2bsbhXyo/cXEaAeA6MI0wI6jWxGMEghEHpWbCljyWs2fE2ybFU/\n ZTwQ==","X-Gm-Message-State":"AOJu0YwyhJxdyFuDAxEqjjEsdefk5nkZfKERKeOVV5x4V1v0nISzm/VW\n oO5fO2HU1uPm0HiMsfYKdrlCoHLP180Oc2hoVt0XY6ywrFMssA8NUgGo6aGAPWDSursH8cwDn+b\n NrywkdR/XoMgqgp3BwbGqw8u0b6Z+njaPnjfukWhTkThNWDxIvvEr1V8=","X-Received":["by 2002:a17:906:329a:b0:9b2:b15b:383f with SMTP id\n 26-20020a170906329a00b009b2b15b383fmr2832631ejw.43.1695970839631;\n Fri, 29 Sep 2023 00:00:39 -0700 (PDT)","by 2002:a17:906:329a:b0:9b2:b15b:383f with SMTP id\n 26-20020a170906329a00b009b2b15b383fmr2832610ejw.43.1695970839289;\n Fri, 29 Sep 2023 00:00:39 -0700 (PDT)"],"X-Google-Smtp-Source":"\n AGHT+IFESmyeXMOnQBooastFAvLq6fTyO9Rlk55vK7ie/kPa8unEUgXJWiLd6L8Cw3LVfSyhId8qWQ==","Message-ID":"","Date":"Fri, 29 Sep 2023 09:00:38 +0200","MIME-Version":"1.0","User-Agent":"Mozilla Thunderbird","Subject":"Re: Cmnt: [SRU][F/J/L][PATCH 0/1] CVE-2023-4921","Content-Language":"en-US","To":"kernel-team@lists.ubuntu.com","References":"<20230926224426.282101-1-yuxuan.luo@canonical.com>\n <908dab6b-4661-4e26-ba6f-90ad663cb58b@canonical.com>","From":"Roxana Nicolescu ","Autocrypt":"addr=roxana.nicolescu@canonical.com; keydata=\n xsFNBGOz8dUBEACbW6iR0smNW8BxmNcHzzktKmKImDxMdQlHZDYbKfQLBwNPGXaBq9b8vq2h\n Ae9pdbwIvaHmx2dL1hWuD1X1S7CKxqH9lsZXF2FZk/l1wlHSRIsElTaxau5lZP+EwzES2kXM\n 9zSRE+R6bD/MkGbwPl5fkRY0yhgLt2pEuc+yBLHVkENpr+cC3saikSRwtI6jfApHv2C9DKlq\n +42n0urEI7WR4l0Gdvw/t9c9B3QeEigxz5u1OicnhKcG4GK9gwmCYP2wbjPVwHr1zAxMxHAY\n sKSmR2jb32N+3QnyoLvvQekk8wG0ainqv332+vvxYeTDXTrohdSg5OZPON1V7Wh3LPLAlQbe\n agI0g+lCRXriv7Lu33tLlL7a2ph3bUEMAvagI4rhsgg7NSg4uzeOeLDAdW42qHQGDyRxX0Lw\n U8ZXuN551KLm0u2I/Ruo2AUFIavkjUfSsXqHJpCY2CXmvjDeHcBsHlN7U8VqNeYsqXn0EnjN\n OqgW94WWDZTS8ZFM8kkYbA2d7DQZstmhS9h/zJ3Y3wdsph4BDebp5yMH3vXnwOh85ijqQXM7\n iUkjIfjpXCejDOaeb9RT4xzwEmxChhGYqBk5mNr/plSyyLD+OkOLzAMeFmh5sx5x+/Oui/Xn\n s97hNlfOKOT42WLkcXcRF8xGborT79Nv5ird9E8qDwpkFT3gwwARAQABzTFSb3hhbmEgTmlj\n b2xlc2N1IDxyb3hhbmEubmljb2xlc2N1QGNhbm9uaWNhbC5jb20+wsGOBBMBCgA4FiEEuTxl\n ymcAhyYitf9DENoe7adEB28FAmOz8dUCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ\n ENoe7adEB29U0w/+KR8ikSBennP/B26R8KhFVFUAJCxBToGdHWWoNzmSBMijTvrz4pSS3OfI\n F8fOFPel0aQqoZOOgqC9rWPMy++o20qSg2pUCRrPvqK1YteIX1PTRfoxRSYP5NPp0uQz8f5w\n BKvXSb6eu8JHNzlFlKCvOt5EeMICsl47qf8vGh2/t3PRsp9aLOed1fXnNUXNxqCLphcRwGy5\n sGezEFK690x6oJHmTkq0r4jCCaJpDvUwx4VAAL1SsaEjRwgyN9O3Hp78KlJq+wdfjtMrtheY\n AnME9B0OjuE/PeScNy4qG/jmmjTmlkT4n99JkkQXTiJeiWZSkBAh/1zR/j59q5GiyTOCEIFw\n IZJNIBTdfHfwEYoPiRiaZk3zCVGgey+F7trwXXM0AY4IoBwvpB671RFxsrrbS/Pz7i1WgtW6\n oSK+u6OqmewRqZAqg+vYCzflxfFk6xKiAuKtLiZED3e2Lt0aHFCKyCDpsdMsTDSupO8WnqvB\n 4yJkoO6QyzyGT2Rv5eWI8S3/R7MTtJMt/K+fYJ8+/ltlHqKIcmpFrByft779g3D5dyKtRfWV\n s1FMHwoAdr7xEc8avcVbqTXSurFcnwMCYuM6G9zCB+q2yaKGhMzPA/LHlbGyS8QpO5H3ksp+\n bx/87wRw/0ScbT/eswhg53tZx//Gxf5zIMcPDytp/vwcyk1HWiDOwU0EY7Px1QEQALRjXzH1\n KoYC1+9B2+/s7EQWx5lfXimqnVG+qPl01q9qEPZqrjBwXOWJhLaFYLFa3GWOVxSpzRpZNL64\n wwmABJWQEWqDoW4p37q51TxjcQbs/P8jIy0tvDzYixWUj/NwBJnIuI5ge+GJ9xBtsN+e6/34\n pXs+hOAU2d9HPmpmU4WnRNqIfckBABZK5wB19Xhljo7usXKRciuJkTLp2rQDcmpxBv+VqqKW\n icFmW4iam6ZHuElU56/Li/U51L1LeMOCtXWnrKKoiaRSBK1XiItij1mYs6ayaBlxXk8xceeH\n bAHMgZXnltNJeog4S/1doGnrlJYkYcYdDu+Fzf+c5A5bFbe/s89uSpst3kbEqAD1AFEDBfgK\n Kc7CiI3L0uQJ0oYFRMMeu2FM1GMYFF24VZi72fI9WPpU0HmXF0ZouIcud2fcCVmG0S9euif0\n abPi/1Fhn4zIl7bG2+TeBeS28RYZA7XC4exbiPOPRETbFBsTWp8KloRNdIQGg3FCudMz2LKv\n UOu/IXafwBtgORLDr1dj2Ze2Krf4EkBJh8xRgCYbvBOycceyIkBb+F3IfDxqvmaDqnEnoJyS\n lZ84o8R3V3lhP2OD/Yvb+gBl+O/xXzfP6rRMrruZRFof3AXsuKKOcgDpIXd2/MsG/MK/HTHK\n 6KFfZCGUdTxhoAr3XVg8Q0CuwZ3jABEBAAHCwXYEGAEKACAWIQS5PGXKZwCHJiK1/0MQ2h7t\n p0QHbwUCY7Px1QIbDAAKCRAQ2h7tp0QHb9HKD/42ya1pLxmkJ7pAZeWIiszMwDEEmxbQicS9\n fZtjRN/IL3AiVvcWyN8cqsESx9xzCnjad+rCHr4PmuGvTHasolFHziCX5B2bCRAVAkGIBcJC\n 2mCPQEGZt8YysGS/y9KxqMgCy045pcBKtmPtRWab26+3FbkjJ/eje9vcDv2GyN09Rh6R57Zx\n 2hN4rZjZnbp7vfZPrKhPbIT2ckV5ZtUm9Er0/Vy/Lu/CrnOOYwJrpgLa8R3thBR9t0pDZdFd\n VAwl12qzt2C9Js+XjuxhYuywTtpvr8QgBhu4U/JN7OFfxD5WSanJ38KSFK3FeUdeqIfDDTQK\n d0f6ntHmjLqteo87cedJGwtFIZTW1a5eCZiKsfhosCSmrFw3DLDI5Cun7Sm1SWMShYzSpnSC\n i75PB8GYiH5T12ZSxRhRXCIri0OzPRYvfKZ82Ji33UUG5MZvqKpttEXaK8bxqmAg0TrJ+nLd\n jn99r9WDQokRITZRW4GCUDFY/K6p8MBfGM+sm3oi50hGXi4SRIYD0dZpC7QWRYNmhR9AsxWR\n EGoQV+X6XMEh1XFcBpExwvFrIpD+5SZrWp4e/lGLGA70EBHKFO15YL1Pv+fChskp3wRYr4mG\n Ao8E1tCv1TJZdkVZ7z93qUroOf8qi71FSzApqEHX7OyT3ad5/fYRzeme+3VlwGS6MHMWnpuo Og==","In-Reply-To":"<908dab6b-4661-4e26-ba6f-90ad663cb58b@canonical.com>","X-BeenThere":"kernel-team@lists.ubuntu.com","X-Mailman-Version":"2.1.20","Precedence":"list","List-Id":"Kernel team discussions ","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","Cc":"timo.aaltonen@canonical.com","Content-Transfer-Encoding":"base64","Content-Type":"text/plain; charset=\"utf-8\"; Format=\"flowed\"","Errors-To":"kernel-team-bounces@lists.ubuntu.com","Sender":"\"kernel-team\" "}},{"id":3193453,"web_url":"http://patchwork.ozlabs.org/comment/3193453/","msgid":"","list_archive_url":null,"date":"2023-10-05T09:18:27","subject":"Re: Cmnt: [SRU][F/J/L][PATCH 0/1] CVE-2023-4921","submitter":{"id":10238,"url":"http://patchwork.ozlabs.org/api/people/10238/","name":"Timo Aaltonen","email":"tjaalton@ubuntu.com"},"content":"Hi,\n\nPlease add the [OEM-6.1] tag to the subject when commenting that a patch \napplies there too, otherwise it won't show up on my filter :)\n\nYuxuan Luo kirjoitti 27.9.2023 klo 16.49:\n> Also applies to Jammy-OEM-6.1.\n> \n> On 9/26/23 18:44, Yuxuan Luo wrote:\n>> [Impact]\n>> A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq\n>> component can be exploited to achieve local privilege escalation. When \n>> the\n>> plug qdisc is used as a class of the qfq qdisc, sending network packets\n>> triggers use-after-free in qfq_dequeue() due to the incorrect .peek \n>> handler\n>> of sch_plug and lack of error checking in agg_dequeue(). We recommend\n>> upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.\n>>\n>> [Backport]\n>> It is a clean cherry pick.\n>>\n>> [Test]\n>> Tested against the proof of concept. Note that the bug report generated\n>> by the PoC is expected, as discussed in the [mailing\n>> list](https://lore.kernel.org/all/39597d43-7522-38e7-1b37-82c4a84158aa@mojatatu.com/).\n>>\n>> [Potential Regression]\n>> Expect relatively low regression potential as it has been backported to\n>> multiple stable branches.\n>>\n>> valis (1):\n>>    net: sched: sch_qfq: Fix UAF in qfq_dequeue()\n>>\n>>   net/sched/sch_plug.c |  2 +-\n>>   net/sched/sch_qfq.c  | 22 +++++++++++++++++-----\n>>   2 files changed, 18 insertions(+), 6 deletions(-)\n>>\n>","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":"legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com\n (client-ip=185.125.189.65; helo=lists.ubuntu.com;\n envelope-from=kernel-team-bounces@lists.ubuntu.com;\n receiver=patchwork.ozlabs.org)","Received":["from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4S1QwR2wylz1yng\n\tfor ; Thu, 5 Oct 2023 20:18:47 +1100 (AEDT)","from localhost ([127.0.0.1] helo=lists.ubuntu.com)\n\tby lists.ubuntu.com with esmtp (Exim 4.86_2)\n\t(envelope-from )\n\tid 1qoKV9-00070p-8x; Thu, 05 Oct 2023 09:18:35 +0000","from smtp-relay-canonical-0.internal ([10.131.114.83]\n helo=smtp-relay-canonical-0.canonical.com)\n by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)\n (Exim 4.86_2) (envelope-from )\n id 1qoKV2-000709-KI\n for kernel-team@lists.ubuntu.com; Thu, 05 Oct 2023 09:18:29 +0000","from [192.168.50.110] (185-185-170-138.localnetip.fi\n [185.185.170.138])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n (No client certificate requested)\n by smtp-relay-canonical-0.canonical.com (Postfix) with ESMTPSA id 5A6533F72C;\n Thu, 5 Oct 2023 09:18:28 +0000 (UTC)"],"Message-ID":"","Date":"Thu, 5 Oct 2023 12:18:27 +0300","MIME-Version":"1.0","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101\n Thunderbird/102.15.1","Content-Language":"en-US","To":"Yuxuan Luo , kernel-team@lists.ubuntu.com","References":"<20230926224426.282101-1-yuxuan.luo@canonical.com>\n <908dab6b-4661-4e26-ba6f-90ad663cb58b@canonical.com>","From":"Timo Aaltonen ","Subject":"Re: Cmnt: [SRU][F/J/L][PATCH 0/1] CVE-2023-4921","In-Reply-To":"<908dab6b-4661-4e26-ba6f-90ad663cb58b@canonical.com>","X-BeenThere":"kernel-team@lists.ubuntu.com","X-Mailman-Version":"2.1.20","Precedence":"list","List-Id":"Kernel team discussions ","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","Content-Transfer-Encoding":"base64","Content-Type":"text/plain; charset=\"utf-8\"; Format=\"flowed\"","Errors-To":"kernel-team-bounces@lists.ubuntu.com","Sender":"\"kernel-team\" "}},{"id":3193454,"web_url":"http://patchwork.ozlabs.org/comment/3193454/","msgid":"<01a21dd0-cb2a-8782-c67f-150511c08f2b@ubuntu.com>","list_archive_url":null,"date":"2023-10-05T09:20:00","subject":"APPLIED [OEM-6.1] Re: [SRU][F/J/L][PATCH 0/1] CVE-2023-4921","submitter":{"id":10238,"url":"http://patchwork.ozlabs.org/api/people/10238/","name":"Timo Aaltonen","email":"tjaalton@ubuntu.com"},"content":"Yuxuan Luo kirjoitti 27.9.2023 klo 1.44:\n> [Impact]\n> A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq\n> component can be exploited to achieve local privilege escalation. When the\n> plug qdisc is used as a class of the qfq qdisc, sending network packets\n> triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler\n> of sch_plug and lack of error checking in agg_dequeue(). We recommend\n> upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.\n> \n> [Backport]\n> It is a clean cherry pick.\n> \n> [Test]\n> Tested against the proof of concept. Note that the bug report generated\n> by the PoC is expected, as discussed in the [mailing\n> list](https://lore.kernel.org/all/39597d43-7522-38e7-1b37-82c4a84158aa@mojatatu.com/).\n> \n> [Potential Regression]\n> Expect relatively low regression potential as it has been backported to\n> multiple stable branches.\n> \n> valis (1):\n> net: sched: sch_qfq: Fix UAF in qfq_dequeue()\n> \n> net/sched/sch_plug.c | 2 +-\n> net/sched/sch_qfq.c | 22 +++++++++++++++++-----\n> 2 files changed, 18 insertions(+), 6 deletions(-)\n> \n\napplied to oem-6.1, thanks\n\nthough it didn't make it to the s2023.09.04 cycle","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":"legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com\n (client-ip=185.125.189.65; helo=lists.ubuntu.com;\n envelope-from=kernel-team-bounces@lists.ubuntu.com;\n receiver=patchwork.ozlabs.org)","Received":["from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4S1Qy82zXJz1yq7\n\tfor ; Thu, 5 Oct 2023 20:20:16 +1100 (AEDT)","from localhost ([127.0.0.1] helo=lists.ubuntu.com)\n\tby lists.ubuntu.com with esmtp (Exim 4.86_2)\n\t(envelope-from )\n\tid 1qoKWc-0007M1-OK; Thu, 05 Oct 2023 09:20:07 +0000","from smtp-relay-canonical-0.internal ([10.131.114.83]\n helo=smtp-relay-canonical-0.canonical.com)\n by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)\n (Exim 4.86_2) (envelope-from )\n id 1qoKWX-0007Kt-Ev\n for kernel-team@lists.ubuntu.com; Thu, 05 Oct 2023 09:20:01 +0000","from [192.168.50.110] (185-185-170-138.localnetip.fi\n [185.185.170.138])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits))\n (No client certificate requested)\n by smtp-relay-canonical-0.canonical.com (Postfix) with ESMTPSA id E68BF3F72C;\n Thu, 5 Oct 2023 09:20:00 +0000 (UTC)"],"Message-ID":"<01a21dd0-cb2a-8782-c67f-150511c08f2b@ubuntu.com>","Date":"Thu, 5 Oct 2023 12:20:00 +0300","MIME-Version":"1.0","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101\n Thunderbird/102.15.1","Subject":"APPLIED [OEM-6.1] Re: [SRU][F/J/L][PATCH 0/1] CVE-2023-4921","Content-Language":"en-US","To":"Yuxuan Luo , kernel-team@lists.ubuntu.com","References":"<20230926224426.282101-1-yuxuan.luo@canonical.com>","From":"Timo Aaltonen ","In-Reply-To":"<20230926224426.282101-1-yuxuan.luo@canonical.com>","X-BeenThere":"kernel-team@lists.ubuntu.com","X-Mailman-Version":"2.1.20","Precedence":"list","List-Id":"Kernel team discussions ","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","Content-Transfer-Encoding":"base64","Content-Type":"text/plain; charset=\"utf-8\"; Format=\"flowed\"","Errors-To":"kernel-team-bounces@lists.ubuntu.com","Sender":"\"kernel-team\" "}}]