Cover Letter Detail
Show a cover letter.
GET /api/covers/1839974/?format=api
{ "id": 1839974, "url": "http://patchwork.ozlabs.org/api/covers/1839974/?format=api", "web_url": "http://patchwork.ozlabs.org/project/ubuntu-kernel/cover/20230927004025.119111-1-cascardo@canonical.com/", "project": { "id": 15, "url": "http://patchwork.ozlabs.org/api/projects/15/?format=api", "name": "Ubuntu Kernel", "link_name": "ubuntu-kernel", "list_id": "kernel-team.lists.ubuntu.com", "list_email": "kernel-team@lists.ubuntu.com", "web_url": null, "scm_url": null, "webscm_url": null, "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20230927004025.119111-1-cascardo@canonical.com>", "list_archive_url": null, "date": "2023-09-27T00:40:20", "name": "[SRU,Focal,Jammy,OEM-6.1,Lunar,0/5] CVE-2023-42752", "submitter": { "id": 70574, "url": "http://patchwork.ozlabs.org/api/people/70574/?format=api", "name": "Thadeu Lima de Souza Cascardo", "email": "cascardo@canonical.com" }, "mbox": "http://patchwork.ozlabs.org/project/ubuntu-kernel/cover/20230927004025.119111-1-cascardo@canonical.com/mbox/", "series": [ { "id": 375017, "url": "http://patchwork.ozlabs.org/api/series/375017/?format=api", "web_url": "http://patchwork.ozlabs.org/project/ubuntu-kernel/list/?series=375017", "date": "2023-09-27T00:40:20", "name": "CVE-2023-42752", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/375017/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/covers/1839974/comments/", "headers": { "Return-Path": "<kernel-team-bounces@lists.ubuntu.com>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com\n (client-ip=185.125.189.65; helo=lists.ubuntu.com;\n envelope-from=kernel-team-bounces@lists.ubuntu.com;\n receiver=patchwork.ozlabs.org)", "Received": [ "from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4RwHpW4SDkz1yp8\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 27 Sep 2023 10:40:50 +1000 (AEST)", "from localhost ([127.0.0.1] helo=lists.ubuntu.com)\n\tby lists.ubuntu.com with esmtp (Exim 4.86_2)\n\t(envelope-from <kernel-team-bounces@lists.ubuntu.com>)\n\tid 1qlIbT-0004c0-C1; Wed, 27 Sep 2023 00:40:35 +0000", "from smtp-relay-canonical-0.internal ([10.131.114.83]\n helo=smtp-relay-canonical-0.canonical.com)\n by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)\n (Exim 4.86_2) (envelope-from <cascardo@canonical.com>)\n id 1qlIbQ-0004bm-Qg\n for kernel-team@lists.ubuntu.com; Wed, 27 Sep 2023 00:40:32 +0000", "from quatroqueijos.lan (1.general.cascardo.us.vpn [10.172.70.58])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n (No client certificate requested)\n by smtp-relay-canonical-0.canonical.com (Postfix) with ESMTPSA id 671EE3F123\n for <kernel-team@lists.ubuntu.com>; Wed, 27 Sep 2023 00:40:31 +0000 (UTC)" ], "From": "Thadeu Lima de Souza Cascardo <cascardo@canonical.com>", "To": "kernel-team@lists.ubuntu.com", "Subject": "[SRU Focal,Jammy,OEM-6.1,Lunar 0/5] CVE-2023-42752", "Date": "Tue, 26 Sep 2023 21:40:20 -0300", "Message-Id": "<20230927004025.119111-1-cascardo@canonical.com>", "X-Mailer": "git-send-email 2.34.1", "MIME-Version": "1.0", "X-BeenThere": "kernel-team@lists.ubuntu.com", "X-Mailman-Version": "2.1.20", "Precedence": "list", "List-Id": "Kernel team discussions <kernel-team.lists.ubuntu.com>", "List-Unsubscribe": "<https://lists.ubuntu.com/mailman/options/kernel-team>,\n <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>", "List-Archive": "<https://lists.ubuntu.com/archives/kernel-team>", "List-Post": "<mailto:kernel-team@lists.ubuntu.com>", "List-Help": "<mailto:kernel-team-request@lists.ubuntu.com?subject=help>", "List-Subscribe": "<https://lists.ubuntu.com/mailman/listinfo/kernel-team>,\n <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>", "Content-Type": "text/plain; charset=\"utf-8\"", "Content-Transfer-Encoding": "base64", "Errors-To": "kernel-team-bounces@lists.ubuntu.com", "Sender": "\"kernel-team\" <kernel-team-bounces@lists.ubuntu.com>" }, "content": "[Impact]\nAn unprivileged user may use a user/network namespace, setup a device with\na very large MTU, trigger an IGMP packet transmission that will lead to a\nsystem crash. Local privilege escalation cannot be ruled out.\n\n[Test case]\nA PoC was tested and it worked on 6.1 and 6.2 kernels as they carry the\nkmalloc_reserve changes that make the PoC attack possible. After the fix,\nIGMP packets are still being transmitted, but the crash is not seen anymore.\n\nOn 5.15 and 5.4 kernels, the test was still done, even though there is no crash\nwithout the fix. But after the fix, IGMP packets are still being transmitted.\n\n[Potential regression]\nOn Focal and Jammy, IGMP may be broken. On OEM-6.1 and Lunar, other network\nworkload may be broken as this touches SKB allocation.\n\nEric Dumazet (5):\n igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU\n net: add SKB_HEAD_ALIGN() helper\n net: remove osize variable in __alloc_skb()\n net: factorize code in kmalloc_reserve()\n net: deal with integer overflows in kmalloc_reserve()\n\n include/linux/skbuff.h | 8 +++++++\n net/core/skbuff.c | 49 ++++++++++++++++++------------------------\n net/ipv4/igmp.c | 3 ++-\n 3 files changed, 31 insertions(+), 29 deletions(-)" }