mbox series

[SRU,Bionic/Focal/Impish/Jammy/OEM-5.14,0/1] CVE-2022-0435

Message ID	20220214142516.237481-1-cascardo@canonical.com
Headers	show Return-Path: <kernel-team-bounces@lists.ubuntu.com> From: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> To: kernel-team@lists.ubuntu.com Subject: [SRU Bionic/Focal/Impish/Jammy/OEM-5.14 0/1] CVE-2022-0435 Date: Mon, 14 Feb 2022 11:25:13 -0300 Message-Id: <20220214142516.237481-1-cascardo@canonical.com> MIME-Version: 1.0 Precedence: list Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>
Series	CVE-2022-0435 \| expand [SRU,Bionic/Focal/Impish/Jammy/OEM-5.14,0/1] CVE-2022-0435 [SRU,Bionic,1/1] tipc: improve size validations for received domain records

Message ID

20220214142516.237481-1-cascardo@canonical.com

Headers

From: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU Bionic/Focal/Impish/Jammy/OEM-5.14 0/1] CVE-2022-0435
Date: Mon, 14 Feb 2022 11:25:13 -0300
Message-Id: <20220214142516.237481-1-cascardo@canonical.com>
MIME-Version: 1.0
Precedence: list
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

Series

CVE-2022-0435 | expand

Message

Thadeu Lima de Souza Cascardo Feb. 14, 2022, 2:25 p.m. UTC

[Impact]
An attacker TIPC message may cause the kernel to panic. Remote code
execution should be prevented by stack protection mitigations.

[Backports]
Upstream stable 5.4.y and 4.15.y were used for the focal and bionic
backports.

[Potential regression]
TIPC users might be affected.

Jon Maloy (1):
  tipc: improve size validations for received domain records

 net/tipc/link.c    | 10 +++++++---
 net/tipc/monitor.c |  2 ++
 2 files changed, 9 insertions(+), 3 deletions(-)

Comments

Tim Gardner Feb. 14, 2022, 3:18 p.m. UTC | #1

Acked-by: Tim Gardner <tim.gardner@canonical.com>

On 2/14/22 7:25 AM, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> An attacker TIPC message may cause the kernel to panic. Remote code
> execution should be prevented by stack protection mitigations.
> 
> [Backports]
> Upstream stable 5.4.y and 4.15.y were used for the focal and bionic
> backports.
> 
> [Potential regression]
> TIPC users might be affected.
> 
> Jon Maloy (1):
>    tipc: improve size validations for received domain records
> 
>   net/tipc/link.c    | 10 +++++++---
>   net/tipc/monitor.c |  2 ++
>   2 files changed, 9 insertions(+), 3 deletions(-)
>

Stefan Bader Feb. 15, 2022, 8:42 a.m. UTC | #2

On 14.02.22 15:25, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> An attacker TIPC message may cause the kernel to panic. Remote code
> execution should be prevented by stack protection mitigations.
> 
> [Backports]
> Upstream stable 5.4.y and 4.15.y were used for the focal and bionic
> backports.
> 
> [Potential regression]
> TIPC users might be affected.
> 
> Jon Maloy (1):
>    tipc: improve size validations for received domain records
> 
>   net/tipc/link.c    | 10 +++++++---
>   net/tipc/monitor.c |  2 ++
>   2 files changed, 9 insertions(+), 3 deletions(-)
> 

Acked-by: Stefan Bader <stefan.bader@canonical.com>

Stefan Bader Feb. 15, 2022, 9:57 a.m. UTC | #3

On 14.02.22 15:25, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> An attacker TIPC message may cause the kernel to panic. Remote code
> execution should be prevented by stack protection mitigations.
> 
> [Backports]
> Upstream stable 5.4.y and 4.15.y were used for the focal and bionic
> backports.
> 
> [Potential regression]
> TIPC users might be affected.
> 
> Jon Maloy (1):
>    tipc: improve size validations for received domain records
> 
>   net/tipc/link.c    | 10 +++++++---
>   net/tipc/monitor.c |  2 ++
>   2 files changed, 9 insertions(+), 3 deletions(-)
> 

Applied to bionic,focal,impish:linux/master-next. Thanks.

-Stefan

Andrea Righi Feb. 15, 2022, 10:24 a.m. UTC | #4

On Mon, Feb 14, 2022 at 11:25:13AM -0300, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> An attacker TIPC message may cause the kernel to panic. Remote code
> execution should be prevented by stack protection mitigations.
> 
> [Backports]
> Upstream stable 5.4.y and 4.15.y were used for the focal and bionic
> backports.
> 
> [Potential regression]
> TIPC users might be affected.

Applied to jammy/linux.

Thanks,
-Andrea

Timo Aaltonen Feb. 15, 2022, 10:51 a.m. UTC | #5

Thadeu Lima de Souza Cascardo kirjoitti 14.2.2022 klo 16.25:
> [Impact]
> An attacker TIPC message may cause the kernel to panic. Remote code
> execution should be prevented by stack protection mitigations.
> 
> [Backports]
> Upstream stable 5.4.y and 4.15.y were used for the focal and bionic
> backports.
> 
> [Potential regression]
> TIPC users might be affected.
> 
> Jon Maloy (1):
>    tipc: improve size validations for received domain records
> 
>   net/tipc/link.c    | 10 +++++++---
>   net/tipc/monitor.c |  2 ++
>   2 files changed, 9 insertions(+), 3 deletions(-)
> 

applied to oem-5.14, thanks