mbox series

[SRU,Focal/Impish,0/1] CVE-2022-1055

Message ID 20220324112222.390292-1-cascardo@canonical.com
Headers show
Series CVE-2022-1055 | expand

Message

Thadeu Lima de Souza Cascardo March 24, 2022, 11:22 a.m. UTC 
[Impact]
An unprivileged user can use TC to write to out-of-bounds memory, possibly
leading to a privilege escalation.

[Backport]
There was no flags at tc_new_tfilter, which was introduced by a later rewrite.

[Test case]
The syzkaller report had no reproducer, and one could not be found or written.

[Potential regression]
qdisc configuration and use can lead to unexpected network behavior.

Eric Dumazet (1):
  net: sched: fix use-after-free in tc_new_tfilter()

 net/sched/cls_api.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

Comments

Tim Gardner March 24, 2022, 11:32 a.m. UTC | #1 
Acked-by: Tim Gardner <tim.gardner@canonical.com>

On 3/24/22 05:22, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> An unprivileged user can use TC to write to out-of-bounds memory, possibly
> leading to a privilege escalation.
> 
> [Backport]
> There was no flags at tc_new_tfilter, which was introduced by a later rewrite.
> 
> [Test case]
> The syzkaller report had no reproducer, and one could not be found or written.
> 
> [Potential regression]
> qdisc configuration and use can lead to unexpected network behavior.
> 
> Eric Dumazet (1):
>    net: sched: fix use-after-free in tc_new_tfilter()
> 
>   net/sched/cls_api.c | 11 +++++++----
>   1 file changed, 7 insertions(+), 4 deletions(-)
>
Stefan Bader March 24, 2022, 2:26 p.m. UTC | #2 
On 24.03.22 12:22, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> An unprivileged user can use TC to write to out-of-bounds memory, possibly
> leading to a privilege escalation.
> 
> [Backport]
> There was no flags at tc_new_tfilter, which was introduced by a later rewrite.
> 
> [Test case]
> The syzkaller report had no reproducer, and one could not be found or written.
> 
> [Potential regression]
> qdisc configuration and use can lead to unexpected network behavior.
> 
> Eric Dumazet (1):
>    net: sched: fix use-after-free in tc_new_tfilter()
> 
>   net/sched/cls_api.c | 11 +++++++----
>   1 file changed, 7 insertions(+), 4 deletions(-)
> 

Acked-by: Stefan Bader <stefan.bader@canonical.com>
Stefan Bader March 24, 2022, 3:19 p.m. UTC | #3 
On 24.03.22 12:22, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> An unprivileged user can use TC to write to out-of-bounds memory, possibly
> leading to a privilege escalation.
> 
> [Backport]
> There was no flags at tc_new_tfilter, which was introduced by a later rewrite.
> 
> [Test case]
> The syzkaller report had no reproducer, and one could not be found or written.
> 
> [Potential regression]
> qdisc configuration and use can lead to unexpected network behavior.
> 
> Eric Dumazet (1):
>    net: sched: fix use-after-free in tc_new_tfilter()
> 
>   net/sched/cls_api.c | 11 +++++++----
>   1 file changed, 7 insertions(+), 4 deletions(-)
> 

Applied to impish,focal:linux/master-next. Thanks.

-Stefan