Message ID | 20220324112222.390292-1-cascardo@canonical.com |
---|---|
Headers | show |
Series | CVE-2022-1055 | expand |
Acked-by: Tim Gardner <tim.gardner@canonical.com> On 3/24/22 05:22, Thadeu Lima de Souza Cascardo wrote: > [Impact] > An unprivileged user can use TC to write to out-of-bounds memory, possibly > leading to a privilege escalation. > > [Backport] > There was no flags at tc_new_tfilter, which was introduced by a later rewrite. > > [Test case] > The syzkaller report had no reproducer, and one could not be found or written. > > [Potential regression] > qdisc configuration and use can lead to unexpected network behavior. > > Eric Dumazet (1): > net: sched: fix use-after-free in tc_new_tfilter() > > net/sched/cls_api.c | 11 +++++++---- > 1 file changed, 7 insertions(+), 4 deletions(-) >
On 24.03.22 12:22, Thadeu Lima de Souza Cascardo wrote: > [Impact] > An unprivileged user can use TC to write to out-of-bounds memory, possibly > leading to a privilege escalation. > > [Backport] > There was no flags at tc_new_tfilter, which was introduced by a later rewrite. > > [Test case] > The syzkaller report had no reproducer, and one could not be found or written. > > [Potential regression] > qdisc configuration and use can lead to unexpected network behavior. > > Eric Dumazet (1): > net: sched: fix use-after-free in tc_new_tfilter() > > net/sched/cls_api.c | 11 +++++++---- > 1 file changed, 7 insertions(+), 4 deletions(-) > Acked-by: Stefan Bader <stefan.bader@canonical.com>
On 24.03.22 12:22, Thadeu Lima de Souza Cascardo wrote: > [Impact] > An unprivileged user can use TC to write to out-of-bounds memory, possibly > leading to a privilege escalation. > > [Backport] > There was no flags at tc_new_tfilter, which was introduced by a later rewrite. > > [Test case] > The syzkaller report had no reproducer, and one could not be found or written. > > [Potential regression] > qdisc configuration and use can lead to unexpected network behavior. > > Eric Dumazet (1): > net: sched: fix use-after-free in tc_new_tfilter() > > net/sched/cls_api.c | 11 +++++++---- > 1 file changed, 7 insertions(+), 4 deletions(-) > Applied to impish,focal:linux/master-next. Thanks. -Stefan