mbox series

[SRU,L/K/J/F,0/1] CVE-2022-31436

Message ID 20230510220917.48584-1-yuxuan.luo@canonical.com
Headers show
Series CVE-2022-31436 | expand

Message

Yuxuan Luo May 10, 2023, 10:09 p.m. UTC 
[Impact]
When the MTU of the loopback device feeds a large number, net/sched/sch_qfq.c
allows a out-of-bounds read/write error, detriment system's integrity.

[Backport]
It is a clean cherry pick for all affected releases.

[Test]
Compile and smoke tested via modprobe and rmmod the sch_fq module.

[Potential Regression]
Expecting little regression potential since the patch only adds an additional
layer of checking without manipulating the memory.

Gwangun Jung (1):
  net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg

 net/sched/sch_qfq.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

Comments

Jacob Martin May 10, 2023, 10:55 p.m. UTC | #1 
On 5/10/23 5:09 PM, Yuxuan Luo wrote:
> [Impact]
> When the MTU of the loopback device feeds a large number, net/sched/sch_qfq.c
> allows a out-of-bounds read/write error, detriment system's integrity.
> 
> [Backport]
> It is a clean cherry pick for all affected releases.
> 
> [Test]
> Compile and smoke tested via modprobe and rmmod the sch_fq module.
> 
> [Potential Regression]
> Expecting little regression potential since the patch only adds an additional
> layer of checking without manipulating the memory.
> 
> Gwangun Jung (1):
>    net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg
> 
>   net/sched/sch_qfq.c | 13 +++++++------
>   1 file changed, 7 insertions(+), 6 deletions(-)
>Acked-by: Jacob Martin <jacob.martin@canonical.com>
Jacob Martin May 10, 2023, 11:02 p.m. UTC | #2 
Sorry, a combination of Thunderbird and myself messed up the formatting on my last ACK.

Acked-by: Jacob Martin <jacob.martin@canonical.com>

On Wed, May 10, 2023 at 06:09:16PM -0400, Yuxuan Luo wrote:
> [Impact]
> When the MTU of the loopback device feeds a large number, net/sched/sch_qfq.c
> allows a out-of-bounds read/write error, detriment system's integrity.
> 
> [Backport]
> It is a clean cherry pick for all affected releases.
> 
> [Test]
> Compile and smoke tested via modprobe and rmmod the sch_fq module.
> 
> [Potential Regression]
> Expecting little regression potential since the patch only adds an additional
> layer of checking without manipulating the memory.
> 
> Gwangun Jung (1):
>   net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg
> 
>  net/sched/sch_qfq.c | 13 +++++++------
>  1 file changed, 7 insertions(+), 6 deletions(-)
> 
> -- 
> 2.34.1
> 
> 
> -- 
> kernel-team mailing list
> kernel-team@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
Thadeu Lima de Souza Cascardo May 11, 2023, 12:19 a.m. UTC | #3 
Acked-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Luke Nowakowski-Krijger May 11, 2023, 4:09 p.m. UTC | #4 
Applied to focal,jammy,kinetic,lunar linux master-next

Thanks,
- Luke

On Thu, May 11, 2023 at 12:09 AM Yuxuan Luo <yuxuan.luo@canonical.com>
wrote:

> [Impact]
> When the MTU of the loopback device feeds a large number,
> net/sched/sch_qfq.c
> allows a out-of-bounds read/write error, detriment system's integrity.
>
> [Backport]
> It is a clean cherry pick for all affected releases.
>
> [Test]
> Compile and smoke tested via modprobe and rmmod the sch_fq module.
>
> [Potential Regression]
> Expecting little regression potential since the patch only adds an
> additional
> layer of checking without manipulating the memory.
>
> Gwangun Jung (1):
>   net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg
>
>  net/sched/sch_qfq.c | 13 +++++++------
>  1 file changed, 7 insertions(+), 6 deletions(-)
>
> --
> 2.34.1
>
>
> --
> kernel-team mailing list
> kernel-team@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>