Message ID | 20230803190029.53725-1-yuxuan.luo@canonical.com |
---|---|
Headers | show |
Series | CVE-2023-3609 | expand |
Yuxuan Luo kirjoitti 3.8.2023 klo 22.00: > [Impact] > A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 > component can be exploited to achieve local privilege escalation. If > tcf_change_indev() fails, u32_set_parms() will immediately return an > error after incrementing or decrementing the reference counter in > tcf_bind_filter(). If an attacker can control the reference counter and > set it to zero, they can cause the reference to be freed, leading to a > use-after-free vulnerability. > > [Backport] > Clean cherry pick. > > [Test] > Smoke tested via adding an u32 filter to a dummy device using `tc`. > > [Potential Regression] > Expect very low regression. > > Lee Jones (1): > net/sched: cls_u32: Fix reference counter leak leading to overflow > > net/sched/cls_u32.c | 18 ++++++++++-------- > 1 file changed, 10 insertions(+), 8 deletions(-) > applied, thanks