[SRU,Focal,0/1] CVE-2023-45863

Message ID	20231213141913.561555-1-cascardo@canonical.com
Headers	show Return-Path: <kernel-team-bounces@lists.ubuntu.com> From: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> To: kernel-team@lists.ubuntu.com Subject: [SRU Focal 0/1] CVE-2023-45863 Date: Wed, 13 Dec 2023 11:19:12 -0300 Message-Id: <20231213141913.561555-1-cascardo@canonical.com> MIME-Version: 1.0 Precedence: list Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>
Series	CVE-2023-45863 \| expand [SRU,Focal,0/1] CVE-2023-45863 [SRU,Focal,1/1] kobject: Fix slab-out-of-bounds in fill_kobj_path()

Message ID

20231213141913.561555-1-cascardo@canonical.com

Headers

From: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU Focal 0/1] CVE-2023-45863
Date: Wed, 13 Dec 2023 11:19:12 -0300
Message-Id: <20231213141913.561555-1-cascardo@canonical.com>
MIME-Version: 1.0
Precedence: list
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

Series

CVE-2023-45863 | expand

Message

Thadeu Lima de Souza Cascardo Dec. 13, 2023, 2:19 p.m. UTC

[Impact]
 With root access, an attacker can trigger a race condition that results in
 a fill_kobj_path out-of-bounds write.

[Backport]
Picked from 5.4.y backport.

[Potential regression]
This could lead to infinite loops when devices or other kobjects are
instantiated.

Wang Hai (1):
  kobject: Fix slab-out-of-bounds in fill_kobj_path()

 lib/kobject.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

Comments

Jacob Martin Dec. 13, 2023, 3:29 p.m. UTC | #1

LGTM

Acked-by: Jacob Martin <jacob.martin@canonical.com>

On 12/13/23 8:19 AM, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
>   With root access, an attacker can trigger a race condition that results in
>   a fill_kobj_path out-of-bounds write.
> 
> [Backport]
> Picked from 5.4.y backport.
> 
> [Potential regression]
> This could lead to infinite loops when devices or other kobjects are
> instantiated.
> 
> Wang Hai (1):
>    kobject: Fix slab-out-of-bounds in fill_kobj_path()
> 
>   lib/kobject.c | 12 ++++++++++--
>   1 file changed, 10 insertions(+), 2 deletions(-)
>

Jose Ogando Dec. 13, 2023, 4:08 p.m. UTC | #2

LGTM

On Wed, 2023-12-13 at 11:19 -0300, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
>  With root access, an attacker can trigger a race condition that
> results in
>  a fill_kobj_path out-of-bounds write.
> 
> [Backport]
> Picked from 5.4.y backport.
> 
> [Potential regression]
> This could lead to infinite loops when devices or other kobjects are
> instantiated.
> 
> Wang Hai (1):
>   kobject: Fix slab-out-of-bounds in fill_kobj_path()
> 
>  lib/kobject.c | 12 ++++++++++--
>  1 file changed, 10 insertions(+), 2 deletions(-)
> 
> -- 
> 2.34.1
> 
>

Jose Ogando Dec. 13, 2023, 4:09 p.m. UTC | #3

LGTM

Forgot the Acked by.

Acked-by: Jose Ogando <jose.ogando@canonical.com>

On Wed, 2023-12-13 at 11:19 -0300, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
>  With root access, an attacker can trigger a race condition that
> results in
>  a fill_kobj_path out-of-bounds write.
> 
> [Backport]
> Picked from 5.4.y backport.
> 
> [Potential regression]
> This could lead to infinite loops when devices or other kobjects are
> instantiated.
> 
> Wang Hai (1):
>   kobject: Fix slab-out-of-bounds in fill_kobj_path()
> 
>  lib/kobject.c | 12 ++++++++++--
>  1 file changed, 10 insertions(+), 2 deletions(-)
> 
> -- 
> 2.34.1
> 
>

Stefan Bader Dec. 14, 2023, 2:33 p.m. UTC | #4

On 13.12.23 15:19, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
>   With root access, an attacker can trigger a race condition that results in
>   a fill_kobj_path out-of-bounds write.
> 
> [Backport]
> Picked from 5.4.y backport.
> 
> [Potential regression]
> This could lead to infinite loops when devices or other kobjects are
> instantiated.
> 
> Wang Hai (1):
>    kobject: Fix slab-out-of-bounds in fill_kobj_path()
> 
>   lib/kobject.c | 12 ++++++++++--
>   1 file changed, 10 insertions(+), 2 deletions(-)
> 

Applied to focal:linux/master-next. Thanks.

-Stefan