[SRU,F/J/L/M,0/1] CVE-2023-51782

Message ID	20240117222555.51460-1-yuxuan.luo@canonical.com
Headers	show Return-Path: <kernel-team-bounces@lists.ubuntu.com> From: Yuxuan Luo <yuxuan.luo@canonical.com> To: kernel-team@lists.ubuntu.com Subject: [SRU][F/J/L/M][PATCH 0/1] CVE-2023-51782 Date: Wed, 17 Jan 2024 17:25:54 -0500 Message-Id: <20240117222555.51460-1-yuxuan.luo@canonical.com> MIME-Version: 1.0 Precedence: list Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>
Series	CVE-2023-51782 \| expand [SRU,F/J/L/M,0/1] CVE-2023-51782 [SRU,F/J/L/M,1/1] net/rose: Fix Use-After-Free in rose_ioctl

Message ID

20240117222555.51460-1-yuxuan.luo@canonical.com

Headers

From: Yuxuan Luo <yuxuan.luo@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][F/J/L/M][PATCH 0/1] CVE-2023-51782
Date: Wed, 17 Jan 2024 17:25:54 -0500
Message-Id: <20240117222555.51460-1-yuxuan.luo@canonical.com>
MIME-Version: 1.0
Precedence: list
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

Series

CVE-2023-51782 | expand

Message

Yuxuan Luo Jan. 17, 2024, 10:25 p.m. UTC

[Impact]
Due to lack of proper locking, a potential use-after-free caused by race
condition may occur in ROSE while accepting socket, leading to local
privilege escalation.

[Backport]
It is a clean cherry pick.

[Test]
Compile and boot tested.

[Potential Regression]
Regression should be limited to AF_ROSE socket.

Hyunwoo Kim (1):
  net/rose: Fix Use-After-Free in rose_ioctl

 net/rose/af_rose.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

Comments

Roxana Nicolescu Jan. 18, 2024, 5:18 a.m. UTC | #1

On 01/17, Yuxuan Luo wrote:
> [Impact]
> Due to lack of proper locking, a potential use-after-free caused by race
> condition may occur in ROSE while accepting socket, leading to local
> privilege escalation.
> 
> [Backport]
> It is a clean cherry pick.
> 
> [Test]
> Compile and boot tested.
> 
> [Potential Regression]
> Regression should be limited to AF_ROSE socket.
> 
> Hyunwoo Kim (1):
>   net/rose: Fix Use-After-Free in rose_ioctl
> 
>  net/rose/af_rose.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> -- 
> 2.34.1
> 
> 
> -- 
> kernel-team mailing list
> kernel-team@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>

Stefan Bader Jan. 18, 2024, 8:55 a.m. UTC | #2

On 17.01.24 23:25, Yuxuan Luo wrote:
> [Impact]
> Due to lack of proper locking, a potential use-after-free caused by race
> condition may occur in ROSE while accepting socket, leading to local
> privilege escalation.
> 
> [Backport]
> It is a clean cherry pick.
> 
> [Test]
> Compile and boot tested.
> 
> [Potential Regression]
> Regression should be limited to AF_ROSE socket.
> 
> Hyunwoo Kim (1):
>    net/rose: Fix Use-After-Free in rose_ioctl
> 
>   net/rose/af_rose.c | 4 +++-
>   1 file changed, 3 insertions(+), 1 deletion(-)
> 

For Lunar there is no further SRU cycle planned. The other series:

Acked-by: Stefan Bader <stefan.bader@canonical.com>

- Stefan

Stefan Bader Jan. 18, 2024, 9:22 a.m. UTC | #3

On 17.01.24 23:25, Yuxuan Luo wrote:
> [Impact]
> Due to lack of proper locking, a potential use-after-free caused by race
> condition may occur in ROSE while accepting socket, leading to local
> privilege escalation.
> 
> [Backport]
> It is a clean cherry pick.
> 
> [Test]
> Compile and boot tested.
> 
> [Potential Regression]
> Regression should be limited to AF_ROSE socket.
> 
> Hyunwoo Kim (1):
>    net/rose: Fix Use-After-Free in rose_ioctl
> 
>   net/rose/af_rose.c | 4 +++-
>   1 file changed, 3 insertions(+), 1 deletion(-)
> 

Applied to mantic,jammy,focal:linux/master-next. Thanks.

-Stefan