| Message ID | 20240103195558.381779-1-magali.lemes@canonical.com |
|---|---|
| Headers | show |
| Series | CVE-2023-6932 | expand |
On 03/01/2024 20:55, Magali Lemes wrote: > [Impact] > A use-after-free vulnerability in the Linux kernel’s ipv4 igmp component can > be exploited to achieve local privilege escalation. A race condition can be > exploited to cause a timer to be mistakenly registered on an RCU read locked > object which is freed by another thread. > > [Backport] > Clean cherry-pick. However, when applying the patch on Lunar, Mantic, and > OEM-6.5, use git am with the `--3way` option. > > [Test] > Compile and boot tested. > > [Regression potential] > This affects IGMP. > > Zhengchao Shao (1): > ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet > > net/ipv4/igmp.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
On 24/01/03 04:55PM, Magali Lemes wrote: > [Impact] > A use-after-free vulnerability in the Linux kernel’s ipv4 igmp component can > be exploited to achieve local privilege escalation. A race condition can be > exploited to cause a timer to be mistakenly registered on an RCU read locked > object which is freed by another thread. > > [Backport] > Clean cherry-pick. However, when applying the patch on Lunar, Mantic, and > OEM-6.5, use git am with the `--3way` option. > > [Test] > Compile and boot tested. > > [Regression potential] > This affects IGMP. > > Zhengchao Shao (1): > ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet > > net/ipv4/igmp.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) Acked-by: Andrei Gherzan <andrei.gherzan@canonical.com>
On 03/01/2024 20:55, Magali Lemes wrote: > [Impact] > A use-after-free vulnerability in the Linux kernel’s ipv4 igmp component can > be exploited to achieve local privilege escalation. A race condition can be > exploited to cause a timer to be mistakenly registered on an RCU read locked > object which is freed by another thread. > > [Backport] > Clean cherry-pick. However, when applying the patch on Lunar, Mantic, and > OEM-6.5, use git am with the `--3way` option. > > [Test] > Compile and boot tested. > > [Regression potential] > This affects IGMP. > > Zhengchao Shao (1): > ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet > > net/ipv4/igmp.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > Applied to mantic, jammy, focal master-next branched. For lunar, the patch does not apply. A v2 will be sent for lunar only.
Magali Lemes kirjoitti 3.1.2024 klo 21.55: > [Impact] > A use-after-free vulnerability in the Linux kernel’s ipv4 igmp component can > be exploited to achieve local privilege escalation. A race condition can be > exploited to cause a timer to be mistakenly registered on an RCU read locked > object which is freed by another thread. > > [Backport] > Clean cherry-pick. However, when applying the patch on Lunar, Mantic, and > OEM-6.5, use git am with the `--3way` option. > > [Test] > Compile and boot tested. > > [Regression potential] > This affects IGMP. > > Zhengchao Shao (1): > ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet > > net/ipv4/igmp.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > oem-6.5 got this already via rebase to mantic kernel