From patchwork Fri Mar 22 16:57:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bethany Jamison X-Patchwork-Id: 1915015 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4V1T6S4YmQz1yXt for ; Sat, 23 Mar 2024 03:58:08 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1rniDQ-0000FY-31; Fri, 22 Mar 2024 16:58:00 +0000 Received: from smtp-relay-internal-1.internal ([10.131.114.114] helo=smtp-relay-internal-1.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1rniCw-000063-J0 for kernel-team@lists.ubuntu.com; Fri, 22 Mar 2024 16:57:30 +0000 Received: from mail-io1-f70.google.com (mail-io1-f70.google.com [209.85.166.70]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id F16B73FB73 for ; Fri, 22 Mar 2024 16:57:28 +0000 (UTC) Received: by mail-io1-f70.google.com with SMTP id ca18e2360f4ac-7cbf1d5d35bso256591039f.0 for ; Fri, 22 Mar 2024 09:57:28 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711126632; x=1711731432; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=R6tlOI0/k1lhdHkFLLLat1NAmhB3EwRlUyZXDmPu7/s=; b=YFpjguLT1H2t2mjrN53Ye/na/rllQJS9f2gRU2CCxi8O/+ry/ZwcsEwXg9YQWxCNCz yu9cvq0Z6JYpuVcqrVuv3RsEaDKqbggFhSxJj4XGpFL6mUALJUfp7rJS0Cd0s7LWRkF4 9JolcSxXbkNxGjDlHz7qoFQ3u1GsOhg/6Tma5zMEiX5vM6xan1FOfu2EVH5BCewU7FvF E1QXHmxKX990wuXVUw7V1LE75t4PK4o4xzQpyVX1jsFqgcXU9LSCLnBCUP3WNHoMpHjK 3kpeFwQ89bgcoE3Ffw6/qxqKj1FAvMvk/lC3vSoGLReM3O/vHqq7g8llSsw61zoE168O vfzg== X-Gm-Message-State: AOJu0Yzzy6BMmWxDspZ49bbKtJcaT3nqRAhw1Zn9IDIKyXfSeKS4wmUP Hx/HY3GWBhG1A4HdKynvkaRFVCTCXBFPZjmdcph42OJ4P6itW9QXLet3oJvoQJnlZ49oP2pvoON UNVWDtB7YC9/h2r5Dr0AtmktJ1ePFKs/en6ldHEEwyu7+PlNM34mnQcA2qAaPoY3o43jLQKtlAG ITUy1HwH2Opw== X-Received: by 2002:a6b:5006:0:b0:7cc:725:a6d0 with SMTP id e6-20020a6b5006000000b007cc0725a6d0mr3493iob.14.1711126631886; Fri, 22 Mar 2024 09:57:11 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFjeQVnbM3qohaGUk+7pQJ/3hdQJBytNpUBFiQYOHjs6pDRUI65/3MMzZpf8RWD1WWAOMsPZw== X-Received: by 2002:a6b:5006:0:b0:7cc:725:a6d0 with SMTP id e6-20020a6b5006000000b007cc0725a6d0mr3480iob.14.1711126631576; Fri, 22 Mar 2024 09:57:11 -0700 (PDT) Received: from smtp.gmail.com (104-218-69-129.dynamic.lnk.ne.allofiber.net. [104.218.69.129]) by smtp.gmail.com with ESMTPSA id h1-20020a02c721000000b0047bf5d0818bsm581410jao.86.2024.03.22.09.57.11 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Mar 2024 09:57:11 -0700 (PDT) From: Bethany Jamison To: kernel-team@lists.ubuntu.com Subject: [SRU][M/J/F][PATCH 0/1] CVE-2023-52600 Date: Fri, 22 Mar 2024 11:57:09 -0500 Message-Id: <20240322165710.13020-1-bethany.jamison@canonical.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" [Impact] In the Linux kernel, the following vulnerability has been resolved: jfs: fix uaf in jfs_evict_inode When the execution of diMount(ipimap) fails, the object ipimap that has been released may be accessed in diFreeSpecial(). Asynchronous ipimap release occurs when rcu_core() calls jfs_free_node(). Therefore, when diMount(ipimap) fails, sbi->ipimap should not be initialized as ipimap. [Fix] Mantic: Clean cherry-pick Jammy: Mantic patch applied cleanly Focal: Mantic patch applied cleanly Bionic: sent to esm ML Xenial: sent to esm ML Trusty: not going to be fixed by us [Test Case] Compile and boot tested. [Where problems could occur] This affects jfs, issues could occur when initializing the inode map to keep track of files and directories within the filesystem. Edward Adam Davis (1): jfs: fix uaf in jfs_evict_inode fs/jfs/jfs_mount.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)