-
-
Save TomyLobo/0c68074d1df2c2b15e798cdf58110bee to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"commit": "2c02d41d71f90a5168391b6a5f2954112ba2307c", | |
"details": [ | |
"net/ulp: prevent ULP without clone op from entering the LISTEN status", | |
"", | |
"When an ULP-enabled socket enters the LISTEN status, the listener ULP data", | |
"pointer is copied inside the child/accepted sockets by sk_clone_lock().", | |
"", | |
"The relevant ULP can take care of de-duplicating the context pointer via", | |
"the clone() operation, but only MPTCP and SMC implement such op.", | |
"", | |
"Other ULPs may end-up with a double-free at socket disposal time.", | |
"", | |
"We can't simply clear the ULP data at clone time, as TLS replaces the", | |
"socket ops with custom ones assuming a valid TLS ULP context is", | |
"available.", | |
"", | |
"Instead completely prevent clone-less ULP sockets from entering the", | |
"LISTEN status.", | |
"", | |
"Fixes: 734942cc4ea6 (\"tcp: ULP infrastructure\")", | |
"Reported-by: slipper <slipper.alive@gmail.com>", | |
"Signed-off-by: Paolo Abeni <pabeni@redhat.com>", | |
"Link: https://lore.kernel.org/r/4b80c3d1dbe3d0ab072f80450c202d9bc88b4b03.1672740602.git.pabeni@redhat.com", | |
"Signed-off-by: Jakub Kicinski <kuba@kernel.org>" | |
], | |
"the commit landed on upstream on": [ | |
{ | |
"tags": "tags/v6.2-rc3~23^2~2" | |
} | |
], | |
"the commit is a backport of": [], | |
"the commit was backported to": [ | |
{ | |
"tags": "tags/v4.19.270~42", | |
"commit": "755193f2523ce5157c2f844a4b6d16b95593f830" | |
}, | |
{ | |
"tags": "tags/v6.1.5~56", | |
"commit": "7d242f4a0c8319821548c7176c09a6e0e71f223c" | |
}, | |
{ | |
"tags": "tags/v4.14.303~11", | |
"commit": "b689125d04949841337dfa730d48dd91ada9ce3a" | |
}, | |
{ | |
"tags": "tags/v6.0.19~50", | |
"commit": "c1b5dee463cc1e89cfa655d6beff81ec1c0c4258" | |
}, | |
{ | |
"tags": "tags/v5.4.229~45", | |
"commit": "c6d29a5ffdbc362314853462a0e24e63330a654d" | |
}, | |
{ | |
"tags": "tags/v5.15.88~4", | |
"commit": "dadd0dcaa67d27f550131de95c8e182643d2c9d6" | |
}, | |
{ | |
"tags": "tags/v5.10.163~4", | |
"commit": "f8ed0a93b5d576bbaf01639ad816473bdfd1dcb0" | |
} | |
], | |
"the commit fixes a bug introduced by": [ | |
{ | |
"fixes": "734942cc4ea6 (\"tcp: ULP infrastructure\")" | |
} | |
], | |
"the buggy commit landed on upstream on": [ | |
{ | |
"tags": "tags/v4.13-rc1~157^2~184^2~3", | |
"commit": "734942cc4ea6478eed125af258da1bdbb4afe578" | |
} | |
], | |
"the buggy commit was backported to": [], | |
"the commit introduced a bug fixed by": [ | |
{ | |
"tags": "tags/v5.15.90~10", | |
"commit": "1aab00aa41926421369d32dd05c943e38d881c82" | |
}, | |
{ | |
"tags": "tags/v6.2-rc5~24^2~7", | |
"commit": "8ccc99362b60c6f27bb46f36fdaaccf4ef0303de" | |
}, | |
{ | |
"tags": "tags/v6.1.8~6", | |
"commit": "ddb98087bd2aed12cbe867332c68473fc4d48855" | |
}, | |
{ | |
"tags": "tags/v5.10.165~12", | |
"commit": "f6c201b4382d1536f44b922b8f16dcb4772cc82c" | |
} | |
], | |
"syzkaller reference for the commit and the fix commit": [], | |
"cve identifier for the commit and the fix commit": [ | |
{ | |
"cve": "CVE-2023-0461" | |
} | |
] | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment