[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 12 Dec 2023 12:50:24 +0000
From: patchwork-bot+netdevbpf@...nel.org
To: Hyunwoo Kim <v4bel@...ori.io>
Cc: ralf@...ux-mips.org, edumazet@...gle.com, imv4bel@...il.com,
davem@...emloft.net, kuba@...nel.org, pabeni@...hat.com,
linux-hams@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: [PATCH v4] net/rose: Fix Use-After-Free in rose_ioctl
Hello:
This patch was applied to netdev/net.git (main)
by Paolo Abeni <pabeni@...hat.com>:
On Sat, 9 Dec 2023 05:05:38 -0500 you wrote:
> Because rose_ioctl() accesses sk->sk_receive_queue
> without holding a sk->sk_receive_queue.lock, it can
> cause a race with rose_accept().
> A use-after-free for skb occurs with the following flow.
> ```
> rose_ioctl() -> skb_peek()
> rose_accept() -> skb_dequeue() -> kfree_skb()
> ```
> Add sk->sk_receive_queue.lock to rose_ioctl() to fix this issue.
>
> [...]
Here is the summary with links:
- [v4] net/rose: Fix Use-After-Free in rose_ioctl
https://git.kernel.org/netdev/net/c/810c38a369a0
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
Powered by blists - more mailing lists