oss-sec mailing list archives

Re: [CVE-2023-42755] Linux kernel wild pointer access <= v6.2

From: Greg KH <greg () kroah com>
Date: Tue, 26 Sep 2023 11:50:37 +0200

On Mon, Sep 25, 2023 at 01:13:19PM -0700, Kyle Zeng wrote:

[Patch]
The patch is to follow the upstream and retire the rsvp classifier in
all the stable trees.
And it is queued in all the stable trees, but not merged yet.
For example, the patch for v6.1 can be found here:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/diff/queue-6.1/net-sched-retire-rsvp-classifier.patch?id=f75b6fc19b6ec061f59b4e18d72ebb32ceea8587


This change is in released kernels already, specifically all of the
following ones:
        4.14.326 4.19.295 5.4.257 5.10.197 5.15.133 6.1.55 6.3

Perhaps this advisory was written before those kernels were released?

[Affected Version]
I confirmed that this bug affects v6.2, v6.1, v5.15, v5.10, v5.4,
v4.19, and v4.14.


v6.2 is long end-of-life, sorry, that's not going to be fixed.  But for
all of the other versions you quote above, it should now be resolved.

thanks,

greg k-h

Current thread:

[CVE-2023-42755] Linux kernel wild pointer access <= v6.2 Kyle Zeng (Sep 25)
- Re: [CVE-2023-42755] Linux kernel wild pointer access <= v6.2 Greg KH (Sep 26)
- Re: [CVE-2023-42755] Linux kernel wild pointer access <= v6.2 Kyle Zeng (Sep 26)
- Re: [CVE-2023-42755] Linux kernel wild pointer access <= v6.2 Greg KH (Sep 26)