6550 – [ANCK 4.19]af_unix: Fix null-ptr-deref in unix_stream_sendpage()

Bug 6550 - [ANCK 4.19]af_unix: Fix null-ptr-deref in unix_stream_sendpage()

Summary: [ANCK 4.19]af_unix: Fix null-ptr-deref in unix_stream_sendpage()

Status:	NEW

Alias:	None

Product:	ANCK 4.19 Dev
Classification:	ANCK
Component:	net (show other bugs)	net
Sub Component:
Version:	unspecified
Hardware:	All Linux

Importance:	P3-Medium S3-normal
Target Milestone:	---
Assignee:	XuanZhuo
QA Contact:	shuming

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2023-09-12 15:55 UTC by Zh_hhhhh
Modified:	2023-09-12 15:58 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Zh_hhhhh cmss_group

2023-09-12 15:55:11 UTC

Description of problem:


一、漏洞信息
漏洞编号：CVE-2023-4622
漏洞归属组件：kernel

二、漏洞简述：
A use-after-free vulnerability in the Linux kernel s af_unix component can be exploited to achieve local privilege escalation.The unix_stream_sendpage() function tries to add data to the last skb in the peer s recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free.We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.

Comment 1 小龙 admin

2023-09-12 15:58:35 UTC

The PR Link: https://gitee.com/anolis/cloud-kernel/pulls/2176