diff options
author | Ben Hutchings <ben@decadent.org.uk> | 2022-12-17 03:05:04 +0100 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2022-12-17 03:07:29 +0100 |
commit | 89cd9ece8fa07ca04f9a25e14cccc562b514a1a4 (patch) | |
tree | 49c981aab54fd320209f70f42d6a47982f87640d /active/CVE-2022-2961 | |
parent | dc2ce1b63a9722308e68ff1626638579d2e89967 (diff) |
Fill in missing status for nearly all 2022 issues
Diffstat (limited to 'active/CVE-2022-2961')
-rw-r--r-- | active/CVE-2022-2961 | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/active/CVE-2022-2961 b/active/CVE-2022-2961 index db0c32b6..7984f15d 100644 --- a/active/CVE-2022-2961 +++ b/active/CVE-2022-2961 @@ -5,10 +5,17 @@ Notes: carnil> Possible fix is 2df91e397d85 ("net: rose: add netdev ref carnil> tracker to 'struct rose_sock'") but as of 2022-08-30 no carnil> clarification in RHBZ#2120595. + bwh> This is not fixed by commit 2df91e397d85. The problem is that + bwh> rose_bind() doesn't prevent two concurrent bind calls on the same + bwh> socket from succeeding. It checks that the SOCK_ZAPPED flag is set + bwh> at the top, and clears it at the bottom, leaving a race condition + bwh> between those bit operations. + bwh> In bullseye and newer releases this is mitigated because we + bwh> disabled auto-loading of the rose module. Bugs: -upstream: -5.10-upstream-stable: -4.19-upstream-stable: -sid: -5.10-bullseye-security: -4.19-buster-security: +upstream: needed +5.10-upstream-stable: needed +4.19-upstream-stable: needed +sid: needed +5.10-bullseye-security: needed +4.19-buster-security: needed |