active/CVE-2022-1204


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

Description: UAF caused by binding operation when ax25 device is detaching
References:
 https://www.openwall.com/lists/oss-security/2022/04/02/2
 https://bugzilla.redhat.com/show_bug.cgi?id=2071051
Notes:
 carnil> Missing commits in 5.17.y series were addressed in 5.17.2.
 bwh> I'm not sure how old this is but it seems to be present back to 4.9.
Bugs:
upstream: released (5.17-rc3) [d01ffb9eee4af165d83b08dd73ebdf9fe94a519b, 87563a043cef044fed5db7967a75741cc16ad2b1], released (5.17-rc4) [feef318c855a361a1eccd880f33e88c460eb63b4], released (5.18-rc1) [9fd75b66b8f68498454d685dc4ba13192ae069b0, 5352a761308397a0e6250fdc629bb3f615b94747]
5.10-upstream-stable: released (5.10.112) [5ea00fc60676c0eebfa8560ec461209d638bca9d, 5ddae8d064412ed868610127561652e90acabeea, 57cc15f5fd550316e4104eaf84b90fbc640fd7a5, b20a5ab0f5fb175750c6bafd4cf12daccf00c738]
4.19-upstream-stable: released (4.19.240) [e2b558fe507a1ed4c43db2b0057fc6e41f20a14c, a518be5772d36fcd0e4815d156e06feb137aad82, b1e0a6fc7f17500484c402ad1cd018c24dfc14b3, 1bf1b2a8a2caf9bc0d3cf1aa903a8dcaaa4371d0]
4.9-upstream-stable: needed
sid: released (5.17.3-1)
5.10-bullseye-security: released (5.10.113-1)
4.19-buster-security: released (4.19.249-1)
4.9-stretch-security: needed