retired/CVE-2022-33743


1
2
3
4
5
6
7
8
9
10
11
12
13
14

Description: Xen network backend may cause Linux netfront to use freed SKBs
References:
 https://xenbits.xen.org/xsa/advisory-405.html
Notes:
 carnil> For 5.18.y fixed as well in 5.18.10.
 bwh> Fix says this was introduced by commit 6c5aa6fc4def "xen
 bwh> networking: add basic XDP support for xen-netfront" in 5.9.
Bugs:
upstream: released (5.19-rc6) [f63c2c2032c2e3caad9add3b82cc6e91c376fd26]
5.10-upstream-stable: released (5.10.129) [547b7c640df545a344358ede93e491a89194cdfa]
4.19-upstream-stable: N/A "Vulnerability introduced later"
sid: released (5.18.14-1)
5.10-bullseye-security: released (5.10.127-2) [bugfix/all/xen-netfront-restore-__skb_queue_tail-positioning-in.patch]
4.19-buster-security: N/A "Vulnerability introduced later"