On Wed, Nov 06 2024 at 11:40:39 +0530, gregkh@linuxfoundation.org wrote:
On Wed, Oct 30, 2024 at 07:29:38AM +0000, Siddh Raman Pant wrote:
Hello maintainers,
On Fri, 20 Sep 2024 02:28:03 -0700, Shivani Agarwal wrote:
Thanks Fedor.
Upstream commit 1be59c97c83c is merged in 5.4 with commit 10aeaa47e4aa and in 4.19 with commit 27d6dbdc6485. The issue is reproducible in 5.4 and 4.19 also.
I am sending the backport patch of d23b5c577715 and a7fb0423c201 for 5.4 and 4.19 in the next email.
Please backport these changes to stable.
"cgroup/cpuset: Prevent UAF in proc_cpuset_show()" has already been backported and bears CVE-2024-43853. As reported, we may already have introduced another problem due to the missing backport.
What exact commits are needed here? Please submit backported and tested commits and we will be glad to queue them up.
thanks,
greg k-h
Please see the following thread where Shivani posted the patches:
https://lore.kernel.org/all/20240920092803.101047-1-shivani.agarwal@broadcom...
Thanks, Siddh