| commit | 8d4daec373891ff06bb60dd417f35b8ed79d00f4 | [log] [tgz] |
|---|---|---|
| author | Hangyu Hua <[email protected]> | Tue Feb 28 10:33:44 2023 +0800 |
| committer | COS Cherry Picker <[email protected]> | Fri Mar 24 20:30:00 2023 -0700 |
| tree | a0332433f8a7807015f07e7b1073aba01674db44 | |
| parent | 93095720d6e7d3511643bedea335feff07afa8d6 [diff] |
net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() commit 49c47cc21b5b7a3d8deb18fc57b0aa2ab1286962 upstream. ctx->crypto_send.info is not protected by lock_sock in do_tls_getsockopt_conf(). A race condition between do_tls_getsockopt_conf() and error paths of do_tls_setsockopt_conf() may lead to a use-after-free or null-deref. More discussion: https://lore.kernel.org/all/Y/ht6gQL+u6fj3dG@hog/ BUG=b/274745891 TEST=presubmit,validation RELEASE_NOTE=Fixes CVE-2023-28466 in the Linux kernel. Fixes: 3c4d7559159b ("tls: kernel TLS support") Signed-off-by: Hangyu Hua <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Jakub Kicinski <[email protected]> Signed-off-by: Meena Shanmugam <[email protected]> cos-patch: security-high Change-Id: I53c443ce707147c8e8c2974953083b70f5f4ab70 Reviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/45372 Main-Branch-Verified: Cusky Presubmit Bot <[email protected]> Tested-by: Cusky Presubmit Bot <[email protected]> Reviewed-by: Oleksandr Tymoshenko <[email protected]>