StarlingX

[Debian] CVE: CVE-2022-4379: kernel: A use-after-free vulnerability

Bug #2015711 reported by Yue Tao on 2023-04-10

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	StarlingX	Fix Released	High	Peng Zhang

Bug Description

CVE-2022-4379: https://nvd.nist.gov/vuln/detail/CVE-2022-4379

A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial

Score:
cve_id status cvss3Score av ac pr ui ai
CVE-2022-4379 fixed 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Upgrade Yocto kernel v5.10.177

Found during March 2023 CVE scan

Tags:

CVE References

2022-4379

Yue Tao (wrytao) on 2023-04-10

information type:	Public → Public Security
tags:	added: stx.9.0 stx.security
Changed in starlingx:
status:	New → Triaged
importance:	Undecided → High
assignee:	nobody → Peng Zhang (pzhang2)

Peng Zhang (pzhang2) on 2023-04-24

Changed in starlingx:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-04-27: Fix proposed to kernel (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/kernel/+/881688

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-04-27: Fix merged to kernel (master)

Reviewed: https://review.opendev.org/c/starlingx/kernel/+/881688
Committed: https://opendev.org/starlingx/kernel/commit/d5db2760abb490751b073027d7ed2d51ce5741cb
Submitter: "Zuul (22348)"
Branch: master

commit d5db2760abb490751b073027d7ed2d51ce5741cb
Author: Peng Zhang <email address hidden>
Date: Fri Apr 28 03:51:42 2023 +0800

Update kernel to v5.10.177

This commit updates kernel to 5.10.177 to fix following CVE issue:
CVE-2022-4379: https://nvd.nist.gov/vuln/detail/CVE-2022-4379

    One of our source patches requires refresh against the new kernel
    source. It was modified to acommodate the context changes in the new
    kernel:
            0001-Notification-of-death-of-arbitrary-processes.patch

    Verification:
    - Build kernel and out of tree modules success for rt and std.
    - Build iso success for rt and std.
    - Install success onto a All-in-One lab with rt kernel.
    - Boot up successfully in the lab.
    - The sanity testing was run including kernel and applications
      by our test team.
    - The cyclictest benchmark was also run on the starlingx lab, the result
      is "samples: 259199999 avg: 1614 max: 4759 99.9999th percentile: 2572
      overflows: 0", It is not big difference with 5.10.162 for avg and max,
      but percentile seems little lower than 5.10.162.

    Closes-Bug: 2015711
    Change-Id: I98a92534154989446ba6eda9529cd799498ee800
    Signed-off-by: Peng Zhang <email address hidden>

Changed in starlingx:
status:	In Progress → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.