Azure: keys: Do not cache key in task struct if key is requested from kernel thread
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux-azure (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Medium
|
Tim Gardner |
Bug Description
SRU Justification
[Impact]
The key which gets cached in task structure from a kernel thread does not
get invalidated even after expiry. Due to which, a new key request from
kernel thread will be served with the cached key if it's present in task
struct irrespective of the key validity.
[Fix]
commit 47f9e4c924025c5
Fixes: 7743c48e54ee ("keys: Cache result of request_key*() temporarily in task_struct")
[Regression potential]
DNS keys used by CIFS could get confused.
[Other Info]
Though this commit is part of stable updates v5.4.240, MSFT has requested that it be applied in advance since Focal is only up to v5.4.233. Linux-azure 5.4 is the only kernel that does not have this patch.
SF: #00359129
CVE References
- 2021-3669
- 2022-2196
- 2022-2663
- 2022-2978
- 2022-29901
- 2022-3028
- 2022-3061
- 2022-3108
- 2022-3524
- 2022-3545
- 2022-3564
- 2022-3565
- 2022-3566
- 2022-3567
- 2022-3594
- 2022-3621
- 2022-3643
- 2022-3903
- 2022-40768
- 2022-41218
- 2022-4139
- 2022-42703
- 2022-42719
- 2022-42896
- 2022-4382
- 2022-43945
- 2022-45934
- 2022-47520
- 2023-0266
- 2023-0461
- 2023-1075
- 2023-1118
- 2023-1281
- 2023-1380
- 2023-1670
- 2023-1829
- 2023-1859
- 2023-23559
- 2023-2612
- 2023-26545
- 2023-30456
- 2023-31436
- 2023-32233
affects: | linux (Ubuntu) → linux-azure (Ubuntu) |
Changed in linux-azure (Ubuntu): | |
status: | New → Fix Released |
Changed in linux-azure (Ubuntu Focal): | |
assignee: | nobody → Tim Gardner (timg-tpi) |
importance: | Undecided → Medium |
status: | New → In Progress |
description: | updated |
Changed in linux-azure (Ubuntu Focal): | |
status: | In Progress → Fix Committed |
tags: |
added: verification-done-focal removed: verification-needed-focal |
https:/ /lists. ubuntu. com/archives/ kernel- team/2023- April/139134. html