30 Oct
2024
30 Oct
'24
7:29 a.m.
Hello maintainers,
On Fri, 20 Sep 2024 02:28:03 -0700, Shivani Agarwal wrote:
Thanks Fedor.
Upstream commit 1be59c97c83c is merged in 5.4 with commit 10aeaa47e4aa and in 4.19 with commit 27d6dbdc6485. The issue is reproducible in 5.4 and 4.19 also.
I am sending the backport patch of d23b5c577715 and a7fb0423c201 for 5.4 and 4.19 in the next email.
Please backport these changes to stable.
"cgroup/cpuset: Prevent UAF in proc_cpuset_show()" has already been backported and bears CVE-2024-43853. As reported, we may already have introduced another problem due to the missing backport.
Thanks, Siddh