Security tracker / CVE-2022-1247

CVE-2022-1247

rose: Race condition leads to use-after-free

References

• Debian security tracker
• cve.org
• https://bugzilla.redhat.com/show_bug.cgi?id=2066799
• https://bugzilla.suse.com/show_bug.cgi?id=1199434#c7

Notes

 bwh> I'm assuming all branches are affected because I don't see any
 bwh> locking changes since 4.9.
 bwh> In bullseye and newer releases this is mitigated because we
 bwh> disabled auto-loading of the rose module.

Bugs

Status

Branch	Status
upstream	needed
6.18-upstream-stable
6.17-upstream-stable
6.12-upstream-stable
6.6-upstream-stable
6.1-upstream-stable	needed
5.10-upstream-stable	needed
4.9-upstream-stable	ignored "EOL"
sid	needed
6.12-trixie-security	needed
6.1-bookworm-security	needed
5.10-bullseye-security	needed
4.9-stretch-security	ignored "EOL"