)]}'
{
  "commit": "84131349d5a3e3950ee83e56b3385559b3f82d5e",
  "tree": "e7502ee5ed132e7d1ff00bcd75120f7a6354114e",
  "parents": [
    "ab6fae2fe8466a54f59b075ba87ac9c699b0cd44"
  ],
  "author": {
    "name": "M A Ramdhan",
    "email": "ramdhan@starlabs.sg",
    "time": "Wed Jul 05 12:15:30 2023 -0400"
  },
  "committer": {
    "name": "Anil Altinay",
    "email": "aaltinay@google.com",
    "time": "Wed Aug 02 14:41:32 2023 +0000"
  },
  "message": "net/sched: cls_fw: Fix improper refcount update leads to use-after-free\n\n[ Upstream commit 0323bce598eea038714f941ce2b22541c46d488f ]\n\nIn the event of a failure in tcf_change_indev(), fw_set_parms() will\nimmediately return an error after incrementing or decrementing\nreference counter in tcf_bind_filter().  If attacker can control\nreference counter to zero and make reference freed, leading to\nuse after free.\n\nIn order to prevent this, move the point of possible failure above the\npoint where the TC_FW_CLASSID is handled.\n\nBUG\u003db/293910383\nTEST\u003dpresubmit\nRELEASE_NOTE\u003dFixed CVE-2023-3776 in the Linux kernel.\n\ncos-patch: security-high\nFixes: 1da177e4c3f4 (\"Linux-2.6.12-rc2\")\nReported-by: M A Ramdhan \u003cramdhan@starlabs.sg\u003e\nSigned-off-by: M A Ramdhan \u003cramdhan@starlabs.sg\u003e\nAcked-by: Jamal Hadi Salim \u003cjhs@mojatatu.com\u003e\nReviewed-by: Pedro Tammela \u003cpctammela@mojatatu.com\u003e\nMessage-ID: \u003c20230705161530.52003-1-ramdhan@starlabs.sg\u003e\nSigned-off-by: Jakub Kicinski \u003ckuba@kernel.org\u003e\nSigned-off-by: Sasha Levin \u003csashal@kernel.org\u003e\nChange-Id: I445b399022828fed7d085d8e03915ec38a80a55c\nReviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/53512\nReviewed-by: Oleksandr Tymoshenko \u003covt@google.com\u003e\nTested-by: Cusky Presubmit Bot \u003cpresubmit@cos-infra-prod.iam.gserviceaccount.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "8654b0ce997c1cb525222f51a8531e99a3799efb",
      "old_mode": 33188,
      "old_path": "net/sched/cls_fw.c",
      "new_id": "ea52c320f67c44640e2c898d5e2d695468a7458f",
      "new_mode": 33188,
      "new_path": "net/sched/cls_fw.c"
    }
  ]
}