Hasn’t been fixed in 90 days.
This bug is subject to a 90-day disclosure deadline. If a fix for this
issue is made available to users before the end of the 90-day deadline,
this bug report will become public 30 days after the fix was made
available. Otherwise, this bug report will become public at the deadline.
The scheduled deadline is 2023-03-19.RedHat have assigned CVEs to the specific issues mentioned in this bug report:
CVE-2023-0590 Kernel: use-after-free due to race condition in qdisc_graft()
CVE-2023-1252 kernel: ovl: fix use after free in struct ovl_aio_req
CVE-2023-1249 kernel: missing mmap_lock in file_files_note that could possibly lead to a use after free in the coredump code
