new file mode 100644
@@ -0,0 +1,71 @@
+From 0c318fdc38b8db3bce50d6e9a6ec8064b4ff5720 Mon Sep 17 00:00:00 2001
+From: Vivek Kumbhar <vkumbhar@mvista.com>
+Date: Mon, 14 Nov 2022 11:33:48 +0530
+Subject: [PATCH] CVE-2022-42919
+
+Upstream-Status: Backport [https://github.com/python/cpython/commit/eae692eed18892309bcc25a2c0f8980038305ea2]
+CVE: CVE-2022-42919
+Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
+
+[3.10] gh-97514: Don't use Linux abstract sockets for multiprocessing (GH-98501) (GH-98503)
+
+Linux abstract sockets are insecure as they lack any form of filesystem
+permissions so their use allows anyone on the system to inject code into
+the process.
+
+This removes the default preference for abstract sockets in
+multiprocessing introduced in Python 3.9+ via
+https://github.com/python/cpython/pull/18866 while fixing
+https://github.com/python/cpython/issues/84031.
+
+Explicit use of an abstract socket by a user now generates a
+RuntimeWarning. If we choose to keep this warning, it should be
+backported to the 3.7 and 3.8 branches.
+(cherry picked from commit 49f61068f49747164988ffc5a442d2a63874fc17)
+Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
+---
+ Lib/multiprocessing/connection.py | 5 -----
+ .../2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst | 15 +++++++++++++++
+ 2 files changed, 15 insertions(+), 5 deletions(-)
+ create mode 100644 Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst
+
+diff --git a/Lib/multiprocessing/connection.py b/Lib/multiprocessing/connection.py
+index 510e4b5..8e2facf 100644
+--- a/Lib/multiprocessing/connection.py
++++ b/Lib/multiprocessing/connection.py
+@@ -73,11 +73,6 @@ def arbitrary_address(family):
+ if family == 'AF_INET':
+ return ('localhost', 0)
+ elif family == 'AF_UNIX':
+- # Prefer abstract sockets if possible to avoid problems with the address
+- # size. When coding portable applications, some implementations have
+- # sun_path as short as 92 bytes in the sockaddr_un struct.
+- if util.abstract_sockets_supported:
+- return f"\0listener-{os.getpid()}-{next(_mmap_counter)}"
+ return tempfile.mktemp(prefix='listener-', dir=util.get_temp_dir())
+ elif family == 'AF_PIPE':
+ return tempfile.mktemp(prefix=r'\\.\pipe\pyc-%d-%d-' %
+diff --git a/Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst b/Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst
+new file mode 100644
+index 0000000..02d95b5
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst
+@@ -0,0 +1,15 @@
++On Linux the :mod:`multiprocessing` module returns to using filesystem backed
++unix domain sockets for communication with the *forkserver* process instead of
++the Linux abstract socket namespace. Only code that chooses to use the
++:ref:`"forkserver" start method <multiprocessing-start-methods>` is affected.
++
++Abstract sockets have no permissions and could allow any user on the system in
++the same `network namespace
++<https://man7.org/linux/man-pages/man7/network_namespaces.7.html>`_ (often the
++whole system) to inject code into the multiprocessing *forkserver* process.
++This was a potential privilege escalation. Filesystem based socket permissions
++restrict this to the *forkserver* process user as was the default in Python 3.8
++and earlier.
++
++This prevents Linux `CVE-2022-42919
++<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42919>`_.
+--
+2.25.1
+
@@ -42,6 +42,7 @@ SRC_URI:append:class-native = " \
file://0001-distutils-sysconfig-append-STAGING_LIBDIR-python-sys.patch \
file://12-distutils-prefix-is-inside-staging-area.patch \
file://0001-Don-t-search-system-for-headers-libraries.patch \
+ file://CVE-2022-42919.patch \
"
SRC_URI[sha256sum] = "6eed8415b7516fb2f260906db5d48dd4c06acc0cb24a7d6cc15296a604dcdc48"