[SRU] [Bionic] [PATCH 0/1] Fix kernel panic in netfilter
Kai-Heng Feng
kai.heng.feng at canonical.com
Thu Feb 21 10:42:42 UTC 2019
BugLink: https://bugs.launchpad.net/bugs/1811394
[Impact]
ipset-nuclear script [1] casues a kernel panic.
[Fix]
"Fix wraparound bug which could lead to memory exhaustion when adding an
x.x.x.x-255.255.255.255 range to any hash:*net* types."
[Test]
User feedbacked this patch solves the issue.
[Regression Potential]
Low. It's also in upstream stable v4.14.
[1] https://github.com/DevelopersPL/pkgbuild/blob/master/ipset-nuclear/ipset-nuclear
Jozsef Kadlecsik (1):
netfilter: ipset: Fix wraparound in hash:*net* types
net/netfilter/ipset/ip_set_hash_ipportnet.c | 26 +++++++--------
net/netfilter/ipset/ip_set_hash_net.c | 9 +++--
net/netfilter/ipset/ip_set_hash_netiface.c | 9 +++--
net/netfilter/ipset/ip_set_hash_netnet.c | 28 ++++++++--------
net/netfilter/ipset/ip_set_hash_netport.c | 19 ++++++-----
net/netfilter/ipset/ip_set_hash_netportnet.c | 35 ++++++++++----------
6 files changed, 63 insertions(+), 63 deletions(-)
--
2.17.1
More information about the kernel-team
mailing list