ACK: [PATCH 0/1][SRU][C/D] CVE-2019-9162 - NF SNMP NAT module oob read/write
Kleber Souza
kleber.souza at canonical.com
Thu Mar 7 17:51:19 UTC 2019
On 3/5/19 4:16 PM, Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9162.html
>
> In the Linux kernel before 4.20.12,
> net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has
> insufficient ASN.1 length checks (aka an array index error), making
> out-of-bounds read and write operations possible, leading to an OOPS or
> local privilege escalation. This affects snmp_version and snmp_helper.
>
> Clean cherry pick. Build logs are clean. Smoke tested by booting the Cosmic
> kernel and loading the nf_nat_snmp_basic module.
>
> Tyler
>
> Jann Horn (1):
> netfilter: nf_nat_snmp_basic: add missing length checks in ASN.1 cbs
>
> net/ipv4/netfilter/nf_nat_snmp_basic_main.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
Acked-by: Kleber Sacilotto de Souza <kleber.souza at canonical.com>
More information about the kernel-team
mailing list