ACK: [bionic:linux-hwe][PATCH 1/1] netfilter: x_tables: fix compat match/target pad out-of-bound write
Krzysztof Kozlowski
krzysztof.kozlowski at canonical.com
Fri Jul 23 06:36:43 UTC 2021
On 22/07/2021 17:12, Benjamin M Romer wrote:
> From: Florian Westphal <fw at strlen.de>
>
> xt_compat_match/target_from_user doesn't check that zeroing the area
> to start of next rule won't write past end of allocated ruleset blob.
>
> Remove this code and zero the entire blob beforehand.
>
> Reported-by: syzbot+cfc0247ac173f597aaaa at syzkaller.appspotmail.com
> Reported-by: Andy Nguyen <theflow at google.com>
> Fixes: 9fa492cdc160c ("[NETFILTER]: x_tables: simplify compat API")
> Signed-off-by: Florian Westphal <fw at strlen.de>
> Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
>
> (cherry picked from commit b29c457a6511435960115c0f548c4360d5f4801d)
> CVE-2021-22555
> Signed-off-by: Benjamin M Romer <benjamin.romer at canonical.com>
> ---
> net/ipv4/netfilter/arp_tables.c | 2 ++
> net/ipv4/netfilter/ip_tables.c | 2 ++
> net/ipv6/netfilter/ip6_tables.c | 2 ++
> net/netfilter/x_tables.c | 10 ++--------
> 4 files changed, 8 insertions(+), 8 deletions(-)
>
Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski at canonical.com>
Best regards,
Krzysztof
More information about the kernel-team
mailing list