ACK: [SRU Focal/Impish/OEM-5.14/Jammy 0/1] CVE-2022-25636
Andrea Righi
andrea.righi at canonical.com
Thu Feb 24 07:58:24 UTC 2022
On Tue, Feb 22, 2022 at 02:49:14PM -0300, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> As reported at https://www.openwall.com/lists/oss-security/2022/02/21/2,
> a heaps out-of-bound write may be trigerred by an unprivileged user
> using network namespaces and nftables. This can lead to a crash or local
> privilege escalation.
>
> [Backport]
> 5.4 backport required a conflict fixup because offload_stats is not
> present in struct nft_expr_ops. The fix came from net.git.
>
> [Test case]
> The reproducer shared at
> https://www.openwall.com/lists/oss-security/2022/02/21/2 was used.
>
> [Potential regression]
> nftables users would be affected.
Acked-by: Andrea Righi <andrea.righi at canonical.com>
More information about the kernel-team
mailing list