APPLIED [OEM-5.14] Re: [SRU Focal/Impish/OEM-5.14/Jammy 0/1] CVE-2022-25636
Timo Aaltonen
tjaalton at ubuntu.com
Thu Feb 24 09:02:36 UTC 2022
Thadeu Lima de Souza Cascardo kirjoitti 22.2.2022 klo 19.49:
> [Impact]
> As reported at https://www.openwall.com/lists/oss-security/2022/02/21/2,
> a heaps out-of-bound write may be trigerred by an unprivileged user
> using network namespaces and nftables. This can lead to a crash or local
> privilege escalation.
>
> [Backport]
> 5.4 backport required a conflict fixup because offload_stats is not
> present in struct nft_expr_ops. The fix came from net.git.
>
> [Test case]
> The reproducer shared at
> https://www.openwall.com/lists/oss-security/2022/02/21/2 was used.
>
> [Potential regression]
> nftables users would be affected.
>
> Pablo Neira Ayuso (1):
> netfilter: nf_tables_offload: incorrect flow offload action array size
>
> include/net/netfilter/nf_tables.h | 2 +-
> include/net/netfilter/nf_tables_offload.h | 2 --
> net/netfilter/nf_tables_offload.c | 3 ++-
> net/netfilter/nft_dup_netdev.c | 6 ++++++
> net/netfilter/nft_fwd_netdev.c | 6 ++++++
> net/netfilter/nft_immediate.c | 12 +++++++++++-
> 6 files changed, 26 insertions(+), 5 deletions(-)
>
applied to oem-5.14, thanks
More information about the kernel-team
mailing list