ACK: [SRU][J/F/B][PATCH] Fix CVE-2022-2663 (netfilter: nf_conntrack_irc: Fix forged IP logic)
Luke Nowakowski-Krijger
luke.nowakowskikrijger at canonical.com
Tue Oct 18 20:00:59 UTC 2022
Acked-by: Luke Nowakowski-Krijger <luke.nowakowskikrijger at canonical.com>
On Tue, Oct 18, 2022 at 12:42 PM John Cabaj <john.cabaj at canonical.com>
wrote:
> [Impact]
>
> * nf_conntrac_irc can incorrectly match messages and can allow firewall
> bypass. Impacts Jammy, Focal, and Bionic.
>
> [Fix]
>
> * Fixing netfilter IP logic so destination is based off proper direction,
> in this case referencing NAT host. Also detect port 0 as forged.
>
> [Test Plan]
>
> * Compile and boot test.
>
> [Where problems could occur]
>
> * Erroneous usage of dcc_port 0 for anything other than a signal flag.
>
> David Leadbeater (1):
> netfilter: nf_conntrack_irc: Fix forged IP logic
>
> net/netfilter/nf_conntrack_irc.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> --
> 2.34.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20221018/a7c6a688/attachment.html>
More information about the kernel-team
mailing list