APPLIED [OEM-5.17, OEM-6.0, OEM-6.1] Re: [Jammy, OEM-5.17, OEM-6.0, OEM-6.1, Lunar 0/2] CVE-2023-3777 // CVE-2023-3995
Timo Aaltonen
tjaalton at ubuntu.com
Fri Aug 4 11:39:19 UTC 2023
Thadeu Lima de Souza Cascardo kirjoitti 3.8.2023 klo 18.15:
> [Impact]
> The two vulnerabilities affect nftables and allow an unprivileged user to
> escalate privileges.
>
> [Backport]
> The 2 commits fix the same commit ID and apply cleanly of the affected series.
>
> [Potential regression]
> nftables users may regress.
>
> Pablo Neira Ayuso (2):
> netfilter: nf_tables: skip bound chain on rule flush
> netfilter: nf_tables: disallow rule addition to bound chain via
> NFTA_RULE_CHAIN_ID
>
> net/netfilter/nf_tables_api.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
applied to oem-kernels, thanks
--
t
More information about the kernel-team
mailing list