[SRU Jammy,OEM-6.1,Lunar,Mantic 0/1] CVE-2023-6817
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Fri Dec 15 17:51:22 UTC 2023
[Impact]
Netfilter did not skip inactive elements during set walk, leading to a
double-free or other unknown impacts.
An unprivileged local attacker could use this to escalate privileges.
[Backport]
There was a conflict when applying the fix due to the absence of commit
0e1ea651c9717ddcd8e0648d8468477a31867b0a. This was not backported as a
pre-req since it changes other netfilter code and was not necessary
to mitigate the vulnerability.
[Potential regression]
Some nftables users may notice regressions, like crashes, memory leaks
or change in behavior.
Florian Westphal (1):
netfilter: nft_set_pipapo: skip inactive elements during set walk
net/netfilter/nft_set_pipapo.c | 3 +++
1 file changed, 3 insertions(+)
--
2.34.1
More information about the kernel-team
mailing list