APPLIED: [SRU][F/J/K/L][PATCH 0/1] CVE-2023-3390
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Fri Jul 7 12:52:03 UTC 2023
On Thu, Jul 06, 2023 at 01:18:29PM -0700, Luke Nowakowski-Krijger wrote:
> Applied to focal, jammy, and lunar linux master-next,
> also applied to jammy:linux-hwe-5.19 as kinetic is going EOL.
>
> Thanks,
> - Luke
>
Hey, Luke, I don't see this applied on focal. Can you check that it has been
pushed?
Thanks.
Cascardo.
> On Mon, Jul 3, 2023 at 3:21 PM Yuxuan Luo <yuxuan.luo at canonical.com> wrote:
>
> > [Impact]
> > A use-after-free vulnerability was found in the Linux kernel's netfilter
> > subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with
> > NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same
> > transaction causing a use-after-free vulnerability. This flaw allows a
> > local
> > attacker with user access to cause a privilege escalation issue.
> >
> > [Backport]
> > For J/K/L, it is a clean cherry pick.
> > For Focal, the goto labels were modified in commit 3c5e44622011
> > ("netfilter:
> > nf_tables: memleak in hw offload abort path"), but since that is not a
> > clean
> > cherry pick, the alternative approach is to backport the fix patch by
> > incorporate the new line added for 'err_release_rule' to the 'err2' label.
> >
> > [Test]
> > Compile and boot tested.
> >
> > [Potential Regression]
> > Expect low regression potential.
> >
> > Pablo Neira Ayuso (1):
> > netfilter: nf_tables: incorrect error path handling with
> > NFT_MSG_NEWRULE
> >
> > net/netfilter/nf_tables_api.c | 3 ++-
> > 1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > --
> > 2.34.1
> >
> >
> > --
> > kernel-team mailing list
> > kernel-team at lists.ubuntu.com
> > https://lists.ubuntu.com/mailman/listinfo/kernel-team
> >
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list