APPLIED: [SRU][F/J/K/L][PATCH 0/1] CVE-2023-3390

Luke Nowakowski-Krijger luke.nowakowskikrijger at canonical.com
Fri Jul 7 15:13:12 UTC 2023


Hi Cascardo,

Sorry about that it was applied locally but missed the push.. should be
pushed now.

Thanks,

- Luke

On Fri, Jul 7, 2023 at 5:52 AM Thadeu Lima de Souza Cascardo <
cascardo at canonical.com> wrote:

> On Thu, Jul 06, 2023 at 01:18:29PM -0700, Luke Nowakowski-Krijger wrote:
> > Applied to focal, jammy, and lunar linux master-next,
> > also applied to jammy:linux-hwe-5.19 as kinetic is going EOL.
> >
> > Thanks,
> > - Luke
> >
>
> Hey, Luke, I don't see this applied on focal. Can you check that it has
> been
> pushed?
>
> Thanks.
> Cascardo.
>
> > On Mon, Jul 3, 2023 at 3:21 PM Yuxuan Luo <yuxuan.luo at canonical.com>
> wrote:
> >
> > > [Impact]
> > > A use-after-free vulnerability was found in the Linux kernel's
> netfilter
> > > subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling
> with
> > > NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same
> > > transaction causing a use-after-free vulnerability. This flaw allows a
> > > local
> > > attacker with user access to cause a privilege escalation issue.
> > >
> > > [Backport]
> > > For J/K/L, it is a clean cherry pick.
> > > For Focal, the goto labels were modified in commit 3c5e44622011
> > > ("netfilter:
> > > nf_tables: memleak in hw offload abort path"), but since that is not a
> > > clean
> > > cherry pick, the alternative approach is to backport the fix patch by
> > > incorporate the new line added for 'err_release_rule' to the 'err2'
> label.
> > >
> > > [Test]
> > > Compile and boot tested.
> > >
> > > [Potential Regression]
> > > Expect low regression potential.
> > >
> > > Pablo Neira Ayuso (1):
> > >   netfilter: nf_tables: incorrect error path handling with
> > >     NFT_MSG_NEWRULE
> > >
> > >  net/netfilter/nf_tables_api.c | 3 ++-
> > >  1 file changed, 2 insertions(+), 1 deletion(-)
> > >
> > > --
> > > 2.34.1
> > >
> > >
> > > --
> > > kernel-team mailing list
> > > kernel-team at lists.ubuntu.com
> > > https://lists.ubuntu.com/mailman/listinfo/kernel-team
> > >
>
> > --
> > kernel-team mailing list
> > kernel-team at lists.ubuntu.com
> > https://lists.ubuntu.com/mailman/listinfo/kernel-team
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230707/af494af8/attachment.html>


More information about the kernel-team mailing list