[SRU Jammy/OEM-5.17/Kinetic/OEM-6.0/Lunar 0/1] CVE-2023-3610
Cengiz Can
cengiz.can at canonical.com
Fri Jul 28 20:30:30 UTC 2023
On Mon, 2023-07-24 at 11:52 +0200, Stefan Bader wrote:
> On 22.07.23 22:43, Cengiz Can wrote:
> > [Impact]
> > A use-after-free vulnerability in the Linux kernel's netfilter:
> > nf_tables
> > component can be exploited to achieve local privilege escalation.
> > Flaw in the
> > error handling of bound chains causes a use-after-free in the abort
> > path of
> > NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be
> > triggered. We
> > recommend upgrading past commit
> > 4bedf9eee016286c835e3d8fa981ddece5338795.
> >
> > [Fix]
> > Commits picked from either stable or upstream. The ones that are
> > marked as
> > backports only differ in contexts, specifically in nf_tables.h.
> >
> > [Test case]
> > Tested with test suites that ship with following repositories:
> >
> > - git://git.netfilter.org/iptables
> > - git://git.netfilter.org/nftables
> >
> > Test results:
> >
> > - iptables/tests/run_tests.sh produced exact same results with or
> > without the
> > patch.
> > - nftables/tests/shell/run_tests.sh produced similar results with
> > or without the
> > patch. (kinetic produces 1 fewer Failure with the patch).
> >
> > [Potential regression]
> > All users who use netfilter rules might be affected.
> >
> > Pablo Neira Ayuso (1):
> > netfilter: nf_tables: fix chain binding transaction logic
> >
> > include/net/netfilter/nf_tables.h | 21 +++++++-
> > net/netfilter/nf_tables_api.c | 86 +++++++++++++++++++-------
> > ----
> > net/netfilter/nft_immediate.c | 87
> > +++++++++++++++++++++++++++----
> > 3 files changed, 153 insertions(+), 41 deletions(-)
> >
>
> Occasionally I also see oem-6.1 mentioned. What about that? Also
> s/Kinetic/HWE-5.19/ for future reference.
Will look into those. Thanks!
>
> --
> - Stefan
>
More information about the kernel-team
mailing list