[SRU][Focal-OEM-5.14/Jammy-OEM-5.17][PATCH 0/1] CVE-2023-1095
Yuxuan Luo
yuxuan.luo at canonical.com
Fri Mar 17 19:14:05 UTC 2023
[Impact]
In nf_tables_updtable, if nf_tables_table_enable returns an error,
nft_trans_destroy is called to free the transaction object.
nft_trans_destroy() calls list_del(), but the transaction was never placed
on a list -- the list head is all zeroes, this results in a NULL pointer
dereference.
[Backport]
Clean cherry pick.
[Test]
Compile and smoke tested.
[Potential Regression]
Little or even no regression since the change only initialized the list header.
Florian Westphal (1):
netfilter: nf_tables: fix null deref due to zeroed list head
net/netfilter/nf_tables_api.c | 1 +
1 file changed, 1 insertion(+)
--
2.34.1
More information about the kernel-team
mailing list