ACK: [SRU][Focal-OEM-5.14/Jammy-OEM-5.17][PATCH 0/1] CVE-2023-1095
Tim Gardner
tim.gardner at canonical.com
Tue Mar 21 18:17:41 UTC 2023
On 3/17/23 1:14 PM, Yuxuan Luo wrote:
> [Impact]
> In nf_tables_updtable, if nf_tables_table_enable returns an error,
> nft_trans_destroy is called to free the transaction object.
> nft_trans_destroy() calls list_del(), but the transaction was never placed
> on a list -- the list head is all zeroes, this results in a NULL pointer
> dereference.
>
> [Backport]
> Clean cherry pick.
>
> [Test]
> Compile and smoke tested.
>
> [Potential Regression]
> Little or even no regression since the change only initialized the list header.
>
>
> Florian Westphal (1):
> netfilter: nf_tables: fix null deref due to zeroed list head
>
> net/netfilter/nf_tables_api.c | 1 +
> 1 file changed, 1 insertion(+)
>
Acked-by: Tim Gardner <tim.gardner at canonical.com>
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list