APPLIED[L/K/J/F]: [Lunar, OEM-6.1, OEM-6.0, Kinetic, OEM-5.17, Jammy, Focal 0/1] CVE-2023-32233

[Luke Nowakowski-Krijger]

Applied to lunar, kinetic, jammy, focal linux master-next

Thanks,
- Luke

On Wed, May 10, 2023 at 9:29 PM Thadeu Lima de Souza Cascardo <
cascardo at canonical.com> wrote:

> [Impact]
> On systems where user namespaces can be created by unprivileged users,
> which is the default configuration on Ubuntu, unprivileged users can
> trigger a use-after-free vulnerability on netfilter. This could be used to
> crash the system or elevate privileges.
>
> [Test case]
> A PoC that crashes the system was tested and the fix has been shown to
> prevent it.
>
> [Backport]
> The fix applies cleanly all the way back to 5.4 kernels. A backport to 4.15
> is in the works.
>
> [Potential impact]
> netfilter users may find regressions when manipulating nftables.
>
> Pablo Neira Ayuso (1):
>   netfilter: nf_tables: deactivate anonymous set from preparation phase
>
>  include/net/netfilter/nf_tables.h |  1 +
>  net/netfilter/nf_tables_api.c     | 12 ++++++++++++
>  net/netfilter/nft_dynset.c        |  2 +-
>  net/netfilter/nft_lookup.c        |  2 +-
>  net/netfilter/nft_objref.c        |  2 +-
>  5 files changed, 16 insertions(+), 3 deletions(-)
>
> --
> 2.34.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230511/9e043bff/attachment.html>