[SRU Bionic 0/5] CVE-2023-32233
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Tue May 16 13:53:45 UTC 2023
[Impact]
On systems where user namespaces can be created by unprivileged users,
which is the default configuration on Ubuntu, unprivileged users can
trigger a use-after-free vulnerability on netfilter. This could be used to
crash the system or elevate privileges.
[Test case]
A reproducer that causes an oops under slub_debug=FZP was tested and the fix
has been shown to prevent it.
[Backport]
Picked patches submitted by the maintainer to 4.14 tree.
[Potential impact]
netfilter users may find regressions when manipulating nftables.
Florian Westphal (1):
netfilter: nf_tables: split set destruction in deactivate and destroy
phase
Pablo Neira Ayuso (4):
netfilter: nf_tables: unbind set in rule from commit path
netfilter: nf_tables: use-after-free in failing rule with bound set
netfilter: nf_tables: bogus EBUSY when deleting set after flush
netfilter: nf_tables: deactivate anonymous set from preparation phase
include/net/netfilter/nf_tables.h | 30 ++++++-
net/netfilter/nf_tables_api.c | 139 +++++++++++++++++++++---------
net/netfilter/nft_dynset.c | 22 ++++-
net/netfilter/nft_immediate.c | 6 +-
net/netfilter/nft_lookup.c | 21 ++++-
net/netfilter/nft_objref.c | 21 ++++-
6 files changed, 193 insertions(+), 46 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list