APPLIED: [SRU Bionic v2 0/8] CVE-2023-32233
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Wed May 24 14:33:26 UTC 2023
On Fri, 19 May 2023 16:44:00 -0300, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> On systems where user namespaces can be created by unprivileged users,
> which is the default configuration on Ubuntu, unprivileged users can
> trigger a use-after-free vulnerability on netfilter. This could be used to
> crash the system or elevate privileges.
>
> [Test case]
> A reproducer that causes an oops under slub_debug=FZP was tested and the fix
> has been shown to prevent it.
>
> [...]
Applied, thanks!
[1/8] netfilter: nf_tables: add nft_set_is_anonymous() helper
(no commit info)
[2/8] netfilter: nf_tables: split set destruction in deactivate and destroy phase
(no commit info)
[3/8] netfilter: nf_tables: unbind set in rule from commit path
(no commit info)
[4/8] netfilter: nf_tables: bogus EBUSY in helper removal from transaction
(no commit info)
[5/8] netfilter: nf_tables: fix set double-free in abort path
(no commit info)
[6/8] netfilter: nf_tables: bogus EBUSY when deleting set after flush
(no commit info)
[7/8] netfilter: nf_tables: use-after-free in failing rule with bound set
(no commit info)
[8/8] netfilter: nf_tables: deactivate anonymous set from preparation phase
(no commit info)
Best regards,
--
Thadeu Lima de Souza Cascardo <cascardo at canonical.com>
More information about the kernel-team
mailing list