[SRU Jammy,Lunar 0/1] CVE-2023-4244 follow up
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Mon Oct 2 11:14:30 UTC 2023
[Impact]
The nftables GC can end up collecting released objects. That is still true
for the nft_set_rbtree module. This could potentially lead to a local
unprivileged user being able to escalate privileges.
[Potential regression]
nftables users can be affected.
Pablo Neira Ayuso (1):
netfilter: nft_set_rbtree: skip sync GC for new elements in this
transaction
net/netfilter/nft_set_rbtree.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list