ACK: [SRU Jammy,Lunar 0/1] CVE-2023-4244 follow up
Roxana Nicolescu
roxana.nicolescu at canonical.com
Mon Oct 2 11:18:55 UTC 2023
On 02/10/2023 13:14, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> The nftables GC can end up collecting released objects. That is still true
> for the nft_set_rbtree module. This could potentially lead to a local
> unprivileged user being able to escalate privileges.
>
> [Potential regression]
> nftables users can be affected.
>
> Pablo Neira Ayuso (1):
> netfilter: nft_set_rbtree: skip sync GC for new elements in this
> transaction
>
> net/netfilter/nft_set_rbtree.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
Acked-by: Roxana Nicolescu <roxana.nicolescu at canonical.com>
More information about the kernel-team
mailing list