ACK: [SRU Jammy,Lunar 0/1] CVE-2023-4244 follow up
Cengiz Can
cengiz.can at canonical.com
Mon Oct 2 11:28:05 UTC 2023
On 02/10/2023 14:14, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> The nftables GC can end up collecting released objects. That is still true
> for the nft_set_rbtree module. This could potentially lead to a local
> unprivileged user being able to escalate privileges.
>
> [Potential regression]
> nftables users can be affected.
>
> Pablo Neira Ayuso (1):
> netfilter: nft_set_rbtree: skip sync GC for new elements in this
> transaction
Acked-by: Cengiz Can <cengiz.can at canonical.com>
>
> net/netfilter/nft_set_rbtree.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
More information about the kernel-team
mailing list