APPLIED: [SRU Jammy,Lunar 0/1] CVE-2023-4244 follow up
Roxana Nicolescu
roxana.nicolescu at canonical.com
Mon Oct 2 13:22:31 UTC 2023
On 02/10/2023 13:14, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> The nftables GC can end up collecting released objects. That is still true
> for the nft_set_rbtree module. This could potentially lead to a local
> unprivileged user being able to escalate privileges.
>
> [Potential regression]
> nftables users can be affected.
>
> Pablo Neira Ayuso (1):
> netfilter: nft_set_rbtree: skip sync GC for new elements in this
> transaction
>
> net/netfilter/nft_set_rbtree.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
Applied to lunar,jammy:master-next. Thanks!
Roxana
More information about the kernel-team
mailing list