[SRU][F/J/L][PATCH 0/1] CVE-2023-39192
Magali Lemes
magali.lemes at canonical.com
Thu Oct 26 13:05:53 UTC 2023
[Impact]
A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32
module did not validate the fields in the xt_u32 structure. This flaw allows a
local privileged attacker to trigger an out-of-bounds read by setting the size
fields with a value beyond the array boundaries, leading to a crash or
information disclosure.
[Backport]
Clean cherry-pick.
[Test]
Compile, boot and smoke tested on a VM:
```
# Log any echo reply message. u32 language is explained in the iptables-extensions manpage.
(vm) $ sudo iptables -A OUTPUT -m u32 --u32 "6 & 0xFF = 1 && 4 & 0x3FFF = 0 && 0 >> 22 & 0x3C @ 0 >> 24 = 0" -j LOG
(host) $ ping $VM_IP
(vm) $ sudo dmesg | tail # here we expect to see some logs
```
[Regression potential]
Limited to the u32 packet matching module.
Wander Lairson Costa (1):
netfilter: xt_u32: validate user space input
net/netfilter/xt_u32.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
--
2.34.1
More information about the kernel-team
mailing list