[SRU][F/J/L][PATCH 0/1] CVE-2023-39193
Magali Lemes
magali.lemes at canonical.com
Thu Oct 26 14:15:23 UTC 2023
[Impact]
A flaw was found in the Netfilter subsystem in the Linux kernel. The
sctp_mt_check did not validate the flag_count field. This flaw allows a local
privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading
to a crash or information disclosure.
[Backport]
Clean cherry-pick.
[Test]
Compile, boot and smoke tested on a VM:
```
(vm) $ sudo iptables -A INPUT -p sctp -m sctp --dport 12345 -j LOG
(vm) $ ncat --sctp -l -p 12345
(host) $ echo "testing" | ncat --sctp $VM_IP 12345
(vm) $ sudo dmesg | tail # here we expect to see some logs
```
[Regression potential]
Limited to the sctp packet matching module.
Wander Lairson Costa (1):
netfilter: xt_sctp: validate the flag_info count
net/netfilter/xt_sctp.c | 2 ++
1 file changed, 2 insertions(+)
--
2.34.1
More information about the kernel-team
mailing list