ACK: [SRU][F/J/L][PATCH 0/1] CVE-2023-39193
Roxana Nicolescu
roxana.nicolescu at canonical.com
Fri Oct 27 09:22:15 UTC 2023
On 26/10/2023 16:15, Magali Lemes wrote:
> [Impact]
> A flaw was found in the Netfilter subsystem in the Linux kernel. The
> sctp_mt_check did not validate the flag_count field. This flaw allows a local
> privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading
> to a crash or information disclosure.
>
> [Backport]
> Clean cherry-pick.
>
> [Test]
> Compile, boot and smoke tested on a VM:
> ```
> (vm) $ sudo iptables -A INPUT -p sctp -m sctp --dport 12345 -j LOG
> (vm) $ ncat --sctp -l -p 12345
>
> (host) $ echo "testing" | ncat --sctp $VM_IP 12345
>
> (vm) $ sudo dmesg | tail # here we expect to see some logs
> ```
>
> [Regression potential]
> Limited to the sctp packet matching module.
>
> Wander Lairson Costa (1):
> netfilter: xt_sctp: validate the flag_info count
>
> net/netfilter/xt_sctp.c | 2 ++
> 1 file changed, 2 insertions(+)
>
Acked-by: Roxana Nicolescu <roxana.nicolescu at canonical.com>
More information about the kernel-team
mailing list