APPLIED: [SRU][F/J/L][PATCH 0/1] CVE-2023-39192

Roxana Nicolescu roxana.nicolescu at canonical.com
Fri Oct 27 11:47:26 UTC 2023


On 26/10/2023 15:05, Magali Lemes wrote:
> [Impact]
> A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32
> module did not validate the fields in the xt_u32 structure. This flaw allows a
> local privileged attacker to trigger an out-of-bounds read by setting the size
> fields with a value beyond the array boundaries, leading to a crash or
> information disclosure.
>
> [Backport]
> Clean cherry-pick.
>
> [Test]
> Compile, boot and smoke tested on a VM:
> ```
> # Log any echo reply message. u32 language is explained in the iptables-extensions manpage.
> (vm) $ sudo iptables -A OUTPUT -m u32 --u32 "6 & 0xFF = 1 && 4 & 0x3FFF = 0 && 0 >> 22 & 0x3C @ 0 >> 24 = 0" -j LOG
>
> (host) $ ping $VM_IP
>
> (vm) $ sudo dmesg | tail # here we expect to see some logs
> ```
>
> [Regression potential]
> Limited to the u32 packet matching module.
>
> Wander Lairson Costa (1):
>    netfilter: xt_u32: validate user space input
>
>   net/netfilter/xt_u32.c | 21 +++++++++++++++++++++
>   1 file changed, 21 insertions(+)
>
Applied to f,j,l:master-next. Thanks!

Roxana



More information about the kernel-team mailing list