ACK: [SRU][Focal/Jammy/Lunar][PATCH 0/1] CVE-2023-4881
Tim Gardner
tim.gardner at canonical.com
Tue Sep 19 12:40:12 UTC 2023
On 9/18/23 3:31 PM, Yuxuan Luo wrote:
> [Impact]
> A stack based out-of-bounds write flaw was found in the netfilter
> subsystem in the Linux kernel. If the expression length is a multiple of
> 4 (register size), the `nft_exthdr_eval` family of functions writes 4
> NULL bytes past the end of the `regs` argument, leading to stack
> corruption and potential information disclosure or a denial of service.
>
> [Backport]
> The fix commit fixes four occurrences introduced by different break
> commits. Since not all break commits are present in the Focal tree, some
> hunks are ignored and the rest are backported.
> For Jammy and Lunar, it is a clean cherry pick.
>
> [Test]
> Only boot test is performed so far, more comprehensive tests will come
> in few days.
>
> [Potential Regression]
> The regression should be limited within the modified file.
>
> Florian Westphal (1):
> netfilter: nftables: exthdr: fix 4-byte stack OOB write
>
> net/netfilter/nft_exthdr.c | 22 ++++++++++++++--------
> 1 file changed, 14 insertions(+), 8 deletions(-)
>
Acked-by: Tim Gardner <tim.gardner at canonical.com>
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list