[SRU][F/J/L][PATCH 0/1] CVE-2023-42753
Magali Lemes
magali.lemes at canonical.com
Wed Sep 27 11:32:52 UTC 2023
[Impact]
An array indexing vulnerability was found in the netfilter subsystem of the
Linux kernel. A missing macro could lead to a miscalculation of the `h->nets`
array offset, providing attackers with the primitive to arbitrarily
increment/decrement a memory buffer out-of-bound. This issue may allow a local
user to crash the system or potentially escalate their privileges on the
system.
[Backport]
Clean cherry-pick.
[Test]
Compile and boot tested.
[Regression potential]
Netfilter's ipset would be affected.
Kyle Zeng (1):
netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for
ip_set_hash_netportnet.c
net/netfilter/ipset/ip_set_hash_netportnet.c | 1 +
1 file changed, 1 insertion(+)
--
2.34.1
More information about the kernel-team
mailing list