APPLIED/Cmt: [SRU][Focal/Jammy/Lunar][PATCH 0/1] CVE-2023-4881
Yuxuan Luo
yuxuan.luo at canonical.com
Wed Sep 27 13:51:12 UTC 2023
This patch also applies to Jammy-OEM-6.1. Sorry for the inconvenience.
On 9/20/23 04:39, Roxana Nicolescu wrote:
>
> On 18/09/2023 23:31, Yuxuan Luo wrote:
>> [Impact]
>> A stack based out-of-bounds write flaw was found in the netfilter
>> subsystem in the Linux kernel. If the expression length is a multiple of
>> 4 (register size), the `nft_exthdr_eval` family of functions writes 4
>> NULL bytes past the end of the `regs` argument, leading to stack
>> corruption and potential information disclosure or a denial of service.
>>
>> [Backport]
>> The fix commit fixes four occurrences introduced by different break
>> commits. Since not all break commits are present in the Focal tree, some
>> hunks are ignored and the rest are backported.
>> For Jammy and Lunar, it is a clean cherry pick.
>>
>> [Test]
>> Only boot test is performed so far, more comprehensive tests will come
>> in few days.
>>
>> [Potential Regression]
>> The regression should be limited within the modified file.
>>
>> Florian Westphal (1):
>> netfilter: nftables: exthdr: fix 4-byte stack OOB write
>>
>> net/netfilter/nft_exthdr.c | 22 ++++++++++++++--------
>> 1 file changed, 14 insertions(+), 8 deletions(-)
>>
> Applied to focal,jammy,lunar:master-next. Thanks! CVE reference was
> missing in the focal patch.
>
> Roxana
>
More information about the kernel-team
mailing list