ACK: [SRU][Focal][PATCH 0/1] CVE-2024-0607
Jacob Martin
jacob.martin at canonical.com
Thu Feb 1 20:37:37 UTC 2024
Acked-by: Jacob Martin <jacob.martin at canonical.com>
On Thu, Feb 01, 2024 at 01:51:05PM -0600, Bethany Jamison wrote:
> [Impact]
>
> A flaw was found in the Netfilter subsystem in the Linux kernel. The issue
> is in the nft_byteorder_eval() function, where the code iterates through a
> loop and writes to the `dst` array. On each iteration, 8 bytes are written,
> but `dst` is an array of u32, so each element only has space for 4 bytes.
> That means every iteration overwrites part of the previous element
> corrupting this array of u32. This flaw allows a local user to cause a
> denial of service or potentially break NetFilter functionality.
>
> [Fix]
>
> Mantic: The fix commit already exists in Mantic.
> Lunar: Skipped because Lunar is EOL.
> Focal: Backported - upstream had a different code structure in files - I found
> the relevent chunks of code and implemented the fix commit changes.
>
> [Test Case]
>
> Compile and boot test.
>
> [Regression Potential]
>
> Issues could occur when writting multiple times to 'dst' array in Netfilter.
>
> Dan Carpenter (1):
> netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()
>
> include/net/netfilter/nf_tables.h | 4 ++--
> net/netfilter/nft_byteorder.c | 5 +++--
> net/netfilter/nft_meta.c | 2 +-
> 3 files changed, 6 insertions(+), 5 deletions(-)
>
> --
> 2.34.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list