ACK: [SRU][Focal][PATCH 0/1] CVE-2024-0607
Cengiz Can
cengiz.can at canonical.com
Fri Feb 2 13:43:15 UTC 2024
On Thu, 2024-02-01 at 13:51 -0600, Bethany Jamison wrote:
> [Impact]
>
> A flaw was found in the Netfilter subsystem in the Linux kernel. The
> issue
> is in the nft_byteorder_eval() function, where the code iterates
> through a
> loop and writes to the `dst` array. On each iteration, 8 bytes are
> written,
> but `dst` is an array of u32, so each element only has space for 4
> bytes.
> That means every iteration overwrites part of the previous element
> corrupting this array of u32. This flaw allows a local user to cause
> a
> denial of service or potentially break NetFilter functionality.
>
> [Fix]
>
> Mantic: The fix commit already exists in Mantic.
> Lunar: Skipped because Lunar is EOL.
> Focal: Backported - upstream had a different code structure in files
> - I found
> the relevent chunks of code and implemented the fix commit
> changes.
>
> [Test Case]
>
> Compile and boot test.
>
> [Regression Potential]
>
> Issues could occur when writting multiple times to 'dst' array in
> Netfilter.
>
> Dan Carpenter (1):
> netfilter: nf_tables: fix pointer math issue in
> nft_byteorder_eval()
>
Acked-by: Cengiz Can <cengiz.can at canonical.com>
> include/net/netfilter/nf_tables.h | 4 ++--
> net/netfilter/nft_byteorder.c | 5 +++--
> net/netfilter/nft_meta.c | 2 +-
> 3 files changed, 6 insertions(+), 5 deletions(-)
>
> --
> 2.34.1
>
>
More information about the kernel-team
mailing list