[SRU][Mantic][Jammy][PATCH 0/1] CVE-2024-1085
Bethany Jamison
bethany.jamison at canonical.com
Wed Feb 21 19:07:47 UTC 2024
[Impact]
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables
component can be exploited to achieve local privilege escalation.
The nft_setelem_catchall_deactivate() function checks whether the catch-all
set element is active in the current generation instead of the next
generation before freeing it, but only flags it inactive in the next
generation, making it possible to free the element multiple times, leading
to a double free vulnerability.
[Fix]
Mantic: Clean cherry-pick.
Jammy: Mantic patch applied cleanly.
[Test Case]
Compile and boot tested.
[Regression Potential]
Issues could occur when using netfilter tables when freeing up memory.
pablo Neira Ayuso (1):
netfilter: nf_tables: check if catch-all set element is active in next
generation
net/netfilter/nf_tables_api.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--
2.34.1
More information about the kernel-team
mailing list