APPLIED: [SRU][Mantic][Jammy][PATCH 0/1] CVE-2024-1085
Roxana Nicolescu
roxana.nicolescu at canonical.com
Fri Feb 23 12:43:39 UTC 2024
On 21/02/2024 20:07, Bethany Jamison wrote:
> [Impact]
>
> A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables
> component can be exploited to achieve local privilege escalation.
> The nft_setelem_catchall_deactivate() function checks whether the catch-all
> set element is active in the current generation instead of the next
> generation before freeing it, but only flags it inactive in the next
> generation, making it possible to free the element multiple times, leading
> to a double free vulnerability.
>
> [Fix]
>
> Mantic: Clean cherry-pick.
> Jammy: Mantic patch applied cleanly.
>
> [Test Case]
>
> Compile and boot tested.
>
> [Regression Potential]
>
> Issues could occur when using netfilter tables when freeing up memory.
>
> pablo Neira Ayuso (1):
> netfilter: nf_tables: check if catch-all set element is active in next
> generation
>
> net/netfilter/nf_tables_api.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Applied to mantic, jammy master-next branches. Thanks!
More information about the kernel-team
mailing list