ACK: [SRU Jammy,OEM-6.1,Lunar,Mantic 0/1] CVE-2023-6817
Thibault Ferrante
thibault.ferrante at canonical.com
Wed Jan 3 13:26:27 UTC 2024
Acked-by: Thibault Ferrante <thibault.ferrante at canonical.com>
On 15-12-2023 18:51, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> Netfilter did not skip inactive elements during set walk, leading to a
> double-free or other unknown impacts.
> An unprivileged local attacker could use this to escalate privileges.
>
> [Backport]
> There was a conflict when applying the fix due to the absence of commit
> 0e1ea651c9717ddcd8e0648d8468477a31867b0a. This was not backported as a
> pre-req since it changes other netfilter code and was not necessary
> to mitigate the vulnerability.
>
> [Potential regression]
> Some nftables users may notice regressions, like crashes, memory leaks
> or change in behavior.
>
> Florian Westphal (1):
> netfilter: nft_set_pipapo: skip inactive elements during set walk
>
> net/netfilter/nft_set_pipapo.c | 3 +++
> 1 file changed, 3 insertions(+)
>
--
Thibault
More information about the kernel-team
mailing list