APPLIED[M,L,J]: [SRU Jammy,OEM-6.1,Lunar,Mantic 0/1] CVE-2023-6817
Roxana Nicolescu
roxana.nicolescu at canonical.com
Thu Jan 4 15:47:32 UTC 2024
On 15/12/2023 18:51, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> Netfilter did not skip inactive elements during set walk, leading to a
> double-free or other unknown impacts.
> An unprivileged local attacker could use this to escalate privileges.
>
> [Backport]
> There was a conflict when applying the fix due to the absence of commit
> 0e1ea651c9717ddcd8e0648d8468477a31867b0a. This was not backported as a
> pre-req since it changes other netfilter code and was not necessary
> to mitigate the vulnerability.
>
> [Potential regression]
> Some nftables users may notice regressions, like crashes, memory leaks
> or change in behavior.
>
> Florian Westphal (1):
> netfilter: nft_set_pipapo: skip inactive elements during set walk
>
> net/netfilter/nft_set_pipapo.c | 3 +++
> 1 file changed, 3 insertions(+)
>
Applied to mantic, lunar, jammy master-next branches. Thanks!
More information about the kernel-team
mailing list