[SRU Jammy,OEM-6.1,Lunar,Mantic 0/1] CVE-2024-0193
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Thu Jan 4 19:42:49 UTC 2024
[Impact]
A double deactivation of garbage collected netfilter set pipapo elements
can lead to a use-after-free, allowing unprivileged users to escalage
privileges when user namespaces are used.
[Test case]
This was only built tested.
[Potential impact]
nftables users would be affected.
Pablo Neira Ayuso (1):
netfilter: nf_tables: skip set commit for deleted/destroyed sets
net/netfilter/nf_tables_api.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--
2.34.1
More information about the kernel-team
mailing list