ACK: [SRU Jammy,OEM-6.1,Lunar,Mantic 0/1] CVE-2024-0193
Manuel Diewald
manuel.diewald at canonical.com
Fri Jan 5 09:56:15 UTC 2024
On Thu, Jan 04, 2024 at 04:42:49PM -0300, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> A double deactivation of garbage collected netfilter set pipapo elements
> can lead to a use-after-free, allowing unprivileged users to escalage
> privileges when user namespaces are used.
>
> [Test case]
> This was only built tested.
>
> [Potential impact]
> nftables users would be affected.
>
> Pablo Neira Ayuso (1):
> netfilter: nf_tables: skip set commit for deleted/destroyed sets
>
> net/netfilter/nf_tables_api.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> --
> 2.34.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
Acked-by: Manuel Diewald <manuel.diewald at canonical.com>
--
Manuel
More information about the kernel-team
mailing list