APPLIED [OEM-6.1] Re: [SRU Jammy,OEM-6.1,Lunar,Mantic 0/1] CVE-2023-6817
Timo Aaltonen
tjaalton at ubuntu.com
Mon Jan 8 16:50:21 UTC 2024
Thadeu Lima de Souza Cascardo kirjoitti 15.12.2023 klo 19.51:
> [Impact]
> Netfilter did not skip inactive elements during set walk, leading to a
> double-free or other unknown impacts.
> An unprivileged local attacker could use this to escalate privileges.
>
> [Backport]
> There was a conflict when applying the fix due to the absence of commit
> 0e1ea651c9717ddcd8e0648d8468477a31867b0a. This was not backported as a
> pre-req since it changes other netfilter code and was not necessary
> to mitigate the vulnerability.
>
> [Potential regression]
> Some nftables users may notice regressions, like crashes, memory leaks
> or change in behavior.
>
> Florian Westphal (1):
> netfilter: nft_set_pipapo: skip inactive elements during set walk
>
> net/netfilter/nft_set_pipapo.c | 3 +++
> 1 file changed, 3 insertions(+)
>
applied to oem-6.1-prep, thanks
--
t
More information about the kernel-team
mailing list