ACK: [SRU][F][PATCH 0/2] CVE-2024-27019
Thibault Ferrante
thibault.ferrante at canonical.com
Tue Jul 2 11:02:03 UTC 2024
On 28-06-2024 18:38, Bethany Jamison wrote:
> [Impact]
>
> netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()
>
> nft_unregister_obj() can concurrent with __nft_obj_type_get(),
> and there is not any protection when iterate over nf_tables_objects
> list in __nft_obj_type_get(). Therefore, there is potential data-race
> of nf_tables_objects list entry.
>
> Use list_for_each_entry_rcu() to iterate over nf_tables_objects
> list in __nft_obj_type_get(), and use rcu_read_lock() in the caller
> nft_obj_type_get() to protect the entire type query process.
>
> [Fix]
>
> Noble: pending
> Jammy: pending
> Focal: Backport prereq commit - ignore neighboring line context
> conflict, Clean cherry-pick for fix commit
> Bionic: needed
> Xenial: not affected
> Trusty: not affected
>
> [Test Case]
>
> Compile and boot tested
>
> [Where problems could occur]
>
> This fix affects those who use the netfilter framework, an issue with
> this fix would be visible to the user via unexpected system behavior
> or a system crash.
>
> Pablo Neira Ayuso (1):
> netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV
>
> Ziyang Xuan (1):
> netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()
>
> include/net/netfilter/nf_tables.h | 2 ++
> net/netfilter/nf_tables_api.c | 22 +++++++++++++++-------
> net/netfilter/nft_tunnel.c | 1 +
> 3 files changed, 18 insertions(+), 7 deletions(-)
>
Acked-by: Thibault Ferrante <thibault.ferrante at canonical.com>
--
Thibault
More information about the kernel-team
mailing list