ACK: [SRU][M/J 0/1, F 0/2] CVE-2024-26581
Philip Cox
philip.cox at canonical.com
Mon Mar 18 17:18:45 UTC 2024
On Fri, 2024-03-15 at 15:34 -0500, Bethany Jamison wrote:
> [Impact]
>
> In the Linux kernel, the following vulnerability has been resolved:
> netfilter: nft_set_rbtree: skip end interval element from gc rbtree
> lazy gc
> on insert might collect an end interval element that has been just
> added in
> this transactions, skip end interval elements that are not yet
> active.
>
> [Fix]
>
> Mantic: Clean cherry-pick.
> Jammy: Mantic patch applied cleanly.
> Focal: Fix and prereq commits cherry-picked cleanly.
>
> [Test Case]
>
> Compile and boot tested.
>
> [Where problems could occur]
>
> This affects many users as netfilter is widely used, but the risk of
> regression is low as the fix is simple.
>
> Pablo Neira Ayuso (1):
> netfilter: nft_set_rbtree: skip end interval element from gc
>
> net/netfilter/nft_set_rbtree.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> --
> 2.34.1
>
>
--
Acked-by: Philip Cox <philip.cox at canonical.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240318/89eae218/attachment.html>
More information about the kernel-team
mailing list