[SRU][M/J/F][PATCH 0/1] CVE-2024-26642
Bethany Jamison
bethany.jamison at canonical.com
Mon May 13 12:18:25 UTC 2024
[Impact]
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: disallow anonymous set with timeout flag
Anonymous sets are never used with timeout from userspace, reject this.
Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work.
[Fix]
Noble: pending
Mantic: Clean cherry-pick from linux-6.6.y
Jammy: Mantic patch applied cleanly.
Focal: Clean cherry-pick from linux-5.4.y
Bionic: fix sent to esm ML
Xenial: fix sent to esm ML
Trusty: not-affected
[Test Case]
Compile and boot tested.
[Where issues could occur]
This fix affects those who use the nftables network framework, an issue
with this fix would be visible to the user via unexpected behavior
surrounding anonymous sets and userspace timeout.
Pablo Neira Ayuso (1):
netfilter: nf_tables: disallow anonymous set with timeout flag
net/netfilter/nf_tables_api.c | 3 +++
1 file changed, 3 insertions(+)
--
2.34.1
More information about the kernel-team
mailing list