[SRU][F][PATCH 0/2] CVE-2024-35896
Massimiliano Pellizzer
massimiliano.pellizzer at canonical.com
Thu Nov 7 18:31:26 UTC 2024
[Impact]
netfilter: validate user input for expected length
[Fix]
Noble: Fixed
Jammy: Fixed
Focal:
Backported the fix commit (0f038242b77dd) from linux-5.10.y
Cherry picked a follow-up of the fix commit (cf4bc359b7614) from
linux-5.10.y
Bionic: Sent to ESM ML
Xenial: Sent to ESM ML
[Test Case]
Compile and boot tested.
Passed every test in the kselftest suite with target netfilter.
[Where problems could occur]
The fix affects the netfilter subsystem. A bug in the patch could
introduce issues during packet filtering, leading to mishandled packets
or memory access violation. Users may notice kernel warnings or system
crashes and they may experience network delays and dropped packets.
Eric Dumazet (2):
netfilter: validate user input for expected length
netfilter: complete validation of user input
net/bridge/netfilter/ebtables.c | 6 ++++++
net/ipv4/netfilter/arp_tables.c | 8 ++++++++
net/ipv4/netfilter/ip_tables.c | 8 ++++++++
net/ipv6/netfilter/ip6_tables.c | 8 ++++++++
4 files changed, 30 insertions(+)
--
2.43.0
More information about the kernel-team
mailing list