[SRU][F][PATCH 0/2] CVE-2024-26668
Massimiliano Pellizzer
massimiliano.pellizzer at canonical.com
Fri Sep 20 10:20:58 UTC 2024
[Impact]
Reject bogus configs where internal token counter wraps around.
This only occurs with very very large requests, such as 17gbyte/s.
[Fix]
Noble: Not affected
Jammy: Fixed
Focal: Cherry picked a prereq from linux-5.15.y, and backported the
fix commit from linux-5.15.y
Bionic: Sent to ESM ML
Xenial: Sent to ESM ML
[Test Case]
Compile and boot tested.
[Where problems could occur]
The fix for CVE-2024-26668 affects the netfilter subsystem.
An issue with this fix may lead to kernel crashes, particularly during
the application or modification of network filtering rules.
Users may also notice unexpected network behavior.
Florian Westphal (1):
netfilter: nft_limit: reject configurations that cause integer
overflow
Pablo Neira Ayuso (1):
netfilter: nft_limit: rename stateful structure
net/netfilter/nft_limit.c | 115 ++++++++++++++++++++------------------
1 file changed, 62 insertions(+), 53 deletions(-)
--
2.43.0
More information about the kernel-team
mailing list