ACK: [SRU][F][PATCH 0/2] CVE-2024-35896
Jacob Martin
jacob.martin at canonical.com
Mon Jan 6 17:18:16 UTC 2025
On Thu, Nov 07, 2024 at 07:31:26PM +0100, Massimiliano Pellizzer wrote:
> [Impact]
>
> netfilter: validate user input for expected length
>
> [Fix]
>
> Noble: Fixed
> Jammy: Fixed
>
> Focal:
> Backported the fix commit (0f038242b77dd) from linux-5.10.y
> Cherry picked a follow-up of the fix commit (cf4bc359b7614) from
> linux-5.10.y
>
> Bionic: Sent to ESM ML
> Xenial: Sent to ESM ML
>
> [Test Case]
>
> Compile and boot tested.
> Passed every test in the kselftest suite with target netfilter.
>
> [Where problems could occur]
>
> The fix affects the netfilter subsystem. A bug in the patch could
> introduce issues during packet filtering, leading to mishandled packets
> or memory access violation. Users may notice kernel warnings or system
> crashes and they may experience network delays and dropped packets.
>
> Eric Dumazet (2):
> netfilter: validate user input for expected length
> netfilter: complete validation of user input
>
> net/bridge/netfilter/ebtables.c | 6 ++++++
> net/ipv4/netfilter/arp_tables.c | 8 ++++++++
> net/ipv4/netfilter/ip_tables.c | 8 ++++++++
> net/ipv6/netfilter/ip6_tables.c | 8 ++++++++
> 4 files changed, 30 insertions(+)
>
> --
> 2.43.0
Acked-by: Jacob Martin <jacob.martin at canonical.com>
More information about the kernel-team
mailing list