APPLIED: [SRU][N/J/F][PATCH 0/1] CVE-2024-53141
Mehmet Basaran
mehmet.basaran at canonical.com
Mon Jan 13 06:19:04 UTC 2025
Ian Whitfield <ian.whitfield at canonical.com> writes:
> [Impact]
>
> When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists,
> the values of ip and ip_to are slightly swapped. Therefore, the range check
> for ip should be done later, but this part is missing and it seems that the
> vulnerability occurs.
>
> So we should add missing range checks and remove unnecessary range checks.
>
> [Backport]
>
> The patch was applied cleanly.
>
> [Fix]
>
> Oracular: fixed via stable updates
> Noble: backport
> Jammy: backport
> Focal: backport
> Bionic: fix sent to ESM ML
> Xenial: fix sent to ESM ML
> Trusty: fix sent to ESM ML
>
> [Test Case]
>
> Compile and boot tested
>
> [Where problems could occur]
>
> This fix affects those who use netfilter's IP set functionality. An
> issue with this fix would be visible to the user as the potential for
> out-of-bounds memory access due to insufficient bounds checking.
>
> Jeongjun Park (1):
> netfilter: ipset: add missing range check in bitmap_ip_uadt
>
> net/netfilter/ipset/ip_set_bitmap_ip.c | 7 ++-----
> 1 file changed, 2 insertions(+), 5 deletions(-)
>
> --
> 2.43.0
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
Applied to noble:linux, jammy:linux, focal:linux master-next branches. Thanks!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 873 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20250113/f65df7d9/attachment.sig>
More information about the kernel-team
mailing list