[SRU Focal/Impish/OEM-5.14/Jammy 0/1] CVE-2022-25636
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Tue Feb 22 17:49:14 UTC 2022
[Impact]
As reported at https://www.openwall.com/lists/oss-security/2022/02/21/2,
a heaps out-of-bound write may be trigerred by an unprivileged user
using network namespaces and nftables. This can lead to a crash or local
privilege escalation.
[Backport]
5.4 backport required a conflict fixup because offload_stats is not
present in struct nft_expr_ops. The fix came from net.git.
[Test case]
The reproducer shared at
https://www.openwall.com/lists/oss-security/2022/02/21/2 was used.
[Potential regression]
nftables users would be affected.
Pablo Neira Ayuso (1):
netfilter: nf_tables_offload: incorrect flow offload action array size
include/net/netfilter/nf_tables.h | 2 +-
include/net/netfilter/nf_tables_offload.h | 2 --
net/netfilter/nf_tables_offload.c | 3 ++-
net/netfilter/nft_dup_netdev.c | 6 ++++++
net/netfilter/nft_fwd_netdev.c | 6 ++++++
net/netfilter/nft_immediate.c | 12 +++++++++++-
6 files changed, 26 insertions(+), 5 deletions(-)
--
2.32.0
More information about the kernel-team
mailing list