ACK: [SRU][OEM-5.14/Jammy/OEM-5.17][PATCH 0/1] CVE-2022-34918
Tim Gardner
tim.gardner at canonical.com
Wed Jul 6 17:24:20 UTC 2022
On 7/6/22 09:24, Cengiz Can wrote:
> [Impact]
> An issue was discovered in the Linux kernel through 5.18.9. A type
> confusion bug in nft_set_elem_init (leading to a buffer overflow) could
> be used by a local attacker to escalate privileges, a different
> vulnerability than CVE-2022-32250. (The attacker can obtain root access,
> but must start with an unprivileged user namespace to obtain
> CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in
> net/netfilter/nf_tables_api.c.
>
> [Fix]
> Fix was cherry-picked from net tree.
>
> [Test case]
> Publicly shared PoC was tested with `slub_debug=FZP`.
> Made sure that PoC is no longer applicable after patch.
>
> [Potential regression]
> Unknown.
>
> Pablo Neira Ayuso (1):
> netfilter: nf_tables: stricter validation of element data
>
> net/netfilter/nf_tables_api.c | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
>
Acked-by: Tim Gardner <tim.gardner at canonical.com>
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list