APPLIED: [SRU][Jammy][PATCH 0/1] CVE-2022-34918
Stefan Bader
stefan.bader at canonical.com
Fri Jul 8 12:38:59 UTC 2022
On 06.07.22 17:24, Cengiz Can wrote:
> [Impact]
> An issue was discovered in the Linux kernel through 5.18.9. A type
> confusion bug in nft_set_elem_init (leading to a buffer overflow) could
> be used by a local attacker to escalate privileges, a different
> vulnerability than CVE-2022-32250. (The attacker can obtain root access,
> but must start with an unprivileged user namespace to obtain
> CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in
> net/netfilter/nf_tables_api.c.
>
> [Fix]
> Fix was cherry-picked from net tree.
>
> [Test case]
> Publicly shared PoC was tested with `slub_debug=FZP`.
> Made sure that PoC is no longer applicable after patch.
>
> [Potential regression]
> Unknown.
>
> Pablo Neira Ayuso (1):
> netfilter: nf_tables: stricter validation of element data
>
> net/netfilter/nf_tables_api.c | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
>
Applied to jammy:linux/master-next. Thanks.
-Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20220708/4cccba27/attachment.sig>
More information about the kernel-team
mailing list