APPLIED [OEM-5.17]: [SRU][Focal-OEM-5.14/Jammy-OEM-5.17][PATCH 0/1] CVE-2023-1095
Manuel Diewald
manuel.diewald at canonical.com
Tue Apr 4 07:47:09 UTC 2023
On Fri, Mar 17, 2023 at 03:14:05PM -0400, Yuxuan Luo wrote:
> [Impact]
> In nf_tables_updtable, if nf_tables_table_enable returns an error,
> nft_trans_destroy is called to free the transaction object.
> nft_trans_destroy() calls list_del(), but the transaction was never placed
> on a list -- the list head is all zeroes, this results in a NULL pointer
> dereference.
>
> [Backport]
> Clean cherry pick.
>
> [Test]
> Compile and smoke tested.
>
> [Potential Regression]
> Little or even no regression since the change only initialized the list header.
>
>
> Florian Westphal (1):
> netfilter: nf_tables: fix null deref due to zeroed list head
>
> net/netfilter/nf_tables_api.c | 1 +
> 1 file changed, 1 insertion(+)
>
> --
> 2.34.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
Applied to jammy:linux-oem-5.17. Thank you!
More information about the kernel-team
mailing list