[SRU Jammy/OEM-5.17/Kinetic/OEM-6.0/Lunar 0/1] CVE-2023-3610
Timo Aaltonen
tjaalton at ubuntu.com
Fri Jul 28 09:28:19 UTC 2023
Stefan Bader kirjoitti 24.7.2023 klo 12.52:
> On 22.07.23 22:43, Cengiz Can wrote:
>> [Impact]
>> A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables
>> component can be exploited to achieve local privilege escalation. Flaw
>> in the
>> error handling of bound chains causes a use-after-free in the abort
>> path of
>> NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be
>> triggered. We
>> recommend upgrading past commit 4bedf9eee016286c835e3d8fa981ddece5338795.
>>
>> [Fix]
>> Commits picked from either stable or upstream. The ones that are
>> marked as
>> backports only differ in contexts, specifically in nf_tables.h.
>>
>> [Test case]
>> Tested with test suites that ship with following repositories:
>>
>> - git://git.netfilter.org/iptables
>> - git://git.netfilter.org/nftables
>>
>> Test results:
>>
>> - iptables/tests/run_tests.sh produced exact same results with or
>> without the
>> patch.
>> - nftables/tests/shell/run_tests.sh produced similar results with or
>> without the
>> patch. (kinetic produces 1 fewer Failure with the patch).
>>
>> [Potential regression]
>> All users who use netfilter rules might be affected.
>>
>> Pablo Neira Ayuso (1):
>> netfilter: nf_tables: fix chain binding transaction logic
>>
>> include/net/netfilter/nf_tables.h | 21 +++++++-
>> net/netfilter/nf_tables_api.c | 86 +++++++++++++++++++-----------
>> net/netfilter/nft_immediate.c | 87 +++++++++++++++++++++++++++----
>> 3 files changed, 153 insertions(+), 41 deletions(-)
>>
>
> Occasionally I also see oem-6.1 mentioned. What about that? Also
> s/Kinetic/HWE-5.19/ for future reference.
This is actually in 6.1 -1018 already via upstream 6.1.36
--
t
More information about the kernel-team
mailing list