ACK: [Lunar, OEM-6.1, OEM-6.0, Kinetic, OEM-5.17, Jammy, Focal 0/1] CVE-2023-32233
Cory Todd
cory.todd at canonical.com
Wed May 10 20:21:35 UTC 2023
- Previous message (by thread): ACK: [Lunar, OEM-6.1, OEM-6.0, Kinetic, OEM-5.17, Jammy, Focal 0/1] CVE-2023-32233
- Next message (by thread): APPLIED[L/K/J/F]: [Lunar, OEM-6.1, OEM-6.0, Kinetic, OEM-5.17, Jammy, Focal 0/1] CVE-2023-32233
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
On Wed, May 10, 2023 at 04:27:38PM -0300, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> On systems where user namespaces can be created by unprivileged users,
> which is the default configuration on Ubuntu, unprivileged users can
> trigger a use-after-free vulnerability on netfilter. This could be used to
> crash the system or elevate privileges.
>
> [Test case]
> A PoC that crashes the system was tested and the fix has been shown to
> prevent it.
>
> [Backport]
> The fix applies cleanly all the way back to 5.4 kernels. A backport to 4.15
> is in the works.
>
> [Potential impact]
> netfilter users may find regressions when manipulating nftables.
>
> Pablo Neira Ayuso (1):
> netfilter: nf_tables: deactivate anonymous set from preparation phase
>
> include/net/netfilter/nf_tables.h | 1 +
> net/netfilter/nf_tables_api.c | 12 ++++++++++++
> net/netfilter/nft_dynset.c | 2 +-
> net/netfilter/nft_lookup.c | 2 +-
> net/netfilter/nft_objref.c | 2 +-
> 5 files changed, 16 insertions(+), 3 deletions(-)
>
> --
> 2.34.1
Acked-by: Cory Todd <cory.todd at canonical.com>
- Previous message (by thread): ACK: [Lunar, OEM-6.1, OEM-6.0, Kinetic, OEM-5.17, Jammy, Focal 0/1] CVE-2023-32233
- Next message (by thread): APPLIED[L/K/J/F]: [Lunar, OEM-6.1, OEM-6.0, Kinetic, OEM-5.17, Jammy, Focal 0/1] CVE-2023-32233
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the kernel-team
mailing list