ACK: [SRU][F/J/L][PATCH 0/1] CVE-2023-42753
Tim Gardner
tim.gardner at canonical.com
Wed Sep 27 12:34:07 UTC 2023
On 9/27/23 5:32 AM, Magali Lemes wrote:
> [Impact]
> An array indexing vulnerability was found in the netfilter subsystem of the
> Linux kernel. A missing macro could lead to a miscalculation of the `h->nets`
> array offset, providing attackers with the primitive to arbitrarily
> increment/decrement a memory buffer out-of-bound. This issue may allow a local
> user to crash the system or potentially escalate their privileges on the
> system.
>
> [Backport]
> Clean cherry-pick.
>
> [Test]
> Compile and boot tested.
>
> [Regression potential]
> Netfilter's ipset would be affected.
>
> Kyle Zeng (1):
> netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for
> ip_set_hash_netportnet.c
>
> net/netfilter/ipset/ip_set_hash_netportnet.c | 1 +
> 1 file changed, 1 insertion(+)
>
Acked-by: Tim Gardner <tim.gardner at canonical.com>
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list