APPLIED/Cmt: [SRU][Focal/Jammy/Lunar][PATCH 0/1] CVE-2023-4881
Roxana Nicolescu
roxana.nicolescu at canonical.com
Thu Sep 28 07:46:25 UTC 2023
On 27/09/2023 15:51, Yuxuan Luo wrote:
> This patch also applies to Jammy-OEM-6.1. Sorry for the inconvenience.
>
> On 9/20/23 04:39, Roxana Nicolescu wrote:
>>
>> On 18/09/2023 23:31, Yuxuan Luo wrote:
>>> [Impact]
>>> A stack based out-of-bounds write flaw was found in the netfilter
>>> subsystem in the Linux kernel. If the expression length is a
>>> multiple of
>>> 4 (register size), the `nft_exthdr_eval` family of functions writes 4
>>> NULL bytes past the end of the `regs` argument, leading to stack
>>> corruption and potential information disclosure or a denial of service.
>>>
>>> [Backport]
>>> The fix commit fixes four occurrences introduced by different break
>>> commits. Since not all break commits are present in the Focal tree,
>>> some
>>> hunks are ignored and the rest are backported.
>>> For Jammy and Lunar, it is a clean cherry pick.
>>>
>>> [Test]
>>> Only boot test is performed so far, more comprehensive tests will come
>>> in few days.
>>>
>>> [Potential Regression]
>>> The regression should be limited within the modified file.
>>>
>>> Florian Westphal (1):
>>> netfilter: nftables: exthdr: fix 4-byte stack OOB write
>>>
>>> net/netfilter/nft_exthdr.c | 22 ++++++++++++++--------
>>> 1 file changed, 14 insertions(+), 8 deletions(-)
>>>
>> Applied to focal,jammy,lunar:master-next. Thanks! CVE reference was
>> missing in the focal patch.
>>
>> Roxana
>>
>
Adding Timo as CC.
More information about the kernel-team
mailing list