APPLIED: [SRU][F/J/L][PATCH 0/1] CVE-2023-42753
Roxana Nicolescu
roxana.nicolescu at canonical.com
Fri Sep 29 07:42:02 UTC 2023
On 27/09/2023 13:32, Magali Lemes wrote:
> [Impact]
> An array indexing vulnerability was found in the netfilter subsystem of the
> Linux kernel. A missing macro could lead to a miscalculation of the `h->nets`
> array offset, providing attackers with the primitive to arbitrarily
> increment/decrement a memory buffer out-of-bound. This issue may allow a local
> user to crash the system or potentially escalate their privileges on the
> system.
>
> [Backport]
> Clean cherry-pick.
>
> [Test]
> Compile and boot tested.
>
> [Regression potential]
> Netfilter's ipset would be affected.
>
> Kyle Zeng (1):
> netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for
> ip_set_hash_netportnet.c
>
> net/netfilter/ipset/ip_set_hash_netportnet.c | 1 +
> 1 file changed, 1 insertion(+)
>
Applied to focal,jammy,lunar:master-next. Thanks!
Roxana
More information about the kernel-team
mailing list