[SRU][Focal][PATCH 0/1] CVE-2024-0607
Bethany Jamison
bethany.jamison at canonical.com
Thu Feb 1 19:51:05 UTC 2024
[Impact]
A flaw was found in the Netfilter subsystem in the Linux kernel. The issue
is in the nft_byteorder_eval() function, where the code iterates through a
loop and writes to the `dst` array. On each iteration, 8 bytes are written,
but `dst` is an array of u32, so each element only has space for 4 bytes.
That means every iteration overwrites part of the previous element
corrupting this array of u32. This flaw allows a local user to cause a
denial of service or potentially break NetFilter functionality.
[Fix]
Mantic: The fix commit already exists in Mantic.
Lunar: Skipped because Lunar is EOL.
Focal: Backported - upstream had a different code structure in files - I found
the relevent chunks of code and implemented the fix commit changes.
[Test Case]
Compile and boot test.
[Regression Potential]
Issues could occur when writting multiple times to 'dst' array in Netfilter.
Dan Carpenter (1):
netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()
include/net/netfilter/nf_tables.h | 4 ++--
net/netfilter/nft_byteorder.c | 5 +++--
net/netfilter/nft_meta.c | 2 +-
3 files changed, 6 insertions(+), 5 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list