[SRU][Mantic][Jammy][Focal][PATCH 0/1] CVE-2024-1086
Bethany Jamison
bethany.jamison at canonical.com
Fri Feb 9 21:11:23 UTC 2024
[Impact]
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables
component can be exploited to achieve local privilege escalation.
The nft_verdict_init() function allows positive values as drop error within
the hook verdict, and hence the nf_hook_slow() function can cause a double
free vulnerability when NF_DROP is issued with a drop error which resembles
NF_ACCEPT.
[Fix]
Mantic: Clean cherry-pick.
Jammy: Mantic patch applied cleanly.
Focal: Backported - There was a context merge conflict because upstream has
updated the fallthrough in the switch from implicit to explicit, but the fix
commit removes the switch entirely. I accepted the incoming changes from the
fix commit as given.
[Test Case]
Compile and boot tested.
[Regression Potential]
Issues could occur when running nft_verdict_init().
Florian Westphal (1):
netfilter: nf_tables: reject QUEUE/DROP verdict parameters
net/netfilter/nf_tables_api.c | 16 ++++++----------
1 file changed, 6 insertions(+), 10 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list