ACK: [SRU][Mantic][Jammy][Focal][PATCH 0/1] CVE-2024-1086
Roxana Nicolescu
roxana.nicolescu at canonical.com
Tue Feb 13 12:38:18 UTC 2024
On 09/02/2024 22:11, Bethany Jamison wrote:
> [Impact]
>
> A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables
> component can be exploited to achieve local privilege escalation.
> The nft_verdict_init() function allows positive values as drop error within
> the hook verdict, and hence the nf_hook_slow() function can cause a double
> free vulnerability when NF_DROP is issued with a drop error which resembles
> NF_ACCEPT.
>
> [Fix]
>
> Mantic: Clean cherry-pick.
> Jammy: Mantic patch applied cleanly.
> Focal: Backported - There was a context merge conflict because upstream has
> updated the fallthrough in the switch from implicit to explicit, but the fix
> commit removes the switch entirely. I accepted the incoming changes from the
> fix commit as given.
>
> [Test Case]
>
> Compile and boot tested.
>
> [Regression Potential]
>
> Issues could occur when running nft_verdict_init().
>
> Florian Westphal (1):
> netfilter: nf_tables: reject QUEUE/DROP verdict parameters
>
> net/netfilter/nf_tables_api.c | 16 ++++++----------
> 1 file changed, 6 insertions(+), 10 deletions(-)
>
Acked-by: Roxana Nicolescu <roxana.nicolescu at canonical.com>
More information about the kernel-team
mailing list