ACK: [SRU][Mantic][Jammy][PATCH 0/1] CVE-2024-1085
Jose Ogando
jose.ogando at canonical.com
Thu Feb 22 05:31:14 UTC 2024
LGTM
Acked-by: Jose Ogando <jose.ogando at canonical.com>
On Wed, 2024-02-21 at 13:07 -0600, Bethany Jamison wrote:
> [Impact]
>
> A use-after-free vulnerability in the Linux kernel's netfilter:
> nf_tables
> component can be exploited to achieve local privilege escalation.
> The nft_setelem_catchall_deactivate() function checks whether the
> catch-all
> set element is active in the current generation instead of the next
> generation before freeing it, but only flags it inactive in the next
> generation, making it possible to free the element multiple times,
> leading
> to a double free vulnerability.
>
> [Fix]
>
> Mantic: Clean cherry-pick.
> Jammy: Mantic patch applied cleanly.
>
> [Test Case]
>
> Compile and boot tested.
>
> [Regression Potential]
>
> Issues could occur when using netfilter tables when freeing up
> memory.
>
> pablo Neira Ayuso (1):
> netfilter: nf_tables: check if catch-all set element is active in
> next
> generation
>
> net/netfilter/nf_tables_api.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> --
> 2.34.1
>
>
More information about the kernel-team
mailing list