[SRU][F][PATCH 0/2] CVE-2024-27019
Bethany Jamison
bethany.jamison at canonical.com
Fri Jun 28 16:38:16 UTC 2024
[Impact]
netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()
nft_unregister_obj() can concurrent with __nft_obj_type_get(),
and there is not any protection when iterate over nf_tables_objects
list in __nft_obj_type_get(). Therefore, there is potential data-race
of nf_tables_objects list entry.
Use list_for_each_entry_rcu() to iterate over nf_tables_objects
list in __nft_obj_type_get(), and use rcu_read_lock() in the caller
nft_obj_type_get() to protect the entire type query process.
[Fix]
Noble: pending
Jammy: pending
Focal: Backport prereq commit - ignore neighboring line context
conflict, Clean cherry-pick for fix commit
Bionic: needed
Xenial: not affected
Trusty: not affected
[Test Case]
Compile and boot tested
[Where problems could occur]
This fix affects those who use the netfilter framework, an issue with
this fix would be visible to the user via unexpected system behavior
or a system crash.
Pablo Neira Ayuso (1):
netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV
Ziyang Xuan (1):
netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()
include/net/netfilter/nf_tables.h | 2 ++
net/netfilter/nf_tables_api.c | 22 +++++++++++++++-------
net/netfilter/nft_tunnel.c | 1 +
3 files changed, 18 insertions(+), 7 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list