ACK: [SRU][M/J/F][PATCH 0/1] CVE-2024-26642
Philip Cox
philip.cox at canonical.com
Fri May 17 08:41:52 UTC 2024
On Mon, 2024-05-13 at 14:18 +0200, Bethany Jamison wrote:
> [Impact]
>
> In the Linux kernel, the following vulnerability has been resolved:
>
> netfilter: nf_tables: disallow anonymous set with timeout flag
>
> Anonymous sets are never used with timeout from userspace, reject
> this.
> Exception to this rule is NFT_SET_EVAL to ensure legacy meters still
> work.
>
> [Fix]
>
> Noble: pending
> Mantic: Clean cherry-pick from linux-6.6.y
> Jammy: Mantic patch applied cleanly.
> Focal: Clean cherry-pick from linux-5.4.y
> Bionic: fix sent to esm ML
> Xenial: fix sent to esm ML
> Trusty: not-affected
>
> [Test Case]
>
> Compile and boot tested.
>
> [Where issues could occur]
>
> This fix affects those who use the nftables network framework, an
> issue
> with this fix would be visible to the user via unexpected behavior
> surrounding anonymous sets and userspace timeout.
>
> Pablo Neira Ayuso (1):
> netfilter: nf_tables: disallow anonymous set with timeout flag
>
> net/netfilter/nf_tables_api.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> --
> 2.34.1
>
>
--
Acked-by: Philip Cox <philip.cox at canonical.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240517/0c49091a/attachment.html>
More information about the kernel-team
mailing list