APPLIED: [SRU][F][PATCH 0/2] CVE-2024-35896
Mehmet Basaran
mehmet.basaran at canonical.com
Mon Jan 13 06:20:42 UTC 2025
Massimiliano Pellizzer <massimiliano.pellizzer at canonical.com> writes:
> [Impact]
>
> netfilter: validate user input for expected length
>
> [Fix]
>
> Noble: Fixed
> Jammy: Fixed
>
> Focal:
> Backported the fix commit (0f038242b77dd) from linux-5.10.y
> Cherry picked a follow-up of the fix commit (cf4bc359b7614) from
> linux-5.10.y
>
> Bionic: Sent to ESM ML
> Xenial: Sent to ESM ML
>
> [Test Case]
>
> Compile and boot tested.
> Passed every test in the kselftest suite with target netfilter.
>
> [Where problems could occur]
>
> The fix affects the netfilter subsystem. A bug in the patch could
> introduce issues during packet filtering, leading to mishandled packets
> or memory access violation. Users may notice kernel warnings or system
> crashes and they may experience network delays and dropped packets.
>
> Eric Dumazet (2):
> netfilter: validate user input for expected length
> netfilter: complete validation of user input
>
> net/bridge/netfilter/ebtables.c | 6 ++++++
> net/ipv4/netfilter/arp_tables.c | 8 ++++++++
> net/ipv4/netfilter/ip_tables.c | 8 ++++++++
> net/ipv6/netfilter/ip6_tables.c | 8 ++++++++
> 4 files changed, 30 insertions(+)
>
> --
> 2.43.0
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
Applied to focal:linux master-next branch. Thanks!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 873 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20250113/e681d1cf/attachment.sig>
More information about the kernel-team
mailing list