Message ID | 1551798961-28819-1-git-send-email-tyhicks@canonical.com |
---|---|
Headers | show |
Series | CVE-2019-9162 - NF SNMP NAT module oob read/write | expand |
This has been cherry-picked to Disco as commit c4c07b4d6fa1f11880eab8e076d3d060ef3f55fc. ACK Cosmic. Acked-by: You-Sheng Yang <vicamo.yang@canonical.com> On 2019/3/5 11:16 PM, Tyler Hicks wrote: > https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9162.html > > In the Linux kernel before 4.20.12, > net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has > insufficient ASN.1 length checks (aka an array index error), making > out-of-bounds read and write operations possible, leading to an OOPS or > local privilege escalation. This affects snmp_version and snmp_helper. > > Clean cherry pick. Build logs are clean. Smoke tested by booting the Cosmic > kernel and loading the nf_nat_snmp_basic module. > > Tyler > > Jann Horn (1): > netfilter: nf_nat_snmp_basic: add missing length checks in ASN.1 cbs > > net/ipv4/netfilter/nf_nat_snmp_basic_main.c | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) >
On 3/5/19 4:16 PM, Tyler Hicks wrote: > https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9162.html > > In the Linux kernel before 4.20.12, > net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has > insufficient ASN.1 length checks (aka an array index error), making > out-of-bounds read and write operations possible, leading to an OOPS or > local privilege escalation. This affects snmp_version and snmp_helper. > > Clean cherry pick. Build logs are clean. Smoke tested by booting the Cosmic > kernel and loading the nf_nat_snmp_basic module. > > Tyler > > Jann Horn (1): > netfilter: nf_nat_snmp_basic: add missing length checks in ASN.1 cbs > > net/ipv4/netfilter/nf_nat_snmp_basic_main.c | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) > Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
On 3/5/19 4:16 PM, Tyler Hicks wrote: > https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9162.html > > In the Linux kernel before 4.20.12, > net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has > insufficient ASN.1 length checks (aka an array index error), making > out-of-bounds read and write operations possible, leading to an OOPS or > local privilege escalation. This affects snmp_version and snmp_helper. > > Clean cherry pick. Build logs are clean. Smoke tested by booting the Cosmic > kernel and loading the nf_nat_snmp_basic module. > > Tyler > > Jann Horn (1): > netfilter: nf_nat_snmp_basic: add missing length checks in ASN.1 cbs > > net/ipv4/netfilter/nf_nat_snmp_basic_main.c | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) > Applied to cosmic/master-next branch. Thanks, Kleber