mbox series

[0/1,SRU,C/D] CVE-2019-9162 - NF SNMP NAT module oob read/write

Message ID 1551798961-28819-1-git-send-email-tyhicks@canonical.com
Headers show
Series CVE-2019-9162 - NF SNMP NAT module oob read/write | expand

Message

Tyler Hicks March 5, 2019, 3:16 p.m. UTC 
https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9162.html

 In the Linux kernel before 4.20.12,
 net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has
 insufficient ASN.1 length checks (aka an array index error), making
 out-of-bounds read and write operations possible, leading to an OOPS or
 local privilege escalation. This affects snmp_version and snmp_helper.

Clean cherry pick. Build logs are clean. Smoke tested by booting the Cosmic
kernel and loading the nf_nat_snmp_basic module.

Tyler

Jann Horn (1):
  netfilter: nf_nat_snmp_basic: add missing length checks in ASN.1 cbs

 net/ipv4/netfilter/nf_nat_snmp_basic_main.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

Comments

You-Sheng Yang March 6, 2019, 2:53 a.m. UTC | #1 
This has been cherry-picked to Disco as commit
c4c07b4d6fa1f11880eab8e076d3d060ef3f55fc.

ACK Cosmic.

Acked-by: You-Sheng Yang <vicamo.yang@canonical.com>

On 2019/3/5 11:16 PM, Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9162.html
>
>  In the Linux kernel before 4.20.12,
>  net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has
>  insufficient ASN.1 length checks (aka an array index error), making
>  out-of-bounds read and write operations possible, leading to an OOPS or
>  local privilege escalation. This affects snmp_version and snmp_helper.
>
> Clean cherry pick. Build logs are clean. Smoke tested by booting the Cosmic
> kernel and loading the nf_nat_snmp_basic module.
>
> Tyler
>
> Jann Horn (1):
>   netfilter: nf_nat_snmp_basic: add missing length checks in ASN.1 cbs
>
>  net/ipv4/netfilter/nf_nat_snmp_basic_main.c | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
>
Kleber Sacilotto de Souza March 7, 2019, 5:51 p.m. UTC | #2 
On 3/5/19 4:16 PM, Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9162.html
>
>  In the Linux kernel before 4.20.12,
>  net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has
>  insufficient ASN.1 length checks (aka an array index error), making
>  out-of-bounds read and write operations possible, leading to an OOPS or
>  local privilege escalation. This affects snmp_version and snmp_helper.
>
> Clean cherry pick. Build logs are clean. Smoke tested by booting the Cosmic
> kernel and loading the nf_nat_snmp_basic module.
>
> Tyler
>
> Jann Horn (1):
>   netfilter: nf_nat_snmp_basic: add missing length checks in ASN.1 cbs
>
>  net/ipv4/netfilter/nf_nat_snmp_basic_main.c | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
>
Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Kleber Sacilotto de Souza March 12, 2019, 12:28 p.m. UTC | #3 
On 3/5/19 4:16 PM, Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9162.html
>
>  In the Linux kernel before 4.20.12,
>  net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has
>  insufficient ASN.1 length checks (aka an array index error), making
>  out-of-bounds read and write operations possible, leading to an OOPS or
>  local privilege escalation. This affects snmp_version and snmp_helper.
>
> Clean cherry pick. Build logs are clean. Smoke tested by booting the Cosmic
> kernel and loading the nf_nat_snmp_basic module.
>
> Tyler
>
> Jann Horn (1):
>   netfilter: nf_nat_snmp_basic: add missing length checks in ASN.1 cbs
>
>  net/ipv4/netfilter/nf_nat_snmp_basic_main.c | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
>
Applied to cosmic/master-next branch.

Thanks,
Kleber