| Message ID | 20230706094925.958999-1-cascardo@canonical.com |
|---|---|
| Headers | show |
| Series | CVE-2023-31248 | expand |
On 7/6/23 3:49 AM, Thadeu Lima de Souza Cascardo wrote: > [Impact] > An unprivileged user can trigger a use-after-free on a chain when adding a > rule by using CHAIN_ID. An attacker could use this to cause denial of > service (crash) or achieve code execution. > > [Backport] > The fix was applied in the netfilter/nf.git tree and a tag has been pushed. > It is likely to get merged with the same SHA1. The provenance has been added, > but no SAUCE. > > [Test case] > A reproducer has been tested. > > [Potential regression] > nftables users may regress. > > Thadeu Lima de Souza Cascardo (1): > netfilter: nf_tables: do not ignore genmask when looking up chain by > id > > net/netfilter/nf_tables_api.c | 11 +++++++---- > 1 file changed, 7 insertions(+), 4 deletions(-) > Acked-by: Tim Gardner <tim.gardner@canonical.com>
Acked-by: Luke Nowakowski-Krijger <luke.nowakowskikrijger@canonical.com> On Thu, Jul 6, 2023 at 2:51 AM Thadeu Lima de Souza Cascardo < cascardo@canonical.com> wrote: > [Impact] > An unprivileged user can trigger a use-after-free on a chain when adding a > rule by using CHAIN_ID. An attacker could use this to cause denial of > service (crash) or achieve code execution. > > [Backport] > The fix was applied in the netfilter/nf.git tree and a tag has been pushed. > It is likely to get merged with the same SHA1. The provenance has been > added, > but no SAUCE. > > [Test case] > A reproducer has been tested. > > [Potential regression] > nftables users may regress. > > Thadeu Lima de Souza Cascardo (1): > netfilter: nf_tables: do not ignore genmask when looking up chain by > id > > net/netfilter/nf_tables_api.c | 11 +++++++---- > 1 file changed, 7 insertions(+), 4 deletions(-) > > -- > 2.34.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team >
On 06.07.23 11:49, Thadeu Lima de Souza Cascardo wrote: > [Impact] > An unprivileged user can trigger a use-after-free on a chain when adding a > rule by using CHAIN_ID. An attacker could use this to cause denial of > service (crash) or achieve code execution. > > [Backport] > The fix was applied in the netfilter/nf.git tree and a tag has been pushed. > It is likely to get merged with the same SHA1. The provenance has been added, > but no SAUCE. > > [Test case] > A reproducer has been tested. > > [Potential regression] > nftables users may regress. > > Thadeu Lima de Souza Cascardo (1): > netfilter: nf_tables: do not ignore genmask when looking up chain by > id > > net/netfilter/nf_tables_api.c | 11 +++++++---- > 1 file changed, 7 insertions(+), 4 deletions(-) > Applied to lunar,jammy:linux/master-next and jammy:linux-hwe-5.19/hwe-5.19-next as Kinetic reaches EOL. Also adjusted cherry-pick to state linux-next. Thanks. -Stefan
On Thu, Jul 06, 2023 at 06:49:24AM -0300, Thadeu Lima de Souza Cascardo wrote: > [Impact] > An unprivileged user can trigger a use-after-free on a chain when adding a > rule by using CHAIN_ID. An attacker could use this to cause denial of > service (crash) or achieve code execution. > > [Backport] > The fix was applied in the netfilter/nf.git tree and a tag has been pushed. > It is likely to get merged with the same SHA1. The provenance has been added, > but no SAUCE. > > [Test case] > A reproducer has been tested. > > [Potential regression] > nftables users may regress. Applied to mantic/linux-unstable. Thanks, -Andrea
On Thu, Jul 06, 2023 at 06:49:24AM -0300, Thadeu Lima de Souza Cascardo wrote: > [Impact] > An unprivileged user can trigger a use-after-free on a chain when adding a > rule by using CHAIN_ID. An attacker could use this to cause denial of > service (crash) or achieve code execution. > > [Backport] > The fix was applied in the netfilter/nf.git tree and a tag has been pushed. > It is likely to get merged with the same SHA1. The provenance has been added, > but no SAUCE. > > [Test case] > A reproducer has been tested. > > [Potential regression] > nftables users may regress. > > Thadeu Lima de Souza Cascardo (1): > netfilter: nf_tables: do not ignore genmask when looking up chain by > id > > net/netfilter/nf_tables_api.c | 11 +++++++---- > 1 file changed, 7 insertions(+), 4 deletions(-) > > -- > 2.34.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team Applied to linux-oem-5.17 and linux-oem-6.0, thank you!
On 6.7.2023 12.49, Thadeu Lima de Souza Cascardo wrote: > [Impact] > An unprivileged user can trigger a use-after-free on a chain when adding a > rule by using CHAIN_ID. An attacker could use this to cause denial of > service (crash) or achieve code execution. > > [Backport] > The fix was applied in the netfilter/nf.git tree and a tag has been pushed. > It is likely to get merged with the same SHA1. The provenance has been added, > but no SAUCE. > > [Test case] > A reproducer has been tested. > > [Potential regression] > nftables users may regress. > > Thadeu Lima de Souza Cascardo (1): > netfilter: nf_tables: do not ignore genmask when looking up chain by > id > > net/netfilter/nf_tables_api.c | 11 +++++++---- > 1 file changed, 7 insertions(+), 4 deletions(-) > applied to oem-6.1, thanks
[Impact] An unprivileged user can trigger a use-after-free on a chain when adding a rule by using CHAIN_ID. An attacker could use this to cause denial of service (crash) or achieve code execution. [Backport] The fix was applied in the netfilter/nf.git tree and a tag has been pushed. It is likely to get merged with the same SHA1. The provenance has been added, but no SAUCE. [Test case] A reproducer has been tested. [Potential regression] nftables users may regress. Thadeu Lima de Souza Cascardo (1): netfilter: nf_tables: do not ignore genmask when looking up chain by id net/netfilter/nf_tables_api.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-)