| Message ID | 20230803151524.659940-1-cascardo@canonical.com |
|---|---|
| Headers | show |
| Series | CVE-2023-3777 // CVE-2023-3995 | expand |
On 8/3/23 9:15 AM, Thadeu Lima de Souza Cascardo wrote: > [Impact] > The two vulnerabilities affect nftables and allow an unprivileged user to > escalate privileges. > > [Backport] > The 2 commits fix the same commit ID and apply cleanly of the affected series. > > [Potential regression] > nftables users may regress. > > Pablo Neira Ayuso (2): > netfilter: nf_tables: skip bound chain on rule flush > netfilter: nf_tables: disallow rule addition to bound chain via > NFTA_RULE_CHAIN_ID > > net/netfilter/nf_tables_api.c | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) > Acked-by: Tim Gardner <tim.gardner@canonical.com>
On 03.08.23 17:15, Thadeu Lima de Souza Cascardo wrote: > [Impact] > The two vulnerabilities affect nftables and allow an unprivileged user to > escalate privileges. > > [Backport] > The 2 commits fix the same commit ID and apply cleanly of the affected series. > > [Potential regression] > nftables users may regress. > > Pablo Neira Ayuso (2): > netfilter: nf_tables: skip bound chain on rule flush > netfilter: nf_tables: disallow rule addition to bound chain via > NFTA_RULE_CHAIN_ID > > net/netfilter/nf_tables_api.c | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) > Acked-by: Stefan Bader <stefan.bader@canonical.com>
On 03.08.23 17:15, Thadeu Lima de Souza Cascardo wrote: > [Impact] > The two vulnerabilities affect nftables and allow an unprivileged user to > escalate privileges. > > [Backport] > The 2 commits fix the same commit ID and apply cleanly of the affected series. > > [Potential regression] > nftables users may regress. > > Pablo Neira Ayuso (2): > netfilter: nf_tables: skip bound chain on rule flush > netfilter: nf_tables: disallow rule addition to bound chain via > NFTA_RULE_CHAIN_ID > > net/netfilter/nf_tables_api.c | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) > Applied to lunar,jammy:linux/master-next. Thanks. -Stefan
Thadeu Lima de Souza Cascardo kirjoitti 3.8.2023 klo 18.15: > [Impact] > The two vulnerabilities affect nftables and allow an unprivileged user to > escalate privileges. > > [Backport] > The 2 commits fix the same commit ID and apply cleanly of the affected series. > > [Potential regression] > nftables users may regress. > > Pablo Neira Ayuso (2): > netfilter: nf_tables: skip bound chain on rule flush > netfilter: nf_tables: disallow rule addition to bound chain via > NFTA_RULE_CHAIN_ID > > net/netfilter/nf_tables_api.c | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) > applied to oem-kernels, thanks
[Impact] The two vulnerabilities affect nftables and allow an unprivileged user to escalate privileges. [Backport] The 2 commits fix the same commit ID and apply cleanly of the affected series. [Potential regression] nftables users may regress. Pablo Neira Ayuso (2): netfilter: nf_tables: skip bound chain on rule flush netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID net/netfilter/nf_tables_api.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)