| Message ID | 20230803183733.23835-1-yuxuan.luo@canonical.com |
|---|---|
| Headers | show |
| Series | CVE-2023-3390 | expand |
On 8/3/23 12:37 PM, Yuxuan Luo wrote: > [Impact] > A use-after-free vulnerability was found in the Linux kernel's netfilter > subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with > NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same > transaction causing a use-after-free vulnerability. This flaw allows a local > attacker with user access to cause a privilege escalation issue. > > [Backport] > It is a clean cherry pick. > > [Test] > Compile and boot tested. > > [Potential Regression] > Expect low regression potential. > > Pablo Neira Ayuso (1): > netfilter: nf_tables: incorrect error path handling with > NFT_MSG_NEWRULE > > net/netfilter/nf_tables_api.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > Acked-by: Tim Gardner <tim.gardner@canonical.com>
On 03.08.23 20:37, Yuxuan Luo wrote: > [Impact] > A use-after-free vulnerability was found in the Linux kernel's netfilter > subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with > NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same > transaction causing a use-after-free vulnerability. This flaw allows a local > attacker with user access to cause a privilege escalation issue. > > [Backport] > It is a clean cherry pick. > > [Test] > Compile and boot tested. > > [Potential Regression] > Expect low regression potential. > > Pablo Neira Ayuso (1): > netfilter: nf_tables: incorrect error path handling with > NFT_MSG_NEWRULE > > net/netfilter/nf_tables_api.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > Acked-by: Stefan Bader <stefan.bader@canonical.com>
Yuxuan Luo kirjoitti 3.8.2023 klo 21.37: > [Impact] > A use-after-free vulnerability was found in the Linux kernel's netfilter > subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with > NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same > transaction causing a use-after-free vulnerability. This flaw allows a local > attacker with user access to cause a privilege escalation issue. > > [Backport] > It is a clean cherry pick. > > [Test] > Compile and boot tested. > > [Potential Regression] > Expect low regression potential. > > Pablo Neira Ayuso (1): > netfilter: nf_tables: incorrect error path handling with > NFT_MSG_NEWRULE > > net/netfilter/nf_tables_api.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > applied, thanks
[Impact] A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue. [Backport] It is a clean cherry pick. [Test] Compile and boot tested. [Potential Regression] Expect low regression potential. Pablo Neira Ayuso (1): netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE net/netfilter/nf_tables_api.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)