mbox series

[SRU,Jammy,OEM-6.1,Lunar,Mantic,0/1] CVE-2024-0193

Message ID 20240104194250.1880571-1-cascardo@canonical.com
Headers show
Series CVE-2024-0193 | expand

Message

Thadeu Lima de Souza Cascardo Jan. 4, 2024, 7:42 p.m. UTC 
[Impact]
A double deactivation of garbage collected netfilter set pipapo elements
can lead to a use-after-free, allowing unprivileged users to escalage
privileges when user namespaces are used.

[Test case]
This was only built tested.

[Potential impact]
nftables users would be affected.

Pablo Neira Ayuso (1):
  netfilter: nf_tables: skip set commit for deleted/destroyed sets

 net/netfilter/nf_tables_api.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Roxana Nicolescu Jan. 4, 2024, 7:59 p.m. UTC | #1 
On 04/01/2024 20:42, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> A double deactivation of garbage collected netfilter set pipapo elements
> can lead to a use-after-free, allowing unprivileged users to escalage
> privileges when user namespaces are used.
>
> [Test case]
> This was only built tested.
>
> [Potential impact]
> nftables users would be affected.
>
> Pablo Neira Ayuso (1):
>    netfilter: nf_tables: skip set commit for deleted/destroyed sets
>
>   net/netfilter/nf_tables_api.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
Manuel Diewald Jan. 5, 2024, 9:56 a.m. UTC | #2 
On Thu, Jan 04, 2024 at 04:42:49PM -0300, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> A double deactivation of garbage collected netfilter set pipapo elements
> can lead to a use-after-free, allowing unprivileged users to escalage
> privileges when user namespaces are used.
> 
> [Test case]
> This was only built tested.
> 
> [Potential impact]
> nftables users would be affected.
> 
> Pablo Neira Ayuso (1):
>   netfilter: nf_tables: skip set commit for deleted/destroyed sets
> 
>  net/netfilter/nf_tables_api.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> -- 
> 2.34.1
> 
> 
> -- 
> kernel-team mailing list
> kernel-team@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

Acked-by: Manuel Diewald <manuel.diewald@canonical.com>
Roxana Nicolescu Jan. 5, 2024, 10:49 a.m. UTC | #3 
On 04/01/2024 20:42, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> A double deactivation of garbage collected netfilter set pipapo elements
> can lead to a use-after-free, allowing unprivileged users to escalage
> privileges when user namespaces are used.
>
> [Test case]
> This was only built tested.
>
> [Potential impact]
> nftables users would be affected.
>
> Pablo Neira Ayuso (1):
>    netfilter: nf_tables: skip set commit for deleted/destroyed sets
>
>   net/netfilter/nf_tables_api.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>
Applied to mantic, lunar, jammy master-next branches. Thanks!
Timo Aaltonen Jan. 8, 2024, 1:47 p.m. UTC | #4 
Thadeu Lima de Souza Cascardo kirjoitti 4.1.2024 klo 21.42:
> [Impact]
> A double deactivation of garbage collected netfilter set pipapo elements
> can lead to a use-after-free, allowing unprivileged users to escalage
> privileges when user namespaces are used.
> 
> [Test case]
> This was only built tested.
> 
> [Potential impact]
> nftables users would be affected.
> 
> Pablo Neira Ayuso (1):
>    netfilter: nf_tables: skip set commit for deleted/destroyed sets
> 
>   net/netfilter/nf_tables_api.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 

applied to oem-6.1-prep, thanks