mbox series

[SRU,M/J,0/1,F,0/2] CVE-2024-26581

Message ID 20240315203454.47348-1-bethany.jamison@canonical.com
Headers show
Series CVE-2024-26581 | expand

Message

Bethany Jamison March 15, 2024, 8:34 p.m. UTC 
[Impact]

In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_rbtree: skip end interval element from gc rbtree lazy gc
on insert might collect an end interval element that has been just added in
this transactions, skip end interval elements that are not yet active.

[Fix]

Mantic: Clean cherry-pick.
Jammy: Mantic patch applied cleanly.
Focal: Fix and prereq commits cherry-picked cleanly.

[Test Case]

Compile and boot tested.

[Where problems could occur]

This affects many users as netfilter is widely used, but the risk of
regression is low as the fix is simple.

Pablo Neira Ayuso (1):
  netfilter: nft_set_rbtree: skip end interval element from gc

 net/netfilter/nft_set_rbtree.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

Comments

Cengiz Can March 18, 2024, 1:26 p.m. UTC | #1 
On 3/15/24 23:34, Bethany Jamison wrote:
> [Impact]
> 
> In the Linux kernel, the following vulnerability has been resolved:
> netfilter: nft_set_rbtree: skip end interval element from gc rbtree lazy gc
> on insert might collect an end interval element that has been just added in
> this transactions, skip end interval elements that are not yet active.
> 
> [Fix]
> 
> Mantic: Clean cherry-pick.
> Jammy: Mantic patch applied cleanly.
> Focal: Fix and prereq commits cherry-picked cleanly.
> 
> [Test Case]
> 
> Compile and boot tested.
> 
> [Where problems could occur]
> 
> This affects many users as netfilter is widely used, but the risk of
> regression is low as the fix is simple.
> 
> Pablo Neira Ayuso (1):
>    netfilter: nft_set_rbtree: skip end interval element from gc

Acked-by: Cengiz Can <cengiz.can@canonical.com>

> 
>   net/netfilter/nft_set_rbtree.c | 6 +++---
>   1 file changed, 3 insertions(+), 3 deletions(-)
>
Philip Cox March 18, 2024, 5:18 p.m. UTC | #2 
On Fri, 2024-03-15 at 15:34 -0500, Bethany Jamison wrote:
> [Impact]
> 
> In the Linux kernel, the following vulnerability has been resolved:
> netfilter: nft_set_rbtree: skip end interval element from gc rbtree
> lazy gc
> on insert might collect an end interval element that has been just
> added in
> this transactions, skip end interval elements that are not yet
> active.
> 
> [Fix]
> 
> Mantic: Clean cherry-pick.
> Jammy: Mantic patch applied cleanly.
> Focal: Fix and prereq commits cherry-picked cleanly.
> 
> [Test Case]
> 
> Compile and boot tested.
> 
> [Where problems could occur]
> 
> This affects many users as netfilter is widely used, but the risk of
> regression is low as the fix is simple.
> 
> Pablo Neira Ayuso (1):
>   netfilter: nft_set_rbtree: skip end interval element from gc
> 
>  net/netfilter/nft_set_rbtree.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> -- 
> 2.34.1
> 
>
Roxana Nicolescu March 22, 2024, 3:09 p.m. UTC | #3 
On 15/03/2024 21:34, Bethany Jamison wrote:
> [Impact]
>
> In the Linux kernel, the following vulnerability has been resolved:
> netfilter: nft_set_rbtree: skip end interval element from gc rbtree lazy gc
> on insert might collect an end interval element that has been just added in
> this transactions, skip end interval elements that are not yet active.
>
> [Fix]
>
> Mantic: Clean cherry-pick.
> Jammy: Mantic patch applied cleanly.
> Focal: Fix and prereq commits cherry-picked cleanly.
>
> [Test Case]
>
> Compile and boot tested.
>
> [Where problems could occur]
>
> This affects many users as netfilter is widely used, but the risk of
> regression is low as the fix is simple.
>
> Pablo Neira Ayuso (1):
>    netfilter: nft_set_rbtree: skip end interval element from gc
>
>   net/netfilter/nft_set_rbtree.c | 6 +++---
>   1 file changed, 3 insertions(+), 3 deletions(-)
>
Applied to mantic, jammy, focal master-next branches. Thanks!