mbox series

[SRU,J/L/M,0/1] CVE-2023-6622

Message ID 20240104233752.57535-1-yuxuan.luo@canonical.com
Headers show
Series CVE-2023-6622 | expand

Message

Yuxuan Luo Jan. 4, 2024, 11:37 p.m. UTC 
[Impact]
A null pointer dereference vulnerability was found in nft_dynset_init() in
net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. This issue may
allow a local attacker with CAP_NET_ADMIN user privilege to trigger a
denial of service.

[Backport]
Clean cherry pick.

[Test]
Compile and boot tested.

[Potential Regression]
Expect minimal regression potential.

Pablo Neira Ayuso (1):
  netfilter: nf_tables: bail out on mismatching dynset and set
    expressions

 net/netfilter/nft_dynset.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

Comments

Roxana Nicolescu Jan. 5, 2024, 8:50 a.m. UTC | #1 
On 05/01/2024 00:37, Yuxuan Luo wrote:
> [Impact]
> A null pointer dereference vulnerability was found in nft_dynset_init() in
> net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. This issue may
> allow a local attacker with CAP_NET_ADMIN user privilege to trigger a
> denial of service.
>
> [Backport]
> Clean cherry pick.
>
> [Test]
> Compile and boot tested.
>
> [Potential Regression]
> Expect minimal regression potential.
>
> Pablo Neira Ayuso (1):
>    netfilter: nf_tables: bail out on mismatching dynset and set
>      expressions
>
>   net/netfilter/nft_dynset.c | 13 +++++++++----
>   1 file changed, 9 insertions(+), 4 deletions(-)
>
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
Manuel Diewald Jan. 5, 2024, 9:44 a.m. UTC | #2 
On Thu, Jan 04, 2024 at 06:37:51PM -0500, Yuxuan Luo wrote:
> [Impact]
> A null pointer dereference vulnerability was found in nft_dynset_init() in
> net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. This issue may
> allow a local attacker with CAP_NET_ADMIN user privilege to trigger a
> denial of service.
> 
> [Backport]
> Clean cherry pick.
> 
> [Test]
> Compile and boot tested.
> 
> [Potential Regression]
> Expect minimal regression potential.
> 
> Pablo Neira Ayuso (1):
>   netfilter: nf_tables: bail out on mismatching dynset and set
>     expressions
> 
>  net/netfilter/nft_dynset.c | 13 +++++++++----
>  1 file changed, 9 insertions(+), 4 deletions(-)
> 
> -- 
> 2.34.1
> 
> 
> -- 
> kernel-team mailing list
> kernel-team@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

Acked-by: Manuel Diewald <manuel.diewald@canonical.com>
Roxana Nicolescu Jan. 5, 2024, 10:55 a.m. UTC | #3 
On 05/01/2024 00:37, Yuxuan Luo wrote:
> [Impact]
> A null pointer dereference vulnerability was found in nft_dynset_init() in
> net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. This issue may
> allow a local attacker with CAP_NET_ADMIN user privilege to trigger a
> denial of service.
>
> [Backport]
> Clean cherry pick.
>
> [Test]
> Compile and boot tested.
>
> [Potential Regression]
> Expect minimal regression potential.
>
> Pablo Neira Ayuso (1):
>    netfilter: nf_tables: bail out on mismatching dynset and set
>      expressions
>
>   net/netfilter/nft_dynset.c | 13 +++++++++----
>   1 file changed, 9 insertions(+), 4 deletions(-)
>
Applied to mantic, lunar, jammy master-next branches. Thanks!