Message ID | 20231002111431.455282-1-cascardo@canonical.com |
---|---|
Headers | show |
Series | CVE-2023-4244 follow up | expand |
On 02/10/2023 13:14, Thadeu Lima de Souza Cascardo wrote: > [Impact] > The nftables GC can end up collecting released objects. That is still true > for the nft_set_rbtree module. This could potentially lead to a local > unprivileged user being able to escalate privileges. > > [Potential regression] > nftables users can be affected. > > Pablo Neira Ayuso (1): > netfilter: nft_set_rbtree: skip sync GC for new elements in this > transaction > > net/netfilter/nft_set_rbtree.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
On 02/10/2023 14:14, Thadeu Lima de Souza Cascardo wrote: > [Impact] > The nftables GC can end up collecting released objects. That is still true > for the nft_set_rbtree module. This could potentially lead to a local > unprivileged user being able to escalate privileges. > > [Potential regression] > nftables users can be affected. > > Pablo Neira Ayuso (1): > netfilter: nft_set_rbtree: skip sync GC for new elements in this > transaction Acked-by: Cengiz Can <cengiz.can@canonical.com> > > net/netfilter/nft_set_rbtree.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) >
On 02/10/2023 13:14, Thadeu Lima de Souza Cascardo wrote: > [Impact] > The nftables GC can end up collecting released objects. That is still true > for the nft_set_rbtree module. This could potentially lead to a local > unprivileged user being able to escalate privileges. > > [Potential regression] > nftables users can be affected. > > Pablo Neira Ayuso (1): > netfilter: nft_set_rbtree: skip sync GC for new elements in this > transaction > > net/netfilter/nft_set_rbtree.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > Applied to lunar,jammy:master-next. Thanks! Roxana