Message ID | 20240315203454.47348-1-bethany.jamison@canonical.com |
---|---|
Headers | show |
Series | CVE-2024-26581 | expand |
On 3/15/24 23:34, Bethany Jamison wrote: > [Impact] > > In the Linux kernel, the following vulnerability has been resolved: > netfilter: nft_set_rbtree: skip end interval element from gc rbtree lazy gc > on insert might collect an end interval element that has been just added in > this transactions, skip end interval elements that are not yet active. > > [Fix] > > Mantic: Clean cherry-pick. > Jammy: Mantic patch applied cleanly. > Focal: Fix and prereq commits cherry-picked cleanly. > > [Test Case] > > Compile and boot tested. > > [Where problems could occur] > > This affects many users as netfilter is widely used, but the risk of > regression is low as the fix is simple. > > Pablo Neira Ayuso (1): > netfilter: nft_set_rbtree: skip end interval element from gc Acked-by: Cengiz Can <cengiz.can@canonical.com> > > net/netfilter/nft_set_rbtree.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) >
On Fri, 2024-03-15 at 15:34 -0500, Bethany Jamison wrote: > [Impact] > > In the Linux kernel, the following vulnerability has been resolved: > netfilter: nft_set_rbtree: skip end interval element from gc rbtree > lazy gc > on insert might collect an end interval element that has been just > added in > this transactions, skip end interval elements that are not yet > active. > > [Fix] > > Mantic: Clean cherry-pick. > Jammy: Mantic patch applied cleanly. > Focal: Fix and prereq commits cherry-picked cleanly. > > [Test Case] > > Compile and boot tested. > > [Where problems could occur] > > This affects many users as netfilter is widely used, but the risk of > regression is low as the fix is simple. > > Pablo Neira Ayuso (1): > netfilter: nft_set_rbtree: skip end interval element from gc > > net/netfilter/nft_set_rbtree.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > -- > 2.34.1 > >
On 15/03/2024 21:34, Bethany Jamison wrote: > [Impact] > > In the Linux kernel, the following vulnerability has been resolved: > netfilter: nft_set_rbtree: skip end interval element from gc rbtree lazy gc > on insert might collect an end interval element that has been just added in > this transactions, skip end interval elements that are not yet active. > > [Fix] > > Mantic: Clean cherry-pick. > Jammy: Mantic patch applied cleanly. > Focal: Fix and prereq commits cherry-picked cleanly. > > [Test Case] > > Compile and boot tested. > > [Where problems could occur] > > This affects many users as netfilter is widely used, but the risk of > regression is low as the fix is simple. > > Pablo Neira Ayuso (1): > netfilter: nft_set_rbtree: skip end interval element from gc > > net/netfilter/nft_set_rbtree.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > Applied to mantic, jammy, focal master-next branches. Thanks!