| Message ID | 20230927113253.15134-1-magali.lemes@canonical.com |
|---|---|
| Headers | show |
| Series | CVE-2023-42753 | expand |
On 9/27/23 5:32 AM, Magali Lemes wrote: > [Impact] > An array indexing vulnerability was found in the netfilter subsystem of the > Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` > array offset, providing attackers with the primitive to arbitrarily > increment/decrement a memory buffer out-of-bound. This issue may allow a local > user to crash the system or potentially escalate their privileges on the > system. > > [Backport] > Clean cherry-pick. > > [Test] > Compile and boot tested. > > [Regression potential] > Netfilter's ipset would be affected. > > Kyle Zeng (1): > netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for > ip_set_hash_netportnet.c > > net/netfilter/ipset/ip_set_hash_netportnet.c | 1 + > 1 file changed, 1 insertion(+) > Acked-by: Tim Gardner <tim.gardner@canonical.com>
On 27/09/2023 13:32, Magali Lemes wrote: > [Impact] > An array indexing vulnerability was found in the netfilter subsystem of the > Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` > array offset, providing attackers with the primitive to arbitrarily > increment/decrement a memory buffer out-of-bound. This issue may allow a local > user to crash the system or potentially escalate their privileges on the > system. > > [Backport] > Clean cherry-pick. > > [Test] > Compile and boot tested. > > [Regression potential] > Netfilter's ipset would be affected. > > Kyle Zeng (1): > netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for > ip_set_hash_netportnet.c > > net/netfilter/ipset/ip_set_hash_netportnet.c | 1 + > 1 file changed, 1 insertion(+) > Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
On 27/09/2023 13:32, Magali Lemes wrote: > [Impact] > An array indexing vulnerability was found in the netfilter subsystem of the > Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` > array offset, providing attackers with the primitive to arbitrarily > increment/decrement a memory buffer out-of-bound. This issue may allow a local > user to crash the system or potentially escalate their privileges on the > system. > > [Backport] > Clean cherry-pick. > > [Test] > Compile and boot tested. > > [Regression potential] > Netfilter's ipset would be affected. > > Kyle Zeng (1): > netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for > ip_set_hash_netportnet.c > > net/netfilter/ipset/ip_set_hash_netportnet.c | 1 + > 1 file changed, 1 insertion(+) > Applied to focal,jammy,lunar:master-next. Thanks! Roxana
[Impact] An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system. [Backport] Clean cherry-pick. [Test] Compile and boot tested. [Regression potential] Netfilter's ipset would be affected. Kyle Zeng (1): netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c net/netfilter/ipset/ip_set_hash_netportnet.c | 1 + 1 file changed, 1 insertion(+)