[SRU,Jammy,Lunar,0/1] CVE-2023-4244 follow up

Message ID	20231002111431.455282-1-cascardo@canonical.com
Headers	show Return-Path: <kernel-team-bounces@lists.ubuntu.com> From: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> To: kernel-team@lists.ubuntu.com Subject: [SRU Jammy,Lunar 0/1] CVE-2023-4244 follow up Date: Mon, 2 Oct 2023 08:14:30 -0300 Message-Id: <20231002111431.455282-1-cascardo@canonical.com> MIME-Version: 1.0 Precedence: list Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>
Series	CVE-2023-4244 follow up \| expand [SRU,Jammy,Lunar,0/1] CVE-2023-4244 follow up [SRU,Jammy,Lunar,1/1] netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction

Message ID

20231002111431.455282-1-cascardo@canonical.com

Headers

From: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU Jammy,Lunar 0/1] CVE-2023-4244 follow up
Date: Mon,  2 Oct 2023 08:14:30 -0300
Message-Id: <20231002111431.455282-1-cascardo@canonical.com>
MIME-Version: 1.0
Precedence: list
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

Series

CVE-2023-4244 follow up | expand

Message

Thadeu Lima de Souza Cascardo Oct. 2, 2023, 11:14 a.m. UTC

[Impact]
The nftables GC can end up collecting released objects. That is still true
for the nft_set_rbtree module. This could potentially lead to a local
unprivileged user being able to escalate privileges.

[Potential regression]
nftables users can be affected.

Pablo Neira Ayuso (1):
  netfilter: nft_set_rbtree: skip sync GC for new elements in this
    transaction

 net/netfilter/nft_set_rbtree.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

Comments

Roxana Nicolescu Oct. 2, 2023, 11:18 a.m. UTC | #1

On 02/10/2023 13:14, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> The nftables GC can end up collecting released objects. That is still true
> for the nft_set_rbtree module. This could potentially lead to a local
> unprivileged user being able to escalate privileges.
>
> [Potential regression]
> nftables users can be affected.
>
> Pablo Neira Ayuso (1):
>    netfilter: nft_set_rbtree: skip sync GC for new elements in this
>      transaction
>
>   net/netfilter/nft_set_rbtree.c | 8 ++++++--
>   1 file changed, 6 insertions(+), 2 deletions(-)
>
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>

Cengiz Can Oct. 2, 2023, 11:28 a.m. UTC | #2

On 02/10/2023 14:14, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> The nftables GC can end up collecting released objects. That is still true
> for the nft_set_rbtree module. This could potentially lead to a local
> unprivileged user being able to escalate privileges.
>
> [Potential regression]
> nftables users can be affected.
>
> Pablo Neira Ayuso (1):
>    netfilter: nft_set_rbtree: skip sync GC for new elements in this
>      transaction
Acked-by: Cengiz Can <cengiz.can@canonical.com>
>
>   net/netfilter/nft_set_rbtree.c | 8 ++++++--
>   1 file changed, 6 insertions(+), 2 deletions(-)
>

Roxana Nicolescu Oct. 2, 2023, 1:22 p.m. UTC | #3

On 02/10/2023 13:14, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> The nftables GC can end up collecting released objects. That is still true
> for the nft_set_rbtree module. This could potentially lead to a local
> unprivileged user being able to escalate privileges.
>
> [Potential regression]
> nftables users can be affected.
>
> Pablo Neira Ayuso (1):
>    netfilter: nft_set_rbtree: skip sync GC for new elements in this
>      transaction
>
>   net/netfilter/nft_set_rbtree.c | 8 ++++++--
>   1 file changed, 6 insertions(+), 2 deletions(-)
>
Applied to lunar,jammy:master-next. Thanks!

Roxana