From patchwork Thu Nov  7 18:31:26 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Massimiliano Pellizzer
 <massimiliano.pellizzer@canonical.com>
X-Patchwork-Id: 2008123
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com
 (client-ip=185.125.189.65; helo=lists.ubuntu.com;
 envelope-from=kernel-team-bounces@lists.ubuntu.com;
 receiver=patchwork.ozlabs.org)
Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65])
	(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4XkrJT4t4fz1xyd
	for <incoming@patchwork.ozlabs.org>; Fri,  8 Nov 2024 05:31:52 +1100 (AEDT)
Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com)
	by lists.ubuntu.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1t97IB-0002wX-Bh; Thu, 07 Nov 2024 18:31:39 +0000
Received: from smtp-relay-internal-0.internal ([10.131.114.225]
 helo=smtp-relay-internal-0.canonical.com)
 by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.86_2) (envelope-from <massimiliano.pellizzer@canonical.com>)
 id 1t97I9-0002wD-UV
 for kernel-team@lists.ubuntu.com; Thu, 07 Nov 2024 18:31:37 +0000
Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com
 [209.85.218.69])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
 (No client certificate requested)
 by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 95A663F1C0
 for <kernel-team@lists.ubuntu.com>; Thu,  7 Nov 2024 18:31:37 +0000 (UTC)
Received: by mail-ej1-f69.google.com with SMTP id
 a640c23a62f3a-a9a0d8baa2cso242537766b.0
 for <kernel-team@lists.ubuntu.com>; Thu, 07 Nov 2024 10:31:37 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1731004297; x=1731609097;
 h=content-transfer-encoding:mime-version:message-id:date:subject:to
 :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=rjAyY8UE0emMjsdpXWxzADSD2N4n+CNxk/2uWhKZd6c=;
 b=j66Jb2x98xSawK8Mvg2kx/ITzAGdDlQohqUHyStPTmnuz2BFvCrPKZjRqQ+tTHfcLe
 yJQW7um39Xsm8vIUCyJVcHQSZETa8t51Jje183aQ8ByBFsnN3b2DghEmVTc7drXB7Wez
 ZX+IpXVS6R1WY3s82zR00qPSDaDPHPcGGpQ7T2/pIvZbfZOD4paFYMS07cpI9PPxAtFT
 mf/gvXhrxoVto66YlLK1DS0XDmU539KLhHWihrRcQMlBixUTdhAlu+BUbb1x5NT55lYA
 A5XS5OpXIi05IJPBn9zKxDtfT7GpoiTjeJd5zjWHs/GmgW/vWHDASC6EAYSn8ReVw4lL
 vuKA==
X-Gm-Message-State: AOJu0YyXAYeIxq622Bg37vUNWi1FYn/Q4HYgfc5f7zElXdQtEH8FPT5Z
 879gBHqesyI/vcemQsMYh6zkY+9U2eP45ovbfuGXk2z94Wp9m1aw77Wr2rcpnVtsU7ehoxBH7I6
 RdpEr35CyBqPJVCMZxTJ4dR88u4UzY0yTI7XC5K7v37zs3U1t4v+4o8Q+jp8vvinEMPe1KdCSMR
 0ybOEab+WtBw==
X-Received: by 2002:a17:907:96a2:b0:a93:a664:a23f with SMTP id
 a640c23a62f3a-a9eec76cdc9mr55463166b.5.1731004296939;
 Thu, 07 Nov 2024 10:31:36 -0800 (PST)
X-Google-Smtp-Source: 
 AGHT+IG94geKSmam/Axh9NHbWz9SbQg4pE1uRr5IaDLmX9fuf5KYDQeAGiug2qK3NLBFbB6dwI5liA==
X-Received: by 2002:a17:907:96a2:b0:a93:a664:a23f with SMTP id
 a640c23a62f3a-a9eec76cdc9mr55460266b.5.1731004296536;
 Thu, 07 Nov 2024 10:31:36 -0800 (PST)
Received: from framework-canonical.station
 (net-93-66-99-170.cust.vodafonedsl.it. [93.66.99.170])
 by smtp.gmail.com with ESMTPSA id
 a640c23a62f3a-a9ee0e2f731sm129990866b.189.2024.11.07.10.31.35
 for <kernel-team@lists.ubuntu.com>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 07 Nov 2024 10:31:36 -0800 (PST)
From: Massimiliano Pellizzer <massimiliano.pellizzer@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][F][PATCH 0/2] CVE-2024-35896
Date: Thu,  7 Nov 2024 19:31:26 +0100
Message-ID: <20241107183128.59001-1-massimiliano.pellizzer@canonical.com>
X-Mailer: git-send-email 2.43.0
MIME-Version: 1.0
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

[Impact]

netfilter: validate user input for expected length

[Fix]

Noble:  Fixed
Jammy:  Fixed

Focal:
  Backported the fix commit (0f038242b77dd) from linux-5.10.y
  Cherry picked a follow-up of the fix commit (cf4bc359b7614) from
  linux-5.10.y

Bionic: Sent to ESM ML
Xenial: Sent to ESM ML

[Test Case]

Compile and boot tested.
Passed every test in the kselftest suite with target netfilter.

[Where problems could occur]

The fix affects the netfilter subsystem. A bug in the patch could
introduce issues during packet filtering, leading to mishandled packets
or memory access violation. Users may notice kernel warnings or system
crashes and they may experience network delays and dropped packets. 

Eric Dumazet (2):
  netfilter: validate user input for expected length
  netfilter: complete validation of user input

 net/bridge/netfilter/ebtables.c | 6 ++++++
 net/ipv4/netfilter/arp_tables.c | 8 ++++++++
 net/ipv4/netfilter/ip_tables.c  | 8 ++++++++
 net/ipv6/netfilter/ip6_tables.c | 8 ++++++++
 4 files changed, 30 insertions(+)