summaryrefslogtreecommitdiffstats
path: root/active/CVE-2023-4244
blob: 2e8982bd9e628e6b312dfa98f3aca79a15859265 (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

Description: Use-after-free in nft_verdict_dump due to a race between set GC and transaction
References:
 https://kernel.dance/3e91b0ebd994635df2346353322ac51ce84ce6d8
 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e91b0ebd994635df2346353322ac51ce84ce6d8
 https://bugzilla.redhat.com/show_bug.cgi?id=2235306
 https://lore.kernel.org/netdev/20230810070830.24064-1-pablo@netfilter.org/
 https://lore.kernel.org/netdev/20230815223011.7019-1-fw@strlen.de/
Notes:
 carnil> Fixed as well in 6.4.12 for 6.4.y. Needs closer verification
 carnil> which commits are actually needed to fix the issue in stable
 carnil> series.
 carnil> As per 2023-08-30 23185c6aed1f ("netfilter: nft_dynset:
 carnil> disallow object maps") has been backported to all relevant
 carnil> stable series, in particular 4.19.293, 5.10.192, 6.1.47,
 carnil> 6.4.12.
Bugs:
upstream: released (6.5-rc6) [24138933b97b055d486e8064b4a1721702442a9b, 5f68718b34a531a556f2f50300ead2862278da26, f6c383b8c31a93752a52697f8430a71dcbc46adf, c92db3030492b8ad1d0faace7a93bbcf53850d0c, a2dd0233cbc4d8a0abb5f64487487ffc9265beb5], released (6.5-rc7) [6a33d8b73dfac0a41f3877894b38082bd0c9a5bc, 02c6c24402bf1c1e986899c14ba22a10b510916b, 23185c6aed1ffb8fc44087880ba2767aba493779]
6.1-upstream-stable: released (6.1.47) [7148bca63b212fc8e5c2e8374e14cd62b1c8441c], released (6.1.56) [59dab3bf0b8fc08eb802721c0532f13dd89209b8, ea3eb9f2192e4fc33b795673e56c97a21987f868, df650d6a4bf47248261b61ef6b174d7c54034d15, 4ead4f74b3a9162b205f702d72d4a3421356dbc1, 0b9af4860a61f55cf716267b5ae5df34aacc4b39, 41113aa5698ad7a82635bcb747d483e4458d518d, afa584c35065051a11ae3ea3cc105b634053fcd8]
5.10-upstream-stable: released (5.10.192) [a7653eaea0a59a6993c62d3653af5c880ce28533], released (5.10.198) [b15ea4017af82011dd55225ce77cce3d4dfc169c, 448be0774882f95a74fa5eb7519761152add601b, 146c76866795553dbc19998f36718d7986ad302b, 77046cb00850e35ba935944b5100996b2ce34bba, 911dd3cdf1083f4c2e7df72aaab486a1d6dbcc0a, 4046f2b56e5a7ba7e123ff961dd51187b8d59e78, dc0b1f019554e601f57e78d8f5c70e59d77e49a5]
4.19-upstream-stable: released (4.19.293) [255bb7fd670589c00cb2f8a1353b721306135ca3], needed
sid: released (6.4.13-1)
6.1-bookworm-security: released (6.1.55-1) [bugfix/all/netfilter-nf_tables-don-t-skip-expired-elements-duri.patch, bugfix/all/netfilter-nf_tables-gc-transaction-api-to-avoid-race.patch, bugfix/all/netfilter-nf_tables-adapt-set-backend-to-use-gc-tran.patch, bugfix/all/netfilter-nft_set_hash-mark-set-element-as-dead-when.patch, bugfix/all/netfilter-nf_tables-remove-busy-mark-and-gc-batch-ap.patch, bugfix/all/netfilter-nf_tables-fix-gc-transaction-races-with-ne.patch, bugfix/all/netfilter-nf_tables-gc-transaction-race-with-netns-d.patch]
5.10-bullseye-security: released (5.10.197-1) [bugfix/all/netfilter-nf_tables-don-t-skip-expired-elements-duri.patch, bugfix/all/netfilter-nf_tables-gc-transaction-api-to-avoid-race.patch, bugfix/all/netfilter-nf_tables-adapt-set-backend-to-use-gc-tran.patch, bugfix/all/netfilter-nft_set_hash-mark-set-element-as-dead-when.patch, bugfix/all/netfilter-nf_tables-remove-busy-mark-and-gc-batch-ap.patch, bugfix/all/netfilter-nf_tables-fix-gc-transaction-races-with-ne.patch, bugfix/all/netfilter-nf_tables-gc-transaction-race-with-netns-d.patch]
4.19-buster-security: released (4.19.304-1), needed

© 2014-2024 Faster IT GmbH | imprint | privacy policy