blob: e76858c1ded8dea3890573ae2bbd17f2df894d6c (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
Description: netfilter: nf_tables: sanitize nft_set_desc_concat_parse()
References:
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=fecf31ee395b0295f2d7260aa29946b7605f7c85
https://www.openwall.com/lists/oss-security/2022/06/02/1
https://bugzilla.redhat.com/show_bug.cgi?id=2096178
https://www.openwall.com/lists/oss-security/2022/08/06/6
https://randorisec.fr/yet-another-bug-netfilter/
https://github.com/randorisec/CVE-2022-1972-infoleak-PoC
Notes:
carnil> Commit fixes f3a2181e16f1 ("netfilter: nf_tables: Support for
carnil> sets with multiple ranged fields") in 5.6-rc1.
carnil> Fixed for 5.17.y in 5.17.13 and for 5.18.y in 5.18.2
Bugs:
upstream: released (5.19-rc1) [fecf31ee395b0295f2d7260aa29946b7605f7c85]
5.10-upstream-stable: released (5.10.120) [c0aff1faf66b6b7a19103f83e6a5d0fdc64b9048]
4.19-upstream-stable: N/A "Vulnerable code not present"
4.9-upstream-stable: N/A "Vulnerable code not present"
sid: released (5.18.2-1)
5.10-bullseye-security: released (5.10.120-1)
4.19-buster-security: N/A "Vulnerable code not present"
4.9-stretch-security: N/A "Vulnerable code not present"
|
