blob: e15b43dd60316a871b335c61eba1291854720ae2 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
Description: netfilter: nf_tables: stricter validation of element data
References:
https://www.openwall.com/lists/oss-security/2022/07/02/3
https://lore.kernel.org/netfilter-devel/cd9428b6-7ffb-dd22-d949-d86f4869f452@randorisec.fr/T/#u
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=7e6bc1f6cabcd30aba0b11219d8e01b952eacbb6
https://www.openwall.com/lists/oss-security/2022/07/03/4
https://www.randorisec.fr/crack-linux-firewall/
Notes:
carnil> Should be present since fdb9c405e35b ("netfilter: nf_tables:
carnil> allow up to 64 bytes in the set element data area") in 5.8-rc1.
carnil> Fixed as well in 5.18.11 for 5.18.y.
Bugs:
upstream: released (5.19-rc6) [7e6bc1f6cabcd30aba0b11219d8e01b952eacbb6]
5.10-upstream-stable: released (5.10.130) [0a5e36dbcb448a7a8ba63d1d4b6ade2c9d3cc8bf]
4.19-upstream-stable: N/A "Vulnerable code not present"
sid: released (5.18.14-1)
5.10-bullseye-security: released (5.10.127-2) [bugfix/all/netfilter-nf_tables-stricter-validation-of-element-d.patch]
4.19-buster-security: N/A "Vulnerable code not present"
|
