blob: f4e2ab8262bc53aea79f276ceea0d3877c786e92 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
Description: nf_tables UAF when using nft_chain_lookup_byid
References:
https://www.openwall.com/lists/oss-security/2023/07/05/2
https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/
https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git/commit/?id=515ad530795c118f012539ed76d02bacfd426d89
https://www.zerodayinitiative.com/advisories/ZDI-23-899/
Notes:
carnil> Issue introduced with 837830a4b439 ("netfilter: nf_tables: add
carnil> NFTA_RULE_CHAIN_ID attribute") in 5.9-rc1.
carnil> For 6.4.y fixed as well in 6.4.4.
Bugs:
upstream: released (6.5-rc2) [515ad530795c118f012539ed76d02bacfd426d89]
6.1-upstream-stable: released (6.1.39) [fc95c8b02c6160936f1f3d8d9d7f4f66f3c84b49]
5.10-upstream-stable: released (5.10.188) [4ae2e501331aaa506eaf760339bb2f43e5769395]
4.19-upstream-stable: N/A "Vulnerable code not present"
sid: released (6.4.4-1)
6.1-bookworm-security: released (6.1.38-1) [bugfix/all/netfilter-nf_tables-do-not-ignore-genmask-when-looki.patch]
5.10-bullseye-security: released (5.10.179-2) [bugfix/all/netfilter-nf_tables-do-not-ignore-genmask-when-looki.patch]
4.19-buster-security: N/A "Vulnerable code not present"
|
