blob: 0fa15bea9491a30e5d16bdf1b545d7b91f0ab562 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
Description: netfilter: nf_tables: skip set commit for deleted/destroyed sets
References:
https://bugzilla.redhat.com/show_bug.cgi?id=2255653
https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git/commit/?id=7315dc1e122c85ffdfc8defffbb8f8b616c2eb1a
Notes:
carnil> Commit fixes 5f68718b34a5 ("netfilter: nf_tables: GC
carnil> transaction API to avoid race with control plane") in 6.5-rc6
carnil> (and got backported to 5.10.198, 6.1.56, 6.4.11). This was part
carnil> of the fix for CVE-2023-4244 and backported as well in Debian.
carnil> Fixed in 6.6.10 for 6.6.y.
Bugs:
upstream: released (6.7) [7315dc1e122c85ffdfc8defffbb8f8b616c2eb1a]
6.1-upstream-stable: released (6.1.71) [0105571f80edb96f81bb4bbdd5233a9130dc345b]
5.10-upstream-stable: released (5.10.206) [73117ea03363d4493bd4e9f82f29b34b92d88a91]
4.19-upstream-stable: N/A "Vulnerable code not present"
sid: released (6.6.11-1)
6.1-bookworm-security: released (6.1.69-1) [bugfix/all/netfilter-nf_tables-skip-set-commit-for-deleted-dest.patch]
5.10-bullseye-security: released (5.10.205-1) [bugfix/all/netfilter-nf_tables-skip-set-commit-for-deleted-dest.patch]
4.19-buster-security: N/A "Vulnerable code not present in a Debian released version"
|
