FS#75226 - [linux linux-lts linux-hardened linux-zen] Potential LPE due to heap overflow in nft_set_elem_init()
Attached to Project:
Arch Linux
Opened by Pascal Ernster (hardfalcon) - Sunday, 03 July 2022, 20:04 GMT
Last edited by Andreas Radke (AndyRTR) - Saturday, 20 August 2022, 07:46 GMT
Opened by Pascal Ernster (hardfalcon) - Sunday, 03 July 2022, 20:04 GMT
Last edited by Andreas Radke (AndyRTR) - Saturday, 20 August 2022, 07:46 GMT
|
Details
The Linux kernel since at least version 5.8 is reported to
be vulnerable to an LPE vulnerability due to a heap overflow
in the nft_set_elem_init() function in
/net/netfilter/nf_tables_api.c:
cd9428b6-7ffb-dd22-d949-d86f4869f452@randorisec.fr/T/"> https://lore.kernel.org/netfilter-devel/cd9428b6-7ffb-dd22-d949-d86f4869f452@randorisec.fr/T/ Here's the relevant thread on the netdev list: https://lists.openwall.net/netdev/2022/07/02/86 And here's the patchset that will hopefully fix the issue: https://lists.openwall.net/netdev/2022/07/02/116 20220702191029.238563-1-pablo@netfilter.org/"> https://patchwork.ozlabs.org/project/netfilter-devel/patch/20220702191029.238563-1-pablo@netfilter.org/ 20220702191029.238563-2-pablo@netfilter.org/"> https://patchwork.ozlabs.org/project/netfilter-devel/patch/20220702191029.238563-2-pablo@netfilter.org/ 20220702191029.238563-3-pablo@netfilter.org/"> https://patchwork.ozlabs.org/project/netfilter-devel/patch/20220702191029.238563-3-pablo@netfilter.org/ A CVE has been requested but not assigned yet AFAICT. |
This task depends upon
https://lore.kernel.org/netfilter-devel/cd9428b6-7ffb-dd22-d949-d86f4869f452%40randorisec.fr/T/
https://lists.openwall.net/netdev/2022/07/02/86
https://lists.openwall.net/netdev/2022/07/02/116
https://patchwork.ozlabs.org/project/netfilter-devel/patch/20220702191029.238563-1-pablo%40netfilter.org/
https://patchwork.ozlabs.org/project/netfilter-devel/patch/20220702191029.238563-2-pablo%40netfilter.org/
https://patchwork.ozlabs.org/project/netfilter-devel/patch/20220702191029.238563-3-pablo%40netfilter.org/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34918
https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.18/netfilter-nft_set_pipapo-release-elements-in-clone-from-abort-path.patch
https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.18/netfilter-nf_tables-stricter-validation-of-element-data.patch
and 5.15.54:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.15/netfilter-nft_set_pipapo-release-elements-in-clone-from-abort-path.patch
https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.15/netfilter-nf_tables-stricter-validation-of-element-data.patch