[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE-2023-6817: Linux kernel: use-after-free in nf_tables
From: Dominique Martinet <asmadeus () codewreck ! org>
Date: 2023-12-22 21:44:25
Message-ID: ZYYDOSmzhWZu8OxS () codewreck ! org
[Download RAW message or body]
Xingyuan Mo wrote on Fri, Dec 22, 2023 at 10:16:24AM +0800:
> I found a use-after-free vulnerability in the implementation of pipapo set
> in Linux kernel nf_tables, which can lead to DoS or local privilege
> escalation, with CAP_NET_ADMIN capability required. The bug is fixed in
> v6.7-rc5 kernel and the patch is:
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=317eb9685095678f2c9f5a8189de698c5354316a
>
For anyone who'd do the same thing:
- that commit marks Fixes 3c4287f62044 which was introduced in 5.6
- it's already been backported to stable tree (5.10.204, 5.15.143,
6.1.68 and 6.6.7)
Thanks,
--
Dominique
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic