diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2023-09-14 22:20:23 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2023-09-14 22:20:23 +0200 |
commit | 3b6483bfbbe088e5d9a5991076a7b642d39ec4e4 (patch) | |
tree | 25e40aa7127154f8e1d40f4830937ed552cf8390 /active/CVE-2023-4244 | |
parent | 6c91c04ee46101d5b4fb2d32a6ec1065be4dafa3 (diff) |
Drop CVE-2023-4563 in favour of CVE-2023-4244
Diffstat (limited to 'active/CVE-2023-4244')
-rw-r--r-- | active/CVE-2023-4244 | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/active/CVE-2023-4244 b/active/CVE-2023-4244 new file mode 100644 index 000000000..e6c247699 --- /dev/null +++ b/active/CVE-2023-4244 @@ -0,0 +1,24 @@ +Description: Use-after-free in nft_verdict_dump due to a race between set GC and transaction +References: + https://kernel.dance/3e91b0ebd994635df2346353322ac51ce84ce6d8 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e91b0ebd994635df2346353322ac51ce84ce6d8 + https://bugzilla.redhat.com/show_bug.cgi?id=2235306 + https://lore.kernel.org/netdev/20230810070830.24064-1-pablo@netfilter.org/ + https://lore.kernel.org/netdev/20230815223011.7019-1-fw@strlen.de/ +Notes: + carnil> Fixed as well in 6.4.12 for 6.4.y. Needs closer verification + carnil> which commits are actually needed to fix the issue in stable + carnil> series. + carnil> As per 2023-08-30 23185c6aed1f ("netfilter: nft_dynset: + carnil> disallow object maps") has been backported to all relevant + carnil> stable series, in particular 4.19.293, 5.10.192, 6.1.47, + carnil> 6.4.12. +Bugs: +upstream: released (6.5-rc6) [24138933b97b055d486e8064b4a1721702442a9b, 5f68718b34a531a556f2f50300ead2862278da26, f6c383b8c31a93752a52697f8430a71dcbc46adf, c92db3030492b8ad1d0faace7a93bbcf53850d0c, a2dd0233cbc4d8a0abb5f64487487ffc9265beb5], released (6.5-rc7) [6a33d8b73dfac0a41f3877894b38082bd0c9a5bc, 02c6c24402bf1c1e986899c14ba22a10b510916b, 23185c6aed1ffb8fc44087880ba2767aba493779] +6.1-upstream-stable: +5.10-upstream-stable: +4.19-upstream-stable: +sid: released (6.4.13-1) +6.1-bookworm-security: +5.10-bullseye-security: +4.19-buster-security: |