Description: netfilter: nf_tables: reject QUEUE/DROP verdict parameters
References:
 https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660
 https://pwning.tech/nftables/
 https://github.com/Notselwyn/CVE-2024-1086
Notes:
 carnil> Commit fixes e0abdadcc6e1 ("netfilter: nf_tables: accept
 carnil> QUEUE/DROP verdict parameters") 3.15-rc1.
 carnil> Fixed for 6.7.y in 6.7.3, for 6.6.y in 6.6.15.
Bugs:
upstream: released (6.8-rc2) [f342de4e2f33e0e39165d8639387aa6c19dff660]
6.1-upstream-stable: released (6.1.76) [8e34430e33b8a80bc014f3efe29cac76bc30a4b4]
5.10-upstream-stable: released (5.10.210) [55a60251fa50d4e68175e36666b536a602ce4f6c]
4.19-upstream-stable: released (4.19.307) [8365e9d92b85fda975a5ece7a3a139cb964018c8]
sid: released (6.6.15-1)
6.1-bookworm-security: released (6.1.76-1)
5.10-bullseye-security: released (5.10.209-2) [bugfix/all/netfilter-nf_tables-reject-QUEUE-DROP-verdict-parame.patch]
4.19-buster-security: pending (4.19.309-1)