netfilter newset OOB write
Bug #1976363 reported by
Thadeu Lima de Souza Cascardo
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
An unprivileged user could write out-of-bounds by using nftables under a network namespace.
[Test case]
Test the PoC available at https:/
[Potential regression]
nftables could be affected.
CVE References
summary: |
- upcoming update - nf oob + netfilter newset OOB write |
To post a comment you must log in.
This bug was fixed in the package linux - 5.15.0-37.39
---------------
linux (5.15.0-37.39) jammy; urgency=medium
* netfilter newset OOB write (LP: #1976363) desc_concat_ parse()
- netfilter: nf_tables: sanitize nft_set_
* CVE-2022-1966
- netfilter: nf_tables: disallow non-stateful expression in sets earlier
-- Thadeu Lima de Souza Cascardo <email address hidden> Wed, 01 Jun 2022 14:49:43 -0300