Ubuntu
linux package

nft allows references to objects on different tables

Bug #1983154 reported by Thadeu Lima de Souza Cascardo on 2022-07-29

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	New	Undecided	Unassigned

Bug Description

[Impact]
When adding objects/sets/elements on the same nftables netlink batch, there can be cross-table references. When a table is deleted, references to freed objects may be left, leading to use-after-free vulnerabilities.

CVE References

2022-2586

Thadeu Lima de Souza Cascardo (cascardo) on 2022-07-29

information type:

Public → Private Security

Revision history for this message

Seth Arnold (seth-arnold) wrote on 2022-07-29:

Please use CVE-2022-2586 for this issue.

Seth Arnold (seth-arnold) on 2024-01-16

information type:

Private Security → Public Security

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package