netfilter: x_tables: fix compat match/target pad out-of-bound write

Bug #1927682 reported by Khaled El Mously
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Focal
Medium
Unassigned
Groovy
Medium
Unassigned
Hirsute
Medium
Unassigned
linux-5.4 (Ubuntu)
Undecided
Unassigned
Bionic
Undecided
Unassigned

Bug Description

This issue:

https://github.com/torvalds/linux/commit/b29c457a6511435960115c0f548c4360d5f4801d

[Impact]
Data corruption and/or leak.

[Fix]
Zero out entire data structure beforehand

[Test]
Boot-test only so far.

[Regression Potential]
Possible effect on iptables/nftables. Though considered minimal risk as the patch has only a very localized effect and is accepted upstream in v5.12

description: updated
no longer affects: kernel-sru-workflow
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1927682

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Changed in linux (Ubuntu Bionic):
status: New → Incomplete
Changed in linux (Ubuntu Focal):
status: New → Incomplete
Changed in linux (Ubuntu Groovy):
status: New → Incomplete
Changed in linux (Ubuntu Hirsute):
status: New → Incomplete
Stefan Bader (smb)
Changed in linux (Ubuntu Hirsute):
importance: Undecided → Medium
status: Incomplete → In Progress
Changed in linux (Ubuntu Groovy):
importance: Undecided → Medium
status: Incomplete → In Progress
Changed in linux (Ubuntu Focal):
importance: Undecided → Medium
status: Incomplete → In Progress
Changed in linux (Ubuntu Bionic):
importance: Undecided → Medium
status: Incomplete → In Progress
Stefan Bader (smb)
Changed in linux (Ubuntu Hirsute):
status: In Progress → Invalid
Changed in linux (Ubuntu Groovy):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Focal):
status: In Progress → Fix Committed
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-groovy' to 'verification-done-groovy'. If the problem still exists, change the tag 'verification-needed-groovy' to 'verification-failed-groovy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-groovy
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (51.1 KiB)

This bug was fixed in the package linux - 5.8.0-55.62

---------------
linux (5.8.0-55.62) groovy; urgency=medium

  * groovy/linux: 5.8.0-55.62 -proposed tracker (LP: #1930379)

  * [Potential Regression] Unable to create KVM with uvtool on Groovy ARM64
    (LP: #1929925)
    - SAUCE: KVM: arm64: Assign kvm_ipa_limit

linux (5.8.0-54.61) groovy; urgency=medium

  * groovy/linux: 5.8.0-54.61 -proposed tracker (LP: #1927592)

  * Introduce the 465 driver series, fabric-manager, and libnvidia-nscq
    (LP: #1925522)
    - debian/dkms-versions -- add NVIDIA 465 and migrate 450 to 460

  * linux-image-5.0.0-35-generic breaks checkpointing of container
    (LP: #1857257)
    - SAUCE: overlayfs: fix incorrect mnt_id of files opened from map_files

  * netfilter: x_tables: fix compat match/target pad out-of-bound write
    (LP: #1927682)
    - netfilter: x_tables: fix compat match/target pad out-of-bound write

  * Groovy update: upstream stable patchset 2021-05-04 (LP: #1927150)
    - mt76: fix tx skb error handling in mt76_dma_tx_queue_skb
    - net: fec: ptp: avoid register access when ipg clock is disabled
    - powerpc/4xx: Fix build errors from mfdcr()
    - atm: eni: dont release is never initialized
    - atm: lanai: dont run lanai_dev_close if not open
    - Revert "r8152: adjust the settings about MAC clock speed down for RTL8153"
    - ALSA: hda: ignore invalid NHLT table
    - ixgbe: Fix memleak in ixgbe_configure_clsu32
    - scsi: ufs: ufs-qcom: Disable interrupt in reset path
    - blk-cgroup: Fix the recursive blkg rwstat
    - net: tehuti: fix error return code in bdx_probe()
    - net: intel: iavf: fix error return code of iavf_init_get_resources()
    - sun/niu: fix wrong RXMAC_BC_FRM_CNT_COUNT count
    - cifs: ask for more credit on async read/write code paths
    - gfs2: fix use-after-free in trans_drain
    - cpufreq: blacklist Arm Vexpress platforms in cpufreq-dt-platdev
    - gpiolib: acpi: Add missing IRQF_ONESHOT
    - nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default
    - NFS: Correct size calculation for create reply length
    - net: hisilicon: hns: fix error return code of hns_nic_clear_all_rx_fetch()
    - net: wan: fix error return code of uhdlc_init()
    - net: davicom: Use platform_get_irq_optional()
    - net: enetc: set MAC RX FIFO to recommended value
    - atm: uPD98402: fix incorrect allocation
    - atm: idt77252: fix null-ptr-dereference
    - cifs: change noisy error message to FYI
    - irqchip/ingenic: Add support for the JZ4760
    - kbuild: add image_name to no-sync-config-targets
    - kbuild: dummy-tools: fix inverted tests for gcc
    - umem: fix error return code in mm_pci_probe()
    - sparc64: Fix opcode filtering in handling of no fault loads
    - habanalabs: Call put_pid() when releasing control device
    - staging: rtl8192e: fix kconfig dependency on CRYPTO
    - u64_stats,lockdep: Fix u64_stats_init() vs lockdep
    - regulator: qcom-rpmh: Correct the pmic5_hfsmps515 buck
    - block: Fix REQ_OP_ZONE_RESET_ALL handling
    - drm/amd/display: Revert dram_clock_change_latency for DCN2.1
    - drm/amdgpu: fb BO should be ttm_bo_type_device
    - drm/radeon: fix AGP dependency
    - nvme: add NVM...

Changed in linux (Ubuntu Groovy):
status: Fix Committed → Fix Released
no longer affects: linux-5.4 (Ubuntu Focal)
no longer affects: linux-5.4 (Ubuntu Groovy)
no longer affects: linux-5.4 (Ubuntu Hirsute)
Changed in linux-5.4 (Ubuntu Bionic):
status: New → Fix Released
no longer affects: linux (Ubuntu Bionic)
Changed in linux (Ubuntu Focal):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers