cls_flower: off-by-one in fl_set_geneve_opt
Bug #2023577 reported by
Thadeu Lima de Souza Cascardo
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Incomplete
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
High
|
Thadeu Lima de Souza Cascardo | ||
Jammy |
Fix Released
|
High
|
Thadeu Lima de Souza Cascardo | ||
Kinetic |
Fix Released
|
High
|
Thadeu Lima de Souza Cascardo | ||
Lunar |
Fix Released
|
High
|
Thadeu Lima de Souza Cascardo |
Bug Description
[Impact]
An unprivileged user may cause an out-of-bounds write by setting up geneve options on the flower classifier.
[Test case]
https:/
[Potential regression]
Users setting up geneve options on the flower tc classifier can be affected.
CVE References
Changed in linux (Ubuntu Lunar): | |
assignee: | nobody → Thadeu Lima de Souza Cascardo (cascardo) |
importance: | Undecided → High |
Changed in linux (Ubuntu Kinetic): | |
assignee: | nobody → Thadeu Lima de Souza Cascardo (cascardo) |
importance: | Undecided → High |
Changed in linux (Ubuntu Jammy): | |
assignee: | nobody → Thadeu Lima de Souza Cascardo (cascardo) |
importance: | Undecided → High |
Changed in linux (Ubuntu Focal): | |
importance: | Undecided → High |
assignee: | nobody → Thadeu Lima de Souza Cascardo (cascardo) |
Changed in linux (Ubuntu Lunar): | |
status: | Incomplete → Fix Committed |
Changed in linux (Ubuntu Kinetic): | |
status: | Incomplete → Fix Committed |
Changed in linux (Ubuntu Jammy): | |
status: | Incomplete → Fix Committed |
Changed in linux (Ubuntu Focal): | |
status: | Incomplete → Fix Committed |
tags: |
added: verification-done-lunar removed: verification-needed-lunar |
tags: | added: verification-done-kinetic |
tags: |
added: verification-done-jammy removed: verification-needed-jammy |
tags: |
added: verification-done-focal removed: verification-needed-focal |
tags: |
added: verification-done-jammy removed: verification-needed-jammy |
To post a comment you must log in.
This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:
apport-collect 2023577
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.