Skip to content

[lts-8.6] netfilter: nft_set_pipapo: skip inactive elements during set walk #190

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 2, 2025
Merged

[lts-8.6] netfilter: nft_set_pipapo: skip inactive elements during set walk #190

merged 1 commit into from
Apr 2, 2025

Conversation

bmastbergen
Copy link
Collaborator

jira VULN-4132
cve CVE-2023-6817

commit-author Florian Westphal <fw@strlen.de>
commit 317eb9685095678f2c9f5a8189de698c5354316a
upstream-diff The change itself is the same as upstream, but there was
              a minor conflict in code surrounding the change because
              this kernel hasn't moved set element objects into the
              transaction yet.

Otherwise set elements can be deactivated twice which will cause a crash.

	Reported-by: Xingyuan Mo <hdthky0@gmail.com>
Fixes: 3c4287f62044 ("nf_tables: Add set type for arbitrary concatenation of ranges")
	Signed-off-by: Florian Westphal <fw@strlen.de>
	Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit 317eb9685095678f2c9f5a8189de698c5354316a)
	Signed-off-by: Brett Mastbergen <bmastbergen@ciq.com>

Build log

build.log

Testing

kselftests were run before and after applying the change

selftests-before.log

selftests-after.log

brett@lycia ~/ciq/vuln-4132 % grep ^ok selftests-before.log | wc -l
151
brett@lycia ~/ciq/vuln-4132 % grep ^ok selftests-after.log | wc -l
153
brett@lycia ~/ciq/vuln-4132 %

@bmastbergen
netfilter: nft_set_pipapo: skip inactive elements during set walk
6bcb124 
jira VULN-4132
cve CVE-2023-6817
commit-author Florian Westphal <fw@strlen.de>
commit 317eb96
upstream-diff The change itself is the same as upstream, but there was
              a minor conflict in code surrounding the change because
              this kernel hasn't moved set element objects into the
              transaction yet.

Otherwise set elements can be deactivated twice which will cause a crash.

	Reported-by: Xingyuan Mo <hdthky0@gmail.com>
Fixes: 3c4287f ("nf_tables: Add set type for arbitrary concatenation of ranges")
	Signed-off-by: Florian Westphal <fw@strlen.de>
	Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit 317eb96)
	Signed-off-by: Brett Mastbergen <bmastbergen@ciq.com>
thefossguy-ciq
thefossguy-ciq approved these changes Apr 2, 2025
View reviewed changes
Copy link

@thefossguy-ciq thefossguy-ciq left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚤

PlaidCat
PlaidCat approved these changes Apr 2, 2025
View reviewed changes
Copy link
Collaborator

@PlaidCat PlaidCat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

@bmastbergen bmastbergen merged commit 3a5abd2 into ciqlts8_6 Apr 2, 2025
2 checks passed
@bmastbergen bmastbergen deleted the bmastbergen_ciqlts8_6/VULN-4132 branch April 2, 2025 19:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@PlaidCat PlaidCat PlaidCat approved these changes

@jason-rodri jason-rodri jason-rodri approved these changes

@thefossguy-ciq thefossguy-ciq thefossguy-ciq approved these changes

@kerneltoast kerneltoast Awaiting requested review from kerneltoast

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@bmastbergen @PlaidCat @jason-rodri @thefossguy-ciq