|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2024-0193: kernel: netfilter: use-after-free in nft_trans_gc_catchall_sync leads to privilege escalation | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | SMASH SMASH <smash_bz> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | andrea.mattiazzo, mkubecek, mpdesouza, pmladek |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/389846/ | ||
| Whiteboard: | CVSSv3.1:SUSE:CVE-2024-0193:7.0:(AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Bug Depends on: | |||
| Bug Blocks: | 1218496 | ||
|
Description
SMASH SMASH
2024-01-03 09:02:52 UTC
Michal, this seems to be in your area. The commit that introduces the problem is also present on some SLE15-SP4 and SLE15-SP5 codestreams. Aren't them affected? If not, we don't need to create any LP at this point. Michal could you check it? Thanks! (In reply to Marcos de Souza from comment #3) > The commit that introduces the problem is also present on some SLE15-SP4 and > SLE15-SP5 codestreams. Aren't them affected? If not, we don't need to create > any LP at this point. > > Michal could you check it? Thanks! Ping :) Yes, offending commit 5f68718b34a5 ("netfilter: nf_tables: GC transaction
API to avoid race with control plane") was backported to all 6.4 and 5.14
based branches so that a backport will be needed in SLE15-SP6 and
cve/linux-5.14.
(In reply to Michal Kubeček from comment #6) > Yes, offending commit 5f68718b34a5 ("netfilter: nf_tables: GC transaction > API to avoid race with control plane") was backported to all 6.4 and 5.14 > based branches so that a backport will be needed in SLE15-SP6 and > cve/linux-5.14. Correction: 5.14 based branches do not actually need the fix. While it fixes a regression introduced in 6.5-rc7 by commit 5f68718b34a5, this regression was in its part patching pipapo code introduced in 6.4-rc7 by commit 212ed75dc5fb which we did not backport into 5.14 based branches. Therefore only 6.4 based branches need this fix. (In reply to Michal Kubeček from comment #7) > (In reply to Michal Kubeček from comment #6) > > Yes, offending commit 5f68718b34a5 ("netfilter: nf_tables: GC transaction > > API to avoid race with control plane") was backported to all 6.4 and 5.14 > > based branches so that a backport will be needed in SLE15-SP6 and > > cve/linux-5.14. > > Correction: 5.14 based branches do not actually need the fix. While it fixes > a regression introduced in 6.5-rc7 by commit 5f68718b34a5, this regression > was in its part patching pipapo code introduced in 6.4-rc7 by commit > 212ed75dc5fb which we did not backport into 5.14 based branches. Therefore > only 6.4 based branches need this fix. Thanks for confirming Michal, so we don't need to create a livepatch in this case. introduced 5f68718b34a5 6.5-rc6 fixed 7315dc1e122c 6.7 Offending commit has been backported also to 5.14 based branches but they are not actually affected as the relevant code path is missing (see comment 8 for details). The fix has been submitted to the only relevant branch: SLE15-SP6 77cf7004de79 Reassigning back to security team. (In reply to Michal Kubeček from comment #9) > SLE15-SP6 77cf7004de79 Resubmitted, I didn't notice this bug has score sufficient for GA branch: SLE15-SP6-GA e7bf1c3e1b72 All done, closing. |