[Kernel-packages] [Bug 2023577] [NEW] cls_flower: off-by-one in fl_set_geneve_opt

Thadeu Lima de Souza Cascardo Mon, 12 Jun 2023 10:50:30 -0700

Public bug reported:

[Impact]
An unprivileged user may cause an out-of-bounds write by setting up geneve 
options on the flower classifier.


[Test case]
https://seclists.org/oss-sec/2023/q2/219

[Potential regression]
Users setting up geneve options on the flower tc classifier can be affected.

** Affects: linux (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: linux (Ubuntu Focal)
     Importance: High
     Assignee: Thadeu Lima de Souza Cascardo (cascardo)
         Status: New

** Affects: linux (Ubuntu Jammy)
     Importance: High
     Assignee: Thadeu Lima de Souza Cascardo (cascardo)
         Status: New

** Affects: linux (Ubuntu Kinetic)
     Importance: High
     Assignee: Thadeu Lima de Souza Cascardo (cascardo)
         Status: New

** Affects: linux (Ubuntu Lunar)
     Importance: High
     Assignee: Thadeu Lima de Souza Cascardo (cascardo)
         Status: New

** Also affects: linux (Ubuntu Jammy)
   Importance: Undecided
       Status: New

** Also affects: linux (Ubuntu Kinetic)
   Importance: Undecided
       Status: New

** Also affects: linux (Ubuntu Lunar)
   Importance: Undecided
       Status: New

** Also affects: linux (Ubuntu Focal)
   Importance: Undecided
       Status: New

** Changed in: linux (Ubuntu Lunar)
     Assignee: (unassigned) => Thadeu Lima de Souza Cascardo (cascardo)

** Changed in: linux (Ubuntu Lunar)
   Importance: Undecided => High

** Changed in: linux (Ubuntu Kinetic)
     Assignee: (unassigned) => Thadeu Lima de Souza Cascardo (cascardo)

** Changed in: linux (Ubuntu Kinetic)
   Importance: Undecided => High

** Changed in: linux (Ubuntu Jammy)
     Assignee: (unassigned) => Thadeu Lima de Souza Cascardo (cascardo)

** Changed in: linux (Ubuntu Jammy)
   Importance: Undecided => High

** Changed in: linux (Ubuntu Focal)
   Importance: Undecided => High

** Changed in: linux (Ubuntu Focal)
     Assignee: (unassigned) => Thadeu Lima de Souza Cascardo (cascardo)

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2023577

Title:
  cls_flower: off-by-one in fl_set_geneve_opt

Status in linux package in Ubuntu:
  New
Status in linux source package in Focal:
  New
Status in linux source package in Jammy:
  New
Status in linux source package in Kinetic:
  New
Status in linux source package in Lunar:
  New

Bug description:
  [Impact]
  An unprivileged user may cause an out-of-bounds write by setting up geneve 
options on the flower classifier.

  [Test case]
  https://seclists.org/oss-sec/2023/q2/219

  [Potential regression]
  Users setting up geneve options on the flower tc classifier can be affected.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2023577/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2023577] [NEW] cls_flower: off-by-one in fl_set_geneve_opt

Reply via email to