Hi Pablo,
> Note that this code does not exist in the tree anymore. I'm not sure
> if this problem still exists upstream, this patch does not apply to
> nf.git. This fix should only go for -stable maintainers.
Right, the vulnerability has been fixed by the refactor commit fe2d0020994cd
Hi William,
On Fri, Jul 31, 2020 at 12:26:11AM +, William Mcvicker wrote:
> Hi Pablo,
>
> Yes, I believe this oops is only triggered by userspace when the user
> specifically passes in an invalid nf_nat_l3protos index. I'm happy to re-work
> the patch to check for this in
Hi Pablo,
Yes, I believe this oops is only triggered by userspace when the user
specifically passes in an invalid nf_nat_l3protos index. I'm happy to re-work
the patch to check for this in ctnetlink_create_conntrack().
> BTW, do you have a Fixes: tag for this? This will be useful for
> -stable
Hi Will,
On Mon, Jul 27, 2020 at 05:57:20PM +, Will McVicker wrote:
> The indexes to the nf_nat_l[34]protos arrays come from userspace. So we
> need to make sure that before indexing the arrays, we verify the index
> is within the array bounds in order to prevent an OOB memory access.
> Here
The indexes to the nf_nat_l[34]protos arrays come from userspace. So we
need to make sure that before indexing the arrays, we verify the index
is within the array bounds in order to prevent an OOB memory access.
Here is an example kernel panic on 4.14.180 when userspace passes in an
index greater
5 matches
Mail list logo
