Ubuntu
linux package

netfilter newset OOB write

Bug #1976363 reported by Thadeu Lima de Souza Cascardo
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

[Impact]
An unprivileged user could write out-of-bounds by using nftables under a network namespace.

[Test case]
Test the PoC available at https://seclists.org/oss-sec/2022/q2/164.

[Potential regression]
nftables could be affected.

See original description

CVE References

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 5.15.0-37.39

---------------
linux (5.15.0-37.39) jammy; urgency=medium

  * netfilter newset OOB write (LP: #1976363)
    - netfilter: nf_tables: sanitize nft_set_desc_concat_parse()

  * CVE-2022-1966
    - netfilter: nf_tables: disallow non-stateful expression in sets earlier

 -- Thadeu Lima de Souza Cascardo <email address hidden> Wed, 01 Jun 2022 14:49:43 -0300

Changed in linux (Ubuntu):
status: New → Fix Released
Revision history for this message
Thadeu Lima de Souza Cascardo (cascardo) wrote :

This is CVE-2022-1972.

information type: Private Security → Public Security
description: updated
Thadeu Lima de Souza Cascardo (cascardo)
summary: - upcoming update - nf oob
+ netfilter newset OOB write
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-azure-5.15/5.15.0-1013.16~20.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-focal
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-nvidia/5.15.0-1003.3 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-jammy
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.